A lot of people wonder why we come to Black Hat.  Well the first reason is to meet face to face with security researchers, both those that work with us as well as those who may disagree with us on philosophical points, to show them the MSRC appreaciates the work they do to help us protect our customers.  To that end we've been meeting and talking with researchers even before the first sessions started. The second reason we attend is our own education by attending the briefing sessions.  I'm still in the middle of the afternoon sessions but wanted to discuss some of the earlier sessions from this morning.  The first one I attended was David Litchfield's presentation following the opening keynote.  David went over a detailed history and methodology around Structured Query Language (SQL) injection attacks in a variety of different database software.  He also covered in detail verifying the application of Oracle software updates.  Unfortunately the sound was bit off at first but David is a pretty good presenter and the information was instructive.

The next session was Dan Kaminsky's "Black Ops" session.  He covered some pretty interesting individual topics involving IP fragmentation and DNS poisoning scenarios, and knit them together to show how a lot of common practices (like auto-shunning suspected attackers) can have unintended consequences (such as potentially fingerprinting your firewall rule sets, or accidentally disrupting your DNS resolution if you shun a root server!)  Dan's another interesting presenter, and unlike a lot of technical presentations his contains the right dose of humor. 

We got a chance to break for lunch after that (have I mentioned it's HOT here?) We'll have some more updates soon from other members of the MSRC.

S.

*This posting is provided "AS IS" with no warranties, and confers no rights.*