Wednesday, July 27, 2005

Black Hat Day 1: A Cover Up?

Brian Krebs writes in his Security Fix column in The Washington Post:

One of the primary reasons companies send their computer security experts to the annual Black Hat security conference here is to learn about new security vulnerabilities that bad guys could use to disrupt Internet communications that most of us rely upon to send e-mail and browse the Web.

The most popular speakers at the gathering typically are security researchers who have discovered new flaws in the hardware and software designed to ensure that the Web page you request is the same one that is served, and that your e-mail gets routed to its destination without incident.

The first "scandal" to emerge from Black Hat 2005 (so far, at least) is the omission of some 30 pages of text from the 1,000-page-plus conference presentation materials, which were handed out to conference attendees when they registered on Tuesday. The missing pages -- literally ripped from the massive handout -- apparently detailed the specifics of a serious security flaw present in Cisco Systems routers, devices that route the majority of Internet traffic on the Web today.

Michael Lynn, a researcher for Atlanta-based Internet Security Systems, was slated to follow the conference’s keynote address Wednesday with a discussion of the Cisco hardware flaw. As of this writing, however, none of the conference organizers knew whether Lynn was expected to even show up, much less present his findings.

0 Comments:

Post a Comment

<< Home