A presentation on how to be the first to exploit new flaws in Web server software was deemed "just as cool for white hats as for black hats" attending the Defcon 12 conference here over the weekend. The session offered new tools, as well as insight into the mindset of the so-called black hat, or malicious hacker, community, said one enthusiastic attendee, who works for a security consulting company that secures Web servers for the financial sector. The two presenters, German security consultants "FX" and Halvar Flake, spoke about taking advantage of new-found holes, known as zero-day Web-based vulnerability exploitation.
Finding vulnerabilities to exploit is real work, the presenters said. The large, packed crowd listened to them talk about "making script kiddies into real hackers," referring to novice hacker wannabes who simply use other hackers' tools to deface Web sites. The pair outlined the procedural steps of drilling down and finding Web server weaknesses--effectively offering tips to those who want to do so, but also providing knowledgeable warning to those who guard against such action.
News source: PCWorld.com