I had the opportunity to attend the Barcelona Black Hat Europe 2010 briefings, in April 14th and 15th 2010, enjoying a distinct international-nature event, eleven talks with a very strong technical background and a knowledge-sharing speaker attitude, and a quality and respectful audience. If you combine that with a diligent and professional organization, you will have a very interesting security event, that I’m summarizing in this post.
We started day 1 with Max Mosley’s talk about Facebook’s security strategy and his strong message: they will diligently pursuit every attack against them. After that “warning to sailors”, I attended all the sessions I could; in order not to extend this post, I will only comment a few of the talks.
Christopher Tarnovsky told us about his 6-months work Hacking the Smart Card Chip, it was amazing to see how he broke into the SmartCard HW looking for a data bus that could hold the data “in clear”. After a tremendous effort identifying the micron-width cables that hold such data and making a map of these areas of the chip, then he had to connect needles into these tracks and listen to the traffic. He told how difficult and delicate this task could be. Once the hardware problem was solved, he showed how he not only can listen, but also modify the bits that are running into it in order to get rid of some SW protections (like the introduction of random idle cycles). Finally, he showed us the assembler code obtained from the chip. At that point, someone asked where the exploit was… Well I think that after all his HW work, extracting the right data from the assembler flow would appear as a toy play for Cristopher. This man has my admiration, not only for the good work, but for his faith in the idea that he will find what he was looking for, that he didn’t loose during his 6-months research.
The last presentation that I attended on day 1 was State of Malware, from Peter Silberman and Ero Carrera. What I would like to remark from this presentation is the approach of these gentlemen to the problem of classifying malware into families, thus trying to be able to answer, without analyze it, some questions: the behavior of the malware or its characteristics, the way and reasons they evolve, code re-utilization, etc. They use automatic code analysis to find similarities between code and classify them into families. They presented their results in a very transparent way: they don’t’ claim to have definite or conclusive results, but some conclusions regarding commonalities and relationships between malware families are interesting…
On day 2 one of the talks that I enjoyed most was the one performed by Haifei Li and Guillaume Lovet on Adobe Reader’s Custom Heap Management Exploitation. In this talk, the audience followed this guys in the way they exploited the heap management implemented in Adobe Reader in order to be able to execute code in the target machine. Audience could see the technical deep details of the technique used, explained in a way easy to follow for everyone.
The last talk I would like to summarize is the one of Moxie Marlinspike about Changing Threats to Privacy. The first interesting thing was the structure of the talk: the speaker started with a social approach to the problem of privacy to guide the audience to a point where a solution to annonymize our access to Google and to change the way we use PGP is needed. After that point, he explained some solutions related to that problem.
All related materials are –or will shortly be- in the BlackHat home page, so if you’re interested you can access them and go in-depth on every topic.
Founder & Senior Security Analyst