X
Tech

Black Hat 2013: talks and panels 'hot list'

Leading security conference Black Hat boasts over 100 talks that include hacking nuclear facilities, rooting SIM cards, OPSEC failures of spies, a keynote from the NSA and more. Here's a 'hot list' of 2013's riveting talks and demos.
Written by Violet Blue, Contributor

In its sixteenth year, Black Hat USA 2013 will introduce nearly a hundred new security tools and 35 0-days in a record 110 unique Briefings (talks) and workshops, with 131 companies showcasing their security solutions on-site.

An estimated 7,000 high-level security experts are set to attend Black Hat this year. It takes place this week, July 27 – August 1, 2013, at Caesars Palace in Las Vegas.

Black-Hat-2013

A security conference leader, Black Hat blends hackers, corporations, researchers of all kinds, law enforcement and Feds, in hats ranging from snow-white to so black they actually absorb light.

These attendees will be wearing their nicest professional, casual-Friday armor to meet on neutral territory - all comprising an event that may be the world's biggest confluence of virtual arms dealers.

Black Hat has cautioned press, "You are about to enter one the most hostile environments in the world."

The list of precautions is long, and includes not to use any ATM machines around the conference, keep our hotel keys deep in our belongings, not to use the wi-fi unless we are security experts, not to leave any devices out of sight (EVER!), and to change all of our passwords immediately after leaving Las Vegas.

Still, the list of cautions will probably not be enough.

There is so much to see and absorb at Black Hat 2013, it will likely be a Vegas gamble worth taking. The packed schedule proves that Black Hat wanted to raise the excitement meter to eleven this year.

To mediate overwhelm, we've compiled an insider's 'hot list'.

Outside of the usual press releases, we asked organizers what they think will be hot, as well as compiling our own list. Combining the results, we've got a hell of a starting point for attendees listed here:

  • Black Hat's Day 1 Keynote (Wednesday, July 31) is Gen. Keith Alexander, Commander, U.S. Cyber Command (USCYBERCOM) and Director, National Security Agency. Here he will "give attendees an insider’s look into the U.S. Cyber Command and the interworking of offensive cyber strategy."
  • Aaron Swartz, Weev, the CFAA and The Future - Kurt Opsahl, EFF [panel]. With the dangers of the CFAA and overzealous, uneducated prosecutors now known, the infosec community has been thrust into the role of educating and persuading lawmakers to reform this dangerous law. The EFF's Opsahl leads a panel and on-the-spot outreach to the community to discuss and propose tactics on all levels.
  • Lawful Access - Matt Blaze, Brewster Kahle, Jennifer Valentino-DeVries, Alan Davidson [panel]. "When you get a National Security Letter, no one can hear you scream." Being served with a search warrant for a criminal investigation can be scary enough, but if you're the target of a national security investigation, you won't be allowed to tell anyone about it. This panel discusss the technical risks of surveillance architectures, the legal and technical defenses against over-broad or invasive searches, and actual experiences fighting against secret surveillance orders.

Mobile hot list highlights:

Threats to mobile devices such as injecting malware into Apple’s iOS devices with malicious chargers, intercepting traffic and SMS messages through compromised femtocells cracking BlackBerry’s new OS 10, rooting SIM cards and building a spyphone that can record conversations and send messages without you ever knowing.

Infrastructure hot list highlights:

Preventing attacks on critical infrastructure and national security with talks around insider threats at the FBI, energy fraud and orchestrated blackouts, compromising industrial facilities, threats to major oil and gas pipelines and exploiting network surveillance cameras.

Home attacks hot list:

Exposing vulnerabilities within our homes from automation systems such as HVAC and lighting, to other network-controlled devices such as door locks and garage sensors, to hacking some of the most well known home security systems and even the newest smart TVs.

At the Black Hat Arsenal:

Researcher demo highlights: bypassing a car’s security for less than 25 dollars, to analyzing smartphone penetration testing and performing web application security audits.

Can't make it, or just want to keep pace with Black Hat? 

Follow Black Hat Briefings on Twitter @BlackHatEvents, check Black Hat on Facebook, and connect with Black Hat on its LinkedIn Group - social updates can be found at hashtag #BlackHat. Watch for photos on the Black Hat Events Flickr account.

An item I had selected for this list was Implantable Medical Devices: Hacking Humans by Barnaby Jack - it had been recommended to me by all experts and organizers I queried. There are many heavy hearts at the passing of Mr. Jack, and the sadness is palpable. He will be so very deeply missed. Black Hat has held his room time and talk slot open: Black Hat will not be replacing Barnaby’s talk on Thursday, Aug. 1. The hour will be left vacant for friends and family to gather: Black Hat has set aside the time to commemorate his life and work and stated to this year's attendees, "we encourage you to join us as we celebrate the legacy that he leaves behind."

Editorial standards