Stupid Corporation Tricks
We're exactly one month out from Black Hat 2013, or in other words, around the time when we finally realize that yes, it's actually happening -- and soon. Time to get our butts into gear. We trust you've sorted out your arrangements already, so enough said on that. Moving on to the next order of business, today we highlight a trio of Briefings that focus on data security in corporate environments.
Dropbox revolutionized sharing old arcade roms with mobile devices, or, uh, so we're told. But it and other cloud-based services have also made major inroads into corporations, and no wonder: Beyond their obvious utility, Dropbox and other cloud service providers are marketing their wares directly to executives. Post Exploitation Operations with Cloud Synchronization Services will examine the security ramifications of this trend, with a particular focus on the DropSmack v2 exploitation tool, which will be released during the Briefing, and how to defend against it.
BlackBerry devices used to be the gold standard for mobile data security, but BlackBerryOS 10 is a completely revamped operating system, built on the formerly off-the-shelf (and not terribly secure) RTOS QNX. BlackBerry promises this OS will offer the same standard of security as its predecessors, a claim which BlackBerryOS 10 From a Security Perspective will put to the test. The Briefing will examine the attack surface of BBOS 10, and demonstrate methods for rootkits to persist on the device. Can sensitive data and Angry Birds safely coexist?
A lone engineer couldn't possibly stay on top of every little flaw in the Hoover Dam, and neither can a huge IT organization address every single vulnerability in its infrastucture. That's where vulnerability statistics come in, helping IT decide what absolutely needs fixed and what can slide. But as Buying into the Bias: Why Vulnerability Statistics Suck will demonstrate, vulnerability stats are quite often misunderstood, faulty, or pure hogwash. Brian Martin and Steve Christey, who maintain two major vulnerability repositories, will set the record straight on abuses and misuses of this potentially helpful info, systematically sorting through the many types of bias that can spoil potentially useful data.