Linux Today: Linux News On Internet Time.

Linux Journal: Hacking Vegas at Black Hat and DEF CON: One Geek's Experience

Jul 29, 2001, 23:30 (0 Talkback[s])
(Other stories by Darth Elmo)

Darth Elmo reports on Black Hat and DEF CON, covering a variety of talks and lectures: "DEF CON, which began as a relatively small get-together for members of the IS underground, has grown in recent years to become the world's largest and most publicized annual gathering of the diverse groups that comprise Information Systems Security. But despite its growth and more-or-less-mainstream success (measured in numbers and news articles), DEF CON is first and foremost for hackers."

"Jose Nazario gave a chilling but coherent, plausible and technical description of the imminent onset of Internet worms which will not only replicate themselves (what sets worms apart from viruses--viruses depend on other programs to propagate) but will also adaptively mutate themselves in ways that make them both more dangerous and more difficult to identify and neutralize. This lecture came out of research Jose is conducting in his pursuit of a PhD in Biochemistry.

Jay Beale, primary developer of the Bastille Linux system-hardening package, gave an excellent talk on securing Domain Name Services (DNS) and BIND (the most popular DNS package). Jay's talk included both the fundamentals of good DNS security and also specific techniques for and examples of applying them to BIND. He also discussed djbdns, an alternative to BIND.

Hacker-journalist Richard Thieme gave an extremely subtle and deep lunchtime keynote address on reality constructs and how they must adapt as the realities of computer security evolve. He used war in space as a metaphor. For example, consider the general who described high-velocity debris and even paint chips as a major threat to a spacecraft's structural integrity. Since technology has already advanced to the point where plasma/energy-shielding is possible, the general must change his understanding of the reality of threat-models in space. This sort of adaptation is necessary at a number of levels for all of us who deal with the rapidly-evolving world of info-sec."

Complete Story

Related Stories: