Hanging out at Black Hat would have been a lot cooler than hang out at work or home, by 20 degrees at least. We’ve been having are usual July heat wave. Over 100 degrees everyday with lots of cloud coverage and enough rain to spot the car windows good and keep the humidity off the charts.. It’s been miserable hot here and while it’s probably not much cooler in Vegas, there is good air conditioning. But your not here to listen to me whine about the heat, I live in the high desert so ummm yeah, it’s gonna get hot.
What is of considerable interest to me is what was sure to be unveiled. Black Hat & Def Con both have their share of hacks shown off. Best place to learn about an attack is from the source itself and we get plenty of source from the coders themselves. And this year so far, has had some big revelations.
Like this SSL certificate hack from Moxie Marlinspike So those little Verisign certificates that pop up and imply there’s no worries, this website we are loading is what it is. And our data is encrypted to keep it safe from prying eyes. Kinda gives you a warm fuzzy feeling all over. Except the computer on the other end will be able decrypt the data and that can now be any computer with a forged signature. So much for that warm fuzzy feeling. While the implications of this hack, and how easy it is to pull off, are scary, it seems like one that should be easy to patch. But until then… And this isn’t the first problem with Verisign. It wasn’t wasn’t long ago that the MD5 vulnerability was confirmed.
It will be interesting to see what else filters down from Black Hat this year.
