Black Hat USA 2011, ISC2 and the Shady Rat

Sunday, August 07, 2011

Boris Sverdlik


So unfortunately this year I'm not at Black Hat and/or Defcon because I went the route of self employment.

I'd like to say that I enjoy being at the mercy of my clients, but that's neither here nor there.

Fortunately for me, I am not alone in being absent, I can sit back and watch the drama unfold on Twitter along with some on my online friends such as Bill Brenner who wrote a similar missing out on Blackhat piece.


Fortunately for us, some of the talks are being streamed live via the Blackhat Uplink which is being run by

While I find it amusing that a Security Conference is being hosted by a company that passes the username in plain text within the context of the URL:

(;F:US!100&ShowName=Black%20Hat%20Uplink%20Presents%20 Black%20Hat%20USA%202011&UserName=Boris%20Sverdlik&PreviousLoginCount)

I do appreciate the effort.

So with Black Hat ending today and the real festivities about to begin, It's interesting to see just how mainstream the venue has become. I had a missed most of the talks yesterday, so I can't speak to them for the most part.

Of course what Con would be complete without the proverbial initial prank. This years pranks start with a fire alarm going off during the first track... Security be warned, you have a "hacker" amongst you who in his spare time at the conference will be messing with your systems. We are not reacting, because it's nothing new.

I did catch a few minutes of Macs in the Age of the APT by ALEX STAMOS + AARON GRATTAFIORI + TOM DANIELS + PAUL YOUN + B.J. ORVIS I do have a real problem with the use of APT. Macs are just as susceptible as any other OS. WTF does APT mean here? Let's move on… Kaminsky, has gone the corporate route (Shirt & Tie) since his validation of DNSSEC.

I'll leave DNSSEC for a later time, as I'm still trying to grasp why people think this is a good idea. McAfee publishes their award winning piece on Operation Shady Rat, using terms like Cyber and APT across the board.

Needless to say, all of the data is relatively old (in security terms 8 months is Ancient History). Just more evidence of the incompetence of a good chunk of these so called security professionals we rely on to reduce our exposure. The attacks outlined within the document are not advance to any extent.

These are the types of attacks that for the most part should be considered low hanging fruit, but the "Security Pros" aka Mr CISSP tasked with Risk Management, are oblivious to them.

imageJ. Oquendo wrote a very interesting piece expanding on this titled "That Shady Rat was Only a Security Peer" Symantec, has it's own piece on the this uber sophisticated attack and dives deeper into the attack flow.

Apparently Vanity Fair does security reporting as well these days, as they also have a piece speaking for the most part to the attention that the report has gotten as well as an interesting tidbit of information.

"Shady rat’s command-and-control server is still operating, and some organizations, including the World Anti-doping Agency, were still under attack as of last month. (As of Tuesday, according to a WADA spokesman, the group was unaware of any breach, but “WADA is investigating” McAfee’s discovery.)"

Since we are talking McAfee, we should probably also touch on their excellent marketing plan... Babes and Motorcycles...

While there has been plenty of controversy on the intertubez about this, I personally do not see anything wrong with it. Formula One and other major companies have always used sex to sell.

Information Security is a funny animal, what other industry can you mass market something that does absolutely nothing and have the product sell itself due to marketing? Why wouldn't you throw sex into the mix? All I can say is... RIGHT ON McAfee, next year get Unicorns with Boobs! 

With that said, I'd like to take a minute to review the talks I did get to watch... First up. Chris Paget... I have followed Chris's work since seeing some videos from ShmooCon 2009 on RFID and his earlier GSM Hacking.

I'm unsure why he would submit "Microsoft Vista: NDA-less The Good, The Bad, and The Ugly" for a BlackHat topic? Vista for the most part is dead, if it hasn't been completely killed off yet, then someone should get the thermite. This would of made a great white paper, but a talk post user accepted EOL not so much. Oh, and Chris… This had to of been the funniest moment of the entire cast. Were you shocked or awed? :) 

imageNext up: Staring into the Abyss: The Dark Side of Security and Professional Intelligence by Richard Thieme

All I can say is wow… what a speaker, no slides no bullfrak. I haven't been so wrapped up in a talk in a long time. Every security professional should sit down and here him speak on the the generic misnomers that are going around our industry like wildfire lately.

The physical borders that had previously separated countries have been knocked down by globalization. Time to start thinking that way. I'm ordering his book Mind Games

Last up: WORKSHOP - Infosec 2021: A Career Odyssey by Lee Kushner & Mike Murray

While I have met Lee before and have worked with him on a few opportunities, I am somewhat conflicted about this presentation. We all know the HR Drones are trained to use CISSP as a requirement for even the most basic IT Security position.

Instead of giving a presentation on what we already know, how about going out and citing real world examples of what security professionals do and how the certification does not apply directly to their roles.

I have been in information securiy/risk management for over a decade and on the management side of the house for the last five years or so. I cringe every time I see a job req for the hands on security types where the requirements outline a CISSP.

Did you know that everyone in that room that raised a hand when asked if they are a CISSP, according to Dorsey Morrow are in violation of the Ethics agreement? I'm not knocking the full presentation as it got better towards the end, but come on.. This is nothing new. Oh and Dorsey, I know your reading this F ISC2.

Cross-posted from Jaded Security

Possibly Related Articles:
Security Training
Information Security
Microsoft Vulnerabilities McAfee Exploits hackers ISC2 Black Hat Conference Shady Rat
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.