Microsoft and Secure Computing Don A Black Hat and Hit Vegas

Microsoft (Nasdaq: MSFT) and San Jose, California-based Secure Computing (Nasdaq: SCUR) co-sponsored the Black Hat Briefings ’99 security conference in Las Vegas last week, focusing on computer-related security issues.

The intention behind the now annual, two-day conference is to bring corporate and government engineers and software programmers face-to-face with security experts and “underground” security specialists, aka hackers.

According to Jeff Moss, director of assessment services at Secure Computing, and founder of the Black Hat Briefings, “security issues are in the news everyday, and more and more organizations are realizing the importance of their security infrastructure in enabling their e-commerce initiatives. This conference is designed for all organizations to access the leading hackers and specialists in the industry.”

Two Days and Three Tracks

This year’s Black Hat was divided into three separate “tracks” – two black hats and a white. The black hat tracks will cover issues such as Computer Forensics (CF) systems, hostile mobile code, incident response, Intrusion Detection Systems (IDS), secure programming techniques, vulnerability analysis and more — all from a technical perspective.

The white hat component of the briefings was specifically designed for company executives such as CEOs and CIOs. Developed by the National Computer Security Center (NCSC), white hat featured information on how to manage a company’s security posture, addressing such issues as where to look for reliable security solutions, identifying and eliminating potential security vulnerabilities and how generally to reduce the risks of loss.

There’s More To Life, Love & Computing Than Y2K

Discussion at the conference focused on a number of issues including the potential impact of Y2K on a company’s security. “Taking a myopic approach only to the Y2K issue that does not involve diligent attention to security could lead to severe consequences,” stated Moss.

Moss commented, additionally, that “being Y2K compliant really won’t matter for much if an organization’s network is rendered ineffective by hacker attacks and intrusions.” According to a Secure company statement, many systems administrators are more concerned not only with Y2K issues, but network growth and updates, and may be ignoring critical security issues.

Guest speakers this year included Ira Winkler, an expert on information security and warfare, and Dr. Mudge, a security expert with L0pht, an independent online security firm. L0pht has issued a series of advisories recently involving Microsoft’s Internet Information Server (IIS) 4.0 and its point-to-point-tunneling protocol (PPTP).

BO2K

Attendees of the Black Hat Briefings will also be given free passes to DEFCON 7.0, known as the biggest annual hacker convention in the United States. This year has drawn more controversy than usual. Underground hacker group Cult of the Dead Cow has announced that it will release Back Orifice 2000, the latest version of its (in)famous hacker software.

The program — whose name takes an obvious shot at Microsoft — allows users to penetrate Windows-based PCs connected to the Internet. Back Orifice 2000 was made available at the convention. Security solution providers will begin work immediately analyzing the program, attempting to create a defense.