Security Manifest

Benjamin Johnstone-Anderson, Microsoft MVP - Windows Security

Mikko Hyppönen Reports from DEFCON 12

News From 12th Annual Hacker Convention

F-Secure's Mikko Hyppönen writes from Las Vegas, Nevada:

This is a short conference report from DEFCON 12 conference in Las Vegas. DEFCON is the largest underground hacking event in the world with thousands of black, grey and white hat hackers gathering for a weekend in extreme heat (41 C today) in Las Vegas.

This year's program is especially interesting from antivirus point of view, as several conference speakers focus on the issue. Today we've heard two presentations on mobile phone and PDA security, with direct implications for future mobile viruses. It seems perfectly possible that we will see totally automated Bluetooth worms in the future. Such worms would spread airborne among the mobile phone population, and really would spread much like flu - to get infected, it's enough to be close enough.

There has also been lots of discussion on Windows XP Service Pack 2, which should be out in August. This service pack includes a firewall which monitors traffic in both directions and which will be on by default. SP2 will also have generic protection against overflows. Consensus is that once SP2 becomes commonplace, it will make it much harder to create automatic network worms like Blaster or Sasser.

Also, I've seen three Feds spotted so far...

Signing off, Mikko

For those who do not know, DEFCON is an annual meeting of hackers of all types - malicious and otherwise - to see the newest develops in the world of hacking and computer security. For $80, anyone can enter and learn from speakers, presentations, and direct contact about the latest methods used by hackers, what is being done to prevent those methods from being used, what is being done to bypass that prevention, what is being done to prevent that bypass, and so on. Oh, and, of course, Capture the Flag.

The event may produce some malicious results, but it still remains one of the most honest looks at the security field today. After all, what could be more of an honest look at the hacker world that a discussion about security among hackers themselves?

Post-event, I will try to post a look at some of the things that were discussed and comments on them. More information about the event, including pictures, can be found at the always excellent F-Secure Weblog.

Posted: Jul 31 2004, 09:38 PM by trafton | with 8 comment(s)
Filed under: