Black Hat USA and DEFCON in Las Vegas are amongst the biggest IT security conferences in the world. This year Walter Sprenger and I had the opportunity to attend. Both events have been very interesting on their own merits. Whereas Black Hat is more directed towards the corporate IT users, DEFCON addresses the security geeks. For me Black Hat had the most interesting presentations and DEFCON proofed to be the better place to network with people.

The biggest topics this year at Black Hat were VoIP security, Windows Vista security and all flavors of phishing attacks (Phishing, Vishing, SMiShing). As users grow aware of e-mail based phishing they are likely to fall victim to phishing originating from other communication channels. Although web application security has been top agenda for IT security professionals for years, the situation does not seem to improve but rather worsens: Cross-Site Scripting based worms and Intranet attacks are the new kids on the block. With the large adoption of the AJAX concept new opportunities for attacks will arise. Interesting are the new advances in attacking WLANs and Bluetooth devices. At the DEFCON talks reverse engineering and privacy issues were the main topics. Of course the fun factor with all the contests (CTF, warwalking, lock picking, beverage cooling) has its own charm.

Walter and I have put together a document with the latest IT security trends (5.2 MB) we have picked up at the conferences. Some pictures have been added to give you an impression of both events. See the Black Hat USA 2006 and the DEFCON 14 proceedings for further details.

*** This is a Security Bloggers Network syndicated blog from iplosion security authored by jan.monsch. Read the original post at: http://www.iplosion.com/archives/56