Black Hat and DefCon, the premier Information Assurance venue for bleeding edge vulnerability and exploit research just wrapped up in Las Vegas.
The Good: The published presentations including a host of discussion about security in a virtualized environment, the sad state of Microsoft SQL Server security, and much, much more. Topping it all off was the announcement of the Windows Vista security bypass exploit via the browser by Mark Dowd and Alexander Sotirov. This is a particularly bruising find on Microsoft’s latest flagship, as it is quite a resource consumer, fairly annoying to use, but at least it was secure… Maybe now is a good time to try Ubuntu?
The Bad: The Pwnie Awards. Unless you are in the ‘Most Innovative Research’ category, this is BlackHat’s Hall of Shame for security shortcomings. A lesson learned from other’s mistakes is hopefully a lesson you don’t have to experience first-hand!
And the Ugly: A group of reporters from E-Week were covering Black Hat 2008 for their Security News. They were too lazy to use their secured VPN to log into their home servers, so they just let their credentials pass in the clear… At a hacker convention… The shameful part is they threw the three responsible attendees out when they tried to submit these credentials to The Wall of Sheep.