Posts Tagged ‘Internet’
Clip 6/6 Speaker: Tom Cross Many governments require telecommunications companies to provide interfaces that law enforcement can use to monitor their customer’s communications. If these interfaces are poorly designed, implemented, or managed they can provide a backdoor for attackers to perform surveillance without lawful authorization. Most lawful intercept technology is proprietary and difficult to peer review. Fortunately, Cisco has published the core architecture of it’s lawful intercept technology in an Internet Draft and a number of public configuration guides. This talk will review Cisco’s architecture for lawful intercept from a security perspective. The talk will explain how a number of different weaknesses in its design coupled with publicly disclosed security vulnerabilities could enable a malicious person to access the interface and spy on communications without leaving a trace. The talk will explain what steps network operators need to take to protect this interface. The talk will also provide a set of recommendations for the redesign of the interface as well as SNMP authentication in general to better mitigate the security risks. For more information go to the BlackHat 2010 DC archive bit.ly
Clip 6/7 Speakers: Jorge Luis, Alvarez Medina In this presentation we will show how an attacker can read every file of your file system if you are using Internet Explorer. This attack leverages different design features of Internet Explorer entailing security risks that, while low if considered isolated, lead to interesting attack vectors when combined altogether. We will also disclose and demonstrate proof of concept code developed for the scenarios proposed. For more information go to the BlackHat 2010 DC archive bit.ly
Jim Christy, the Director of Futures Exploration at the Department of Defense Cyber Crime Center, talks about the increasing sophistication of attacks that he is starting to see.