Black Hat Europe: A Preview
A Look at Hot Topics for Event in AmsterdamAmsterdam is famous for everything from its bicycles and canals to its red-light district and the Rembrandts in its Rijksmuseum. But for at least one week out of every year, it also plays host to the annual Black Hat Europe information security conference.
See Also: Live Webinar | C-SCRM: CIS Benchmarking & Impending Regulation Changes
Information security has grabbed the international spotlight this year, with recent weeks seeing the discovery of both the Shellshock and POODLE vulnerabilities.
But Black Hat isn't just about what is happening, but what might happen. With all of that in mind, here are just some of the "must see" briefings on my agenda as I attend this important event this week.
Side-Channel Attacks. The conference kicks off with a keynote presentation from cryptographer Adi Shamir of Weizmann Institute of Science, who's the co-inventor of the RSA algorithm. He's promising to describe attack techniques that can be used to hack into heavily secured computers that are on an air-gapped network - meaning they're not linked to an Internet-connected network. On the upside, at least, Shamir says the attack techniques he plans to demonstrate only work from up to about a kilometer, or 0.6 miles, away.
Post-Snowden Defense. Former U.S. National Security Agency contractor Edward Snowden's leaks highlighted how numerous information security systems may be less reliable than we thought. Defcon conference founder Jeff "The Dark Tangent" Moss will be moderating a must-see roundtable about how businesses can better defend themselves in our post-Snowden era.
Wearables' Privacy Worries. For tracking your heart rate or the number of steps you've walked or your location, wearable computing devices are all the rage. And their popularity will only grow with the debut of Apple's HealthKit framework.
But according to Symantec security researcher Candid Wueest, many manufacturers of wearable computing - as well as Internet of Things - devices are failing to secure that data, leaving it open for interception by anyone who's near one of the devices and can eavesdrop on related traffic, or who hacks many vendors' relatively insecure online portals for collecting and analyzing that data. Wueest tells me he plans to outline at this week's conference the fixes vendors need to put in place, as well as interim strategies consumers and business users can take to protect their personal information.
Two-Factor Failure. The use of two-factor authentication systems is being touted by everyone from Apple and Google to Twitter and banks as a way to stop the seemingly nonstop pace of breaches. But prepare to have your faith in many two-factor systems upended, warns Ryan Lackey, principal in the security practice at CloudFlare. He plans to detail vulnerabilities in various systems that often result from vendors trading usability for security. Thankfully, he'll also explain what developers can do to make their systems harder to hack.
Encryption Makeover. BT Security's head of ethical hacking, Konstantinos Karagiannis, is warning that quantum computers may soon shred strong, 4,096-bit encryption algorithms in seconds, making Heartbleed look like a picnic. At the conference, Karagiannis plans to describe real-world experiments being conducted by BT, which suggest that "the weirdness of quantum mechanics" can also be used to create more secure algorithms.
I'll be reporting from the conference daily, so look for my reports. If you're at the conference, please flag me down for a chat. Or if you're following along online, don't hesitate to pepper me with any and all Black Hat-related questions.
Follow Mathew Schwartz on Twitter: @EuroInfosec
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.