main

Attack MitigationDDoS AttacksHTTP Flood AttacksSecurity

A Look Back at Black Hat: Staying True to its Roots, But Never the Same without Barnaby Jack

August 9, 2013 — by Jon Garside0

Black Hat has come and gone again, the swag has been dispersed, the livers are recovering and delegates are returning to their normal lives with new ideas and newfound fears. My colleagues will be reporting on their findings, but I wanted to just touch on a few highlights of the conference, some sadness and talk about the value of research.

Barnaby Jack – we missed and continued to miss you. I did not think Black Hat would be the same without him, and I was proved sadly right – he has left an untimely void. My blog post about his untimely death got stuck in an editing hole, so I am including it here.

Barnaby Jack. Equal parts intelligent, eloquent and mischievous. Many of us thought news of his death was a hoax – he has been at the center of a few, but sadly the news was true. His research was meticulous, his presentations entertaining, he was to so many, an inspiration. Tales of taking ATMs across California and Nevada for his Black Hat presentation had an aura of Hunter S. Thompson about them. So this year, while we were there, many of us, including the Radware Research Team, raised a glass (or three) to him and our shared memories of this remarkable individual. Like many others, I do hope his most recent work is ultimately published. Stars are brightest in their final moments and so I must imagine it will be with Barnaby’s research.

Highlight number one had to be the timely appearance of National Security Agency director General Keith Alexander. With PRISM still in our collective short-term memory and Edward Snowden gaining temporary asylum in Moscow (I can give him some restaurant advice from my own visits), it takes more than bravado to turn up, but I am not allowed to use the word in the corporate blog. It also took a team of federal agents large enough to overthrow lesser countries to make him secure enough to speak without the threat of egg throwing. Sadly the content was a fairly banal experience, a passable attempt at explaining away the controversy of recent weeks. My congratulations to the hacker shouting “FREEDOM” during the presentation, but it was not up to Mel Gibson’s standards.

Number two was however not a session. I saw but a post on the Akamai blog by Bill Brenner, What’s New in Security? Nothing. This was met with much discussion in the booth and with a large number of our CDN partners. I would propose to Mr. Brenner, while not new, fewer organizations consider DNS flipping to be a long-term DDoS strategy and it does nothing for low and slow, SSL and Application centric DDoS. Please do take a look at our very scalable ADC and DefensePro solutions and possibly consider a POC of our Elastic WAF. (Sorry I could not resist)

Thirdly, the work of Karsten Nohl deserves special mention but that is because I am a mobile fan boy. I love my life enabling gadgets (Galaxy Nexus). His work on rooting and exploiting SIM cards is worth a read – please do.

Finally, my biggest motivation for joining Radware just two months ago was its significant R&D casino investment. It may not be DARPA money, but it’s an investment mostly in amazing people. We may have bought some really cool traffic generators for the lab as well. So why reference this? One of our researchers attended a phenomenally interesting session, “Ultimate DDoS Mitigation Bypass.” The Bloodspear Research Group put together an enthralling presentation, and presented some excellent ideas. They have created a tool Kill’em All 1.0, which supports the following features:

  • Authentication bypass (including re-authentication every X seconds capability)
  • HTTP redirect
  • HTTP cookie
  • JavaScript Challenge bypass
  • Captcha solving

All told this is a magnificent achievement, and we welcome the publishing of their data. I recommend that CSOs use this tool to test their own defenses.

Back to BlackHat though – and a message for the organizers. The event has remained true to its origins, the organizers and committees have kept the vendors out of the briefings to a greater extent than before. They are putting more scrutiny in place and this is a good thing, but if I had a criticism, it’s that I have heard submissions that didn’t make it this week as they were considered vendor-centric. The Bloodspear Group is putting out data and raising questions. Our research teams are industrious – we are not just working on today’s issues, we are part of the White Hat community, we are working on tomorrow’s issues. For many organizations, we put our researchers on pedestals – they work for vendors, but their independence is assured. We want them as individuals to be able demonstrate their worth and intellect, to demonstrate we can solve issues such as those shown by Bloodspear – it motivates and inspires them – but when you shackle the bird, it will not sing.

Jon Garside

Leave a Reply

Your email address will not be published. Required fields are marked *