July 27, 2010, 11:45 AM — Trying to predict the big news at this week's Black Hat and Defcon conferences is extremely tricky, if not impossible. Usually the most interesting stories pop up at the very last minute -- hackers tend to hold off on disclosing the really big talks because they don't want jittery lawyers to shut them down. And even when you think you know what's going on, sometimes one of the shows steps forward to take center stage, as Defcon did three years ago when Dateline NBC reporter Michelle Madigan was run out of the conference for trying to secretly film show attendees.
Black Hat, the more corporate event, and its unruly sister conference, Defcon, are held one after the other each year in Las Vegas. This year's Black Hat conference is on Wednesday and Thursday. Defcon runs Friday through Sunday.
So expect some chaos this week in Las Vegas. Expect some surprises. If you're attending, expect a hangover. But also look out for some interesting security stories on these topics:
1) Hitting the ATM Jackpot
This year's most-anticipated talk comes from Barnaby Jack, formerly of Juniper Networks. Jack has been toying around with ATMs (automated teller machines) for the past few years and is ready to talk about some of the bugs he's found in the products. We don't yet know whose ATMs are vulnerable -- or even if the manufacturers will be disclosed -- but ATMs are a green field for vulnerability researchers.
Black Hat conference director Jeff Moss says the work on ATM bugs is reminiscent of the voting machine research that came out a few years ago -- which showed serious security vulnerabilities in the systems and caused many government agencies to rethink the way they were rolling out e-voting.
Jack's talk is controversial. Juniper pulled it at the last minute ahead of last year's Black Hat conference, at the request of ATM makers. But now working for a new company, IOActive, Jack plans to show several new ways of attacking ATMs, including remote attacks. He will also reveal what he calls a "multi-platform ATM rootkit," according to a description of his talk.
"I've always liked the scene in 'Terminator 2' where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I've got that kid beat," Jack writes in his abstract.