Move over Black Hat & Def Con


Every year during the joint Black Hat and Def Con security conferences, a host of black-, white-, and gray-hat security professionals and enthusiasts collide to expose a plethora of technology vulnerabilities that generally leaves me paranoid for a few weeks until I slip back into my comfort zone of everything-will-be-okay-and-the-world-moves-on. The other day, though, I stumbled onto a new security conference: ToorCon. Although a variety of security conferences exist throughout the world, this one garners a rather elite group. For example, here's a few topics from the San Diego conference that just ended:

  • Apple Rootkit: Think your iPod, iPad, or iPhone is safe? How about "a wormable process for installing malicious rootkits on every iOS device that Apple makes"? And don't you Symbian/Android smartphone users get too comfortable - there are rootkits for you too.

  • Beyond BIOS Rootkits: I've mentioned hardware rootkits before and the problem isn't going away -- this time embedded controllers are the platform of choice (p.s. you can't eliminate it with a BIOS refresh, hard drive wipe, or OS reinstall).

  • SCADA hacking is serious stuff: Most hacking involves user machines and devices (like laptops, smartphones, computers, etc). While this is lucrative (identity theft) and powerful (botnets), governments and cyber-terrorists are starting to target SCADA systems and that's scary since SCADA manages our power grid, nuclear facilities, oil refineries, pharmaceutical production, food distribution....the list is endless.

  • Is your bank account lying?: A new round of computer trojans that directly target your bank account have sophisticated algorithms and countermeasures, such as URLZone "which can transfer money out of an account and manipulates the browser to keep showing the user the original balance."

  • Dangerous Facebook links: 9% of Facebook comment links are malicious or spam.