Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat USA
July 31 - August 5, 2021
Las Vegas, NV, USA
SecTor
November 4 - October 30, 2021
Toronto, ON, Canada
Black Hat Europe
November 8-11, 2021
Virtual Event
10/25/2019
11:00 AM
Black Hat Staff
Black Hat Staff
Event Updates
50%
50%

Get Up to Speed on the Latest Cryptographic Techniques at Black Hat Europe

Study the weaknesses of WPA-TKIP encryption and bone up on the most secure cryptographic APIs at Black Hat Europe.

When Black Hat Europe returns to London this December it brings with it a smorgasbord of practical cybersecurity tools and teachings, including a bunch of great Cryptography Briefings that aim to give you an edge when it comes to implementing (or cracking) encryption.

Practical Side-Channel Attacks Against WPA-TKIP promises to show you some new tricks for attacking WPA-TKIP Wi-Fi network encryption, an outdated standard now that the Wi-Fi Alliance has released the more secure WPA3 protocol. Researchers will demonstrate how WPA-TKIP is still being used on over 40% of the Wi-Fi networks they tested across the U.S., Germany, and Belgium. Expect to walk away with a much better understanding of the flaws in WPA-TKIP, and how to analyze and exploit them in your own work.

In Chain of Fools: An Exploration of Certificate Chain Validation Mishaps the folks at Duo Security will walk you through the implications of poor cryptographic API design, how insecure certificate chain validation implementations can be exploited and how widespread usage of APIs like Android SafetyNet can be found in certain verticals. You’ll also get useful advice for both implementers and cryptographic API authors, like how to choose misuse-resistant cryptographic APIs and what to do when faced with misuse-prone cryptographic primitives.

How to Break PDF Encryption promises detailed insights and results from the analysis of PDF encryption tests on 27 of the most popular PDF viewers on the market. Researchers will also demonstrate two novel techniques for breaking the confidentiality of encrypted documents and walk you through responsible identification and disclosure processes.

Get more information on these and lots of other useful content in the Briefings schedule for Black Hat Europe, which returns to The Excel in London December 2-5, 2019.

For more information on what’s happening at the event and how to register, check out the Black Hat website.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34202
PUBLISHED: 2021-06-16
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remot...
CVE-2021-32659
PUBLISHED: 2021-06-16
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.), any `m.room.tombs...
CVE-2020-25755
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter.
CVE-2020-25754
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an una...
CVE-2020-25753
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml.