Our editorial team has handpicked some great talks from Black Hat Conference - one of the largest IT Security Conference in the world.
Black Hat - built by and for the global InfoSec community - returns to Las Vegas for its 19th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (July 30 - August 2) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 3-4).
(Source: Black Hat Conference USA 2016)
image courtesy: https://www.flickr.com/photos/jasonahowie/7910370882
1) 1000 ways to die in mobile oauth
Speaker: Eric Chen, Yutong, Yuan Tian, Shuo Chen, Robert Kotcher, Patrick Tague
In the paper, we pinpoint the key portions in each OAuth protocol flow that are security critical, but are confusing or unspecified for mobile application developers. We then show several representative cases to concretely explain how real implementations fell into these pitfalls. Our findings have been communicated to vendors of the vulnerable applications. Most vendors positively confirmed the issues, and some have applied fixes. We summarize lessons learned from the study, hoping to provoke further thoughts about clear guidelines for OAuth usage in mobile applications
2) Behind the scenes with IOS security
Speaker: Ivan Krstić
We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.Data Protection is the cryptographic system protecting user data on all iOS devices.
3) Bad for Enterprise: Attacking BYOD enterprise mobility security solutions
Speaker: Vincent Tan ( @vincent_tky )
Using the Good Technology EMS suite as an example, my talk will show that EMS solutions are largely ineffective and in some cases can even expose an organization to unexpected risks. I will show attacks against EMS protected apps on jailbroken and non-jailbroken devices, putting to rest the rebuttal that CxOs and solution vendors often give penetration testers, ""We do not support jailbroken devices.""
Whether you are a CxO, administrator or user, you can't afford not to understand the risks associated with BYOD.
4) Samsung pay: tokenized numbers flaws and issues
Speaker: Salvador Mendoza ( @Netxing )
Samsung announced many layers of security to its Pay app. Without storing or sharing any type of user's credit card information, Samsung Pay is trying to become one of the most secure approaches offering functionality and simplicity for its customers. This app is a complex mechanism which has some limitations relating security.
5) The Art of defence: How vulnerabilities help shape security features and mitigations in android
Speaker: Nick Kralevich
In this talk, we will cover the threats facing Android users, using both specific examples from previous Black Hat conferences and published research, as well as previously unpublished threats. For the threats, we will go into the specific technical controls which contain the vulnerability, as well as newly added Android N security features which defend against future unknown vulnerabilities. Finally, we'll discuss where we could go from here to make Android, and the entire computer industry, safer.
Your Complete Guide To Top Talks @Black Hat Conference 2016 (USA)
Get your FREE Guide on Top Talks @ Black Hat Conference 2016 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at the Conference into a single guide. Get your Free copy today.
Comments