Computer Hacking Tips from Experts at Software Security Conference - Part 2

Computer Hacking Tips from Experts at Software Security Conference - Part 2

by Sarah Cortes - Experts combined practical tips on securing your smartphone, website and mobile applications with esoteric technical presentations on "Secrets Of Static Binary Analysis" and "The Perils of JavaScript APIs" at the Boston Application Security Conference ("BASC") last Saturday. BASC is part of OWASP, the Open Web Application Security Project. OWASP describes itself as a "worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license."

Members of OWASP include ethical computer hackers, also called "white hat" hackers. White hats identify and penetrate computer vulnerabilities in order to help make computers more secure overall. White hats contrast with "black hat" hackers who attack computers maliciously or for profit, and "grey hats" who are somewhere in between.

Software programmers learned "OWASP Mobile Top 10 Risks" from Zach Lanier, an Intrepidus consultant. Zach brought the term "insecure data storage" to life with a vivid demonstration of the actual java code often underlying those helpful "Remember Me!" buttons conveniently located next to most ID/password credential input frames. The java expression "Mode_World_Readable" with which your supposedly private password is labeled is like advertising it to the world.

Lanier also reminded attendees that Google client logins have been discovered to be easily detectable, which means anyone with simple and easily available software tools can pick up all your Google information, and even alter it without detection.

L0pht researcher and Veracode co-founder Christien Rioux addressed the crowd on Static Binary Analysis techniques. Binary code analysis involves looking at the machine-readable version of software to discover changes that may be maliciously induced when transforming the code from human-readable version at runtime. Malware and viruses can make use of this transformation to conceal their presence in the human-readable code, to avoid detection until runtime. L0pht Heavy Industries was a famous Boston-based hacker collective in the late 1990s. It eventually produced the widely-used L0pht password cracker, a hacking tool. Members of Lopht testified before the US Congress on May 19, 1998 that, in 30 minutes, they "could make the entire Internet unusable for a couple of days."

Other speakers included Jack Daniel of Tenable, Rob Cheyne of Safelight, who delivered the keynote speech, and Andrew Wilson, Trustwave SpiderLabs.

Comments

Wow, I did not know that "white hats" exist. This is really very good to know. I hope that they can continue to find vulnerabilities and that they can reign supreme over the bad hackers.

If you find that free poker is enjoyable then you will most likely gamble there as often as you can versus traveling.