Black Hat 2007

Posted by Jean Paul Ballerini on August 07, 2007 at 7:06 PM EDT.

Las Vegas was certainly the place to be last week. BlackHat was a great show, a lot of very interesting presentations, and a lot of very interesting people. But what made it an even greater event was the feeling of validation. If you recall our May edition of Threat Insight Monthly you will notice that our report had topics very similar to that of Blackhat this year.

Virtualization

When X-Force started explaining that virtualization didn't necessarily mean security we got some strange looks. Virtualization brings many advantages but not necessarily the one of security; our research continues both in identifying vulnerabilities and in developing a technology that will protect virtualized servers in the most effective and efficient way.

VoIP

There was a whole day of presentations dedicated to this technology and the outcome has been: there is no secure VoIP. We have been repeating this for almost two years now but we won't get tired of doing it; VoIP networks need authentication and encryption in order to support integrity and confidentiality.

Web 2.0 & Application Security

Probably one of the most quoted catch words of the whole event; mainly with a touch of sarcasm. It is easily exploitable with old exploits enjoying a new youth. Applications are written quickly, without the necessary security background, without the necessary Quality Assurance, and without the necessary precautions.

I'm already looking forward to next years Black Hat.  Hope to see you there.