Been too busy to post my impressions about BlackHat until now. Here's what I came away with from last week's security briefings in Vegas:
1. Rootkits and VMware - Rootkits are now taking a new twist and using virtual machines to cover their tracks. There's no way to detect rootkits and malware downloaded through virtual machines except to look for latency in application executitions, which take longer in virtual mode. No vendor products are doing this. And every operating system that can run virtual mode, including Vista (Microsoft's new Beta), is susceptible.
2. A sense of doom - Everyone I talked to expressed uneasiness around the overwhelming risks associated with Internet computing. Fears of infrastructure collapse to the demise of e-commerce were being voiced by security experts from fortune 500 companies, consultancies, security vendors and hacker groups who spoke with me during the conference. This level of openly-spoken concern has not been present at conferences past.
What does this all mean? It means that businesses moving all their critical services to Internet computing better have a backup plan. Otherwise, we're headed for global chaos.