Our use of technology is increasing every day, from homes to office & personal computing with Internet bringing the world closer. Use of sophisticated networking, mobile devices & cloud computing is making lives, communication much easier than we ever imagined. But, through all these; your privacy, security has been the biggest concerns & these are only growing. Black Hat USA is one of the top-rated security conferences in the world & with its 17th iteration taking place in Las Vegas between August 2 & August 7, 2014 – several security experts will be presenting their research on the new, most alarming security attacks. Let’s have a quick overview about the key presentations about the important security attacks:
Google Glass for snatching passwords
A powerful software that will record persons tapping security passwords & account details into touchscreens and even examines it to steal the passwords with as good as 90% accuracy from the distance of 3 meters. Applicable with the Google Glass, researchers Xinwen Fu & Qinggang Yue of UMass Lowell and Zhen Ling of Southeast University monitor the movements of the fingertip & use its placement to identify the input using shadows, optical flow and other elements into account. Passwords can be stolen & then compromised, even when the person behind the camera can’t read victim’s display screen with the naked eye.
Attack against the virtual desktops
Virtual desktop structure is frequently recognized as an easy way for making BYOD (Bring your own device) programs more secure by centralizing programs and data and supplying operators with only presentations of those. But, Daniel Brodie & Michael Shaulov of Lacoon Mobile Security will illustrate a proof-of-concept attack against VDI that they say, isn’t just achievable but is also effective. It includes display screen scraping to steal data while staying undetected. They described it as, “While keeping the surveillance task hidden both from client-side and server-side malware detection actions, the attacker can automate the process & eventually make the VDI solution ineffective.”
Abusing Microsoft Kerberos
Microsoft Active Directory makes use of Kerberos to deal with authentication requests as standard. Having said that, if the domain is compromised, how bad can it really be? With the lack of the correct hash, Kerberos can be entirely sacrificed for years following the gained access by an attacker. Yes, its really that bad as it may get. With this presentation Skip Duckwall & Benjamin Delpy, will show exactly how thoroughly affected Kerberos can be under real-world situations.
Remote car network attacks
Car manufacturers rarely have consistent designs, so there are not many ways to remotely exploit vulnerabilities against them. This talk by experts Charile Miller of Twitter and Christopher Valasek of IOActive discusses the networking in cars by numerous manufacturers from the security point of view. They aim to answer the questions such as:
- Are some cars safer from remote compromise than others?
- Has automotive’s network security changed for the better (or worse) in the last five years?
- What innovations does automotive security hold & how do we protect our cars from any such attack in the future?
Data theft from point-of-sale devices
Point-of-sale breaches including the one that shaken ‘Target’, happened more often in the past one year & many businesses are still prone to the simplest intrusions. Nir Valtman, Enterprise Security Architect of NCR Retail, reveals how memory scraping is a huge threat which is difficult to solve. He’ll present how you can minimize the threat & will also discuss real-world strategies that are already tried but don’t work and also will suggest the ones that will work.
USB Stick malware
USB sticks have controller chips that can be compromised, which leads to taking over the host machines, stealing data & then spying on the users, according to independent researcher Karsten Nohl & Jakob Lell of SRLabs. All these USB sticks also can spoof other devices. Their presentation introduces a new form of a malware, running from these reprogrammed chips & features a demo of fully compromising a pc using a self-replicating virus, which is undetectable with existing defenses. They suggest better ways for protecting the USB drives.
Mobile carrier’s control code
Mobile carriers hide control code on mobile devices so as to give the service, but that code may be exploited, say Mathew Solnik & Marc Blanchou experts with Accuvant Labs. They are going to reveal the way to execute code over-the-air against these control platforms & demonstrate their impact on customers. They will release tools to evaluate & safeguard from the threats they expose in GSM, CDMA as well as LTE network control protocols impacting on Android, iOS and Blackberry devices.
Free cloud service trials to inject Botnets
Security experts at Bishop Fox inform the way they gathered computing power from free trials of cloud services & said, exactly what happens when the bad guys begin to use friendly cloud services for malicious activities? In their presentation, they explore how to use/abuse free trials to get access to large amount of computing power, storage space, and ready-to-cook hacking environments. During the process they also violated some terms of service & managed to build the cloud-based botnet for as low as $0 and it was also partially legal. This botnet won’t get flagged as malware, blocked by web filters, or get absorbed. This is the stuff of nightmares & very sophisticated.
Mobile device management software
Mobile Device Management software has access to a wide array of data which can be destroyed by exploiting flaws in MDM products. Stephen Breen, a researcher at NTT COM Security, indicates how to do it and also presents an overview on the vulnerabilities that enable the exploits. Some of which, are very common across numerous commercial MDM (mobile device management) products.
Attacks against realistic cryptographic constructions
Based upon the Crypto challenge experts Thomas Ptacek & Alex Balducci at Matasano Security will explain 48 attacks against realistic cryptographic constructions & will discuss how they will result in problems in real-world software. They’ll also create a Rosetta Code site where, known cryptographic exploits will be posted in several coding languages, so as to give security professionals a leg up on recognizing the attacks.
We’ll be bringing more detailed information about each of these new IT security threats hovering around us & will try our best to help you keep your IT systems secured. In the meantime, if you need any help on safeguarding technology at home or your offices then, contact Live-Tech today… help is already there!
Need help securing your home & office technology?
Contact Live-Tech today for a genuine consulation
For expert technical support for your home & offices, call us toll free on 1 (888) 361-8511 or contact us online for consultation.