20 Scenes From BlackHat 2009
Welcome To BlackHat USA 2009
Despite crimped budgets and a global economic recession, BlackHat USA 2009 was in full swing July 25-30. More than 4,000 attendees traveled to Las Vegas for world-class demonstrations and presentations, delivered by celebrity hackers such as Charlie Miller and Dan Kaminsky, among others, on everything from SSL vulnerabilities to Russian cybercrime organizations, to iPhone hacking demos to security flaws in the Social Security Administration's number designation system. And in between sessions and demonstrations, IT professionals and amateur hackers alike had fun at the myriad parties and receptions, while testing their luck at the roulette tables. Here are a few scenes from the big event.
And Welcome To Sin City
BlackHat USA 2009 was held at Caesar's Palace, in the heart of the Las Vegas Strip, a Mecca of glitz and gluttony that hosted more than 4,000 IT administrators, and amateur and professional hackers alike. Needless to say, when the sessions were out and the demonstrations ended, there was still plenty of (ahem) entertainment for the conference attendees. In addition to the myriad parties, shows, blackjack and all-night buffets, attendees could also play beer pong at O'Shea's Casino, across the street from the hotel.
Breakfast At BlackHat
Conference attendees line up to get a power breakfast of bagels and coffee, while chatting with vendors, before the opening day's keynote.
BlackHat conference-goers attended two very different keynote speeches. During the July 29 keynote, Douglas Merrill, former chief operating officer of New Music for EMI Records, emphasized that security is often based on inaccurate and often arbitrary ROI statistics, inhibits innovation and prevents employees from doing their jobs. In the final July 30 keynote, Robert Lentz, deputy assistant secretary of defense for cyberidentity and information assurance, told an audience of IT professionals and amateur hackers a new risk-based approach to security was needed to adequately protect government systems.
Looking It Over
Conference-goers examine their schedules as they wait for the opening BlackHat keynote Wednesday.
The shadowy BlackHat man icon was no doubt an omnipresent figure throughout every aspect of the conference.
Cruising The Grounds
Conference-goers network, socialize and have some coffee as they visit with security vendors at BlackHat.
Lots To Read
Conference attendees had plenty of reading material to peruse and purchase in between sessions, some of which were showcased by the authors at the conference.
Teaching Others Teach Themselves
Marketers at the Core Security booth talked to conference attendees about the wonders of Core Security's penetration testing software, and its new worldwide training and certification program aimed at helping professional trainers train others for penetration tests.
Cisco's Superheroes: Defenders Of The Realm
This marketing campaign never gets old, does it? Yes, Cisco's superheroes have returned. Cisco launched its latest marketing campaign graphic novel titled "The Realm" in April around the time RSA promoted the company as a serious, if not heroic, contender in the security space. The gist: Each Defender of the Realm character, complete with cape and skin-tight outfit, has special powers designed to protect a different aspect of the network from "evil" threats such as Trojans, spam, phishing attacks and Internet worms (you get the idea).
Defending The Realm
Cisco's Defender of the Realm superheroes, who protect everyday users from malware attacks and security threats, seem to be a diverse bunch.
Big Problems For SSL
Security researchers Len Sassaman (left) and Dan Kaminsky (right) discuss at length a particularly critical vulnerability in the SSL certification process that could be exploited by malicious hackers to obtain domain name certifications, indicated by the little padlock symbol in the bottom right-hand corner, for just about any site they want to attack. Not only could hackers spoof a bank Web site, they could also obtain the SSL certificate issued by certificate authorities "proving" that the site was secure.
BlackHat Founder Speaks Up
BlackHat founder Jeff Moss weighs in on Kaminsky's press conference, which revealed another SSL domain name vulnerability that could give rise to a wave of spoofing and man-in-the-middle attacks in the near future. "We see the vulnerability on the horizon and we actually get to react ahead of time," Moss said.
The Stuff Of Movies
Keith Mularski, FBI cyberdivision special agent, and Dmitri Alperovitch, McAfee threat researcher, presented the history of Russian cybercrime organizations to a packed audience July 29 during the BlackHat conference. During the presentation, Mularski discussed a top-secret three-year undercover sting operation in which he impersonated a Russian hacker on an online cybercrime forum, leading to the arrest of more than 56 members of the criminal organization, while preventing more than $70 million in losses.
Hackers, Hackers Everywhere
On the show floor, marketers tried to bring witnesses to a regularly scheduled "Ultimate SIEM Smackdown" demonstration, where hackers from both Foreground Security and Nitro Security (whose booth was across the aisle) tested their hacking prowess, each attempting to breach the latest SIEM technology.
Ultimate SIEM Smackdown
In an effort to take down adversary Foreground Security, Nitro Security gave a short expository speech to booth visitors on how to hack SIEM technology.
Can I Help You?
Of course, having booth babes pull in attendees could only work in NitroSecurity's favor. Who says hacking isn't sexy?
Cenzic Against Web Site Hacks
Not everything at BlackHat is high tech. Cenzic is making a high-tech statement at BlackHat in a very low-tech way.
Between demonstrations, vendors at the StillSecure booth seem to be having fun on the yoga balls.
The Morning After The Night Before
After a night of partying Vegas-style, heavy-lidded conference attendees come to the next day's Thursday keynote equipped with coffee.