Black Hat 2008 Day 1 ? Phishers posting credit card info for all to see and a new DNS cache poisoning trick
Bad Sushi: Beating Phishers at their own game - Excellent session that went into detail on how phishers think, act, and make a profit. Nitesh Dhanjani and Billy Rios (the speakers) showed us how phishers create sites, share info and code, and basically are lazy. I will definitely be blogging on this subject in more detail in the coming days but the highlights were that Phishers are storing their stolen data (credit card numbers, SSNs, ATM cards with Pins, etc) on websites that they have hacked into or on sites like guestbooks.
Leveraging the edge: Abusing SSLVPNs (Michael Zusman) ? Michael started his talk by detailing how he was able to purchase a certificate from a major CA with a FQDN of an existing fortune 500 company?s website!