The morning started here with a miserable fact that seems to be a daily occurence. A drastic rationing of coffee. Now that the Black Hat conference has been picked up by CMP Media there are some cost cutting measures in evidence. The monsterous document that used to be provided in the conference bag is nowhere to be found. This, is a small blessing. I hated lugging that monster around and I’m sure the forests would breathe a sigh of relief.
The first session that I sat in was David Litchfield’s presentation on TBA. He had entitled it that for the simple reason that he was up until the wee hours finishing off the slides. Par for the course by his own admission. His presentation focused around the security problems with the Informix database. There was a noticable disappointment among attendees as they had been half expecting a slammer-esque announcement like the one in 2002. The install base of Informix is roughly 1% of the databases deployed in the world according to Litchfield. He will be posting rougly 20+ security advisories for Informix tomorrow. A top notch presentation.
The biggest problem that confronts companies today is database security. A source familiar with a rash of credit card thefts from companies recently said that most of these problems revolve around SQL injection attacks. Of his head butting with Oracle, Litchfield had this to say, “stop the bitching and get on with fixing”.
Next up was a standing room only presentation for the Metasploit framework. Saumil Shah, CEO of Netsquared, presented a run though of the 2.6 version of the Metasploit Framework. The heat in the room became oppressive and I had to slip out half way through but, not before discovering that the beta version of Metasploit v3 will most likely be released later today. The quote of the conference came from Saumil when he was attepting to run the demo and hold a microphone. “I’m not in the habit of typing with one hand” at which point the audience blew up laughing.
Now, back into the fray. Not before I find a f***ing cup of coffee.
[tags]David Litchfield, Informix Vulnerabilites, Black Hat, SQL Injection, Saumil Shah, Metasploit Framework[/tags]