Simple Solutions to Complex Problems from the Lazy Hackers Handbook: What Your Security Vendor Doesnt Want You to Know presented at BlackHatDC 2007

by David Maynor, Robert Graham,


Summary : Security is very hard these days: lots of new attack vectors, lots of new acronyms, compliance issues, and the old problems arent fading away like predicted. Whats a security person to do? Take a lesson from your adversary.
Hackers are famous for being lazythats why theyre hackers instead of productive members of society. They want to find new and interesting shortcuts to a quick payoff with minimal effort. Or, they look at a protocol designed by committee and find all the issues that never got a vote. Why not use the same enterprising approach to a quick and easy victory in the security arms race against them?
Stop dialing the phone to your security vendor and pay attention. This talk will shine light on simple methods to fix complex problems that your security vendor doesnt want you to know about.
Problems that will be addressed are:
How to take care of client side exploits with ease.
Find tons of 0day by letting someone else do the all the work.
Employ simple measures to keep a wireless network key secure.
All this without buying ANOTHER product! If you are drowning in problems, this talk could be just the lifeline you need.