Black Hat USA 2015 is right around the corner and it’s time to start planning which briefings to attend.
Here at Venafi, we’re interested in sessions on protecting cryptographic keys and digital certificates. Keys and certificates are the foundation of online trust, but cybercriminals, hacktivists, and nation states are misusing them to gain unauthorized access and hide their actions.
Venafi and Blue Coat security experts will be conducting cybersecurity briefings that cover 3 different cybersecurity topics and, if you register in advance for a session, you’ll receive a $30 Amazon gift card when you attend. We have also identified others sessions that impact key and certificate security. Check out these briefings we’ve added to our dance card for this year’s Black Hat.
Venafi Cybersecurity Briefings
- Your Threat Detection Strategy is Only 50% Effective
While SSL/TLS provides privacy and authentication, it also creates a blind spot for enterprise security. Most organizations lack the ability to decrypt and inspect SSL traffic and bad guys are taking full advantage. This session, co-presented with Blue Coat, provides guidance on how SSL/TLS impacts security controls and how you can eliminate security blind spots. Register here.
- Advanced Attacks, Encryption, & Certificate Reputation
As private encryption keys are now sold on the underground marketplace for circa $1000 each, it has become easy for hackers to breach even the most security conscious organizations. This session demonstrates how certificate reputation services are designed to identify and stop certificate misuse globally. Register here.
- Are Certificate-related Outages Impacting Your Business?
We rely on digital certificates and cryptographic keys for data protection and authentication. But as security instruments, certificates can, and do, expire, bringing down systems and blocking access to servers, websites, and potentially dozens of critical downstream services. Attend and learn how to eliminate outages caused by expired certificates and reduce your security risks. Register here.
All registered attendees for Venafi briefings will also have a chance to win a $100 Amazon gift card per session. To check out what else Venafi is doing at Black Hat, visit Venafi.com/BH2015.
At Black Hat, we also want to hear what other thought leaders have to say about ensuring keys and certificates remain secure and continue to enable online trust. We’re looking forward to the following sessions:
- Back Doors and Front Doors Breaking the Unbreakable System
Governments are demanding backdoor access to encrypted data to support criminal and national security investigations, but this is opposed by privacy advocates. This briefing discusses if government agencies could be given backdoor access to encrypted data without weakening encryption systems.
- Breaking HTTPS with BGP Hijacking
Many believe BGP hijacking is not a significant threat, because the resulting man-in-the-middle attack cannot decrypt or break into an encrypted connection. But this briefing will show how the trust that SSL/TLS PKI places in internet routing can be exploited and how to prevent it.
- Faux Disk Encryption: Realities of Secure Storage on Mobile Devices
With the number of mobile users now surpassing the number of desktop users, this briefing discusses mobile device security and how it must go beyond full-disk encryption to protect against most attacks types. The session will present other secure storage techniques for both iOS and Android.
- Certifi-gate: Front-Door Access to Pwning Millions of Androids
Learn how a vulnerability within the Android customization chain can be exploited to access unsecure apps and gain access to any device. This will include information on how hash collisions, IPC abuse, and certificate forging can grant malware complete control of a device.
- TrustKit: Code Injection on iOS 8 for the Greater Good
See how Trustkit, a new open-source library for iOS, provides universal SSL public key pinning that the developers call “drag & drop SSL pinning.” This open-source library leverages new iOS 8 rules regarding dynamic linking and will be available for deployment by attendees.
- Bringing a Cannon to a Knife Fight
Bulletproof yourself against China’s Great Cannon which intercepts traffic as a man-in-the-middle proxy and turns global visitors to Chinese sites into the world’s largest botnet that carries out attacks on sites deemed a threat to the Chinese Communist Party. Learn how the Great Cannon works, about the timing of its release, why it was used to attack the Github repos, and how it will change as HTTPS and DNSSEC become more widely used.
Are there other sessions at Black Hat that address cryptographic keys and digital certificates that you plan to attend? Thoughts about any of these upcoming briefings? Drop me a comment.