Black Hat in D.C. just ended two days ago. It’s a unique organization and a very unique meeting. By working at many levels within the corporate, government, and underground communities, Black Hat provides a forum for the newest vulnerabilities, defense mechanisms, and industry trends. Research presented at each event draws tons of coverage and controversies. And if you are assuming that Black Hatters are a lot of know-it-all, look-what-I-know geeks, well, so you know.
But there are some interesting presentations. For example: A researcher with expertise in hacking hardware Tuesday detailed how it’s possible to subvert the security of a processor used to protect computers, smartcards and even Microsoft’s Xbox 360 gaming system. A researcher at Flylogic Engineering said he has hacked an Infineon SLE 66 CL PC processor that is also used with Trusted Platform Module (TPM) chips. He emphasized that his research shows TPM, which was developed as an industry specification for hardware-based computer security by the Trusted Computing Group and has been implemented in hardware by Infineon and other manufacturers, is not as secure as presumed. TPM can be used for a wide variety of purposes, including storage of encryption keys and is used with Microsoft’s BitLocker encryption technology. The researcher’s method, as he described it, entailed jumping the wire into the internal circuitry of the Infineon chips to create a bypass into the core. The researcher acknowledged it took him six months to figure out how to effectively penetrate it, which required bypassing circuitry on chips he purchased inexpensively from Chinese manufacturers. Wow. Not as secure as presumed! But wait a minute…unprotected Xboxes?
Security Magazine has informative convergence articles. Keyword search at www.securitymagazine.com