My experience at blackhat/defcon

Vegas was interesting this year to say the least. For starters I finally got to attend NOT as a vendor which I gotta say was pretty nice. Here are the talks I attended. Intranet Invasion With Anti-DNS Pinning It's All About The Timing Tactical Exploitation (Part 1) Dangling Pointer IsGameOver(), anyone? The...

eEye Gets Gets Into Web Application Security Space

"Marc Maiffret, CTO and chief hacking officer at eEye, said in an interview today that the company would be entering the Web app security space "soon." "It's a natural progression for us to add Web app scanning," says Maiffret, who wouldn't divulge details of the new offering." "You can scan for missing...

Mozilla Releases JavaScript Fuzzer at Blackhat

"Mozilla has been using an open-source application security testing tool, known as a fuzzer, for JavaScript to detect and fix dozens of security bugs in Firefox, Mozilla director of ecosystem development Window Snyder said Thursday at the Black Hat USA 2007 conference in Las Vegas. The JavaScript fuzzer found 280 bugs in...

Undercover reporter ousted at defcon, probably pretty f@!ked

UPDATE: Her myspace page was linked off of defconpics.org and shortly after has been removed from myspace. No word on how it was removed at this time. An NBC reporter (Michelle Madigan Associate Producer of NBC Dateline) was found to be trying to find hackers for hire and recording them with a...

Joanna Rutkowska Pwns challengers at blackhat

"In their presentation, titled "Don't Tell Joanna, The Virtualized Rootkit Is Dead," the researchers detailed how to use counters that are external to a system to detect a virtualized rootkit's pull on CPU resources or other telltale footprints. It's got to be an external counter, given that a virtualized rootkit sits at...
Looking for something else or having a hard time finding a story? We recently moved things around so please use the search bar on the right!