There’s nothing like attendance at the annual Black Hat and Def Con security/hacker conferences to hike your paranoia into the red zone and keep it there forever.
You come away with the sense that nothing, anywhere, ever, is safe–and that’s just from talks given by people willing to publicize their work. Compared to the secret legions of the NSA and other governments’ equivalents, and invisible armies of mercenary black-hats selling zero-dayexploits to the highest bidder, Def Con may well only be the iceberg’s tip.
What follows is a brief and highly subjective summary of the talks that people seemed to be talking about most, and/or the ones I found most interesting:
A seriously ill wind blows some good news for BlackBerry
Alex Stamos warned the world of a potential Cryptopocalypse: the RSA encryption algorithm, which is “by far the most widely used public-key cryptosystem in the world,” may be killed by mathwithin the next five years, along with the standard Diffie-Hellman key-exchange protocol. A viable alternative is available — but guess what? Many of its crucial patents are owned by none other than everyone’s favorite crippled dinosaur, BlackBerry.
HTTPS isn’t really so S
Even if some bright mathematician doesn’t destroy online security as we know it, HTTPS still has plenty of other vulnerabilities. The BREACH exploit can use a vulnerability in compression algorithms to pluck email addresses and other data from encrypted connections. A fake termination of a TLS session (note to power users; what you’ve been calling SSL has probably really been TLS for some time now) can lead to the hijacking of a Gmail session (for five minutes) or an Outlook one (for much longer.) Oh, yeah, and client-side TLS sessions appear to be vulnerable too.
The secret computer inside your phone
There are more than 7 billion SIM cards out there, including, probably, the one in yours. Did you know that each one is a tiny little computer in its own right, is under the complete control of your carrier, and can cause phones to make and receive calls, send and receive SMSes, open up URLs, and many other actions? Karl Koscher and Eric Butler (the creator of Firesheep) walked their audience through a great software-archaeology talk on how to program these quasi-obsolete but ubiquitous devices…which is particularly relevant in light of Karsten Nohl’s talk on how approximately 1/4 of all SIM cards in existence can be exploited via a serious security flaw.
CDMA phone? No SIM card! You’re…totally not safe either. Sorry.
Your home is not your castle
The Latest on: Def Con
45 Years Ago, The US Almost Fought A Nuclear War With Syria And Russia
on April 15, 2018 at 2:42 pm
On the night of October 24, 1973, came the dreaded words: Assume Defcon 3. On bases and ships around the world, U.S. forces went to Defense Condition 3. As paratroopers prepared to deploy, B-52 nuclear bombers on Guam returned to bases in the United ... […]
In 1973, America and Russia Almost Fought a Nuclear War over Syria
on April 13, 2018 at 6:20 pm
On the night of October 24, 1973, came the dreaded words: Assume Defcon 3. On bases and ships around the world, U.S. forces went to Defense Condition 3. As paratroopers prepared to deploy, B-52 nuclear bombers on Guam returned to bases in the United States ... […]
UK defines Cyber DEFCON 1, 2 and 3, though of course doesn't call it that
on April 12, 2018 at 7:12 am
The UK government has launched a new cyber attack categorisation that is designed to improve response to incidents – sadly it doesn't go up to 11.* Categorisation into bands ranging from six down towards one (the most severe) will span the full range of ... […]
Def Con War Zone kicks off their haunted house laser tag on Friday the 13th
on April 12, 2018 at 6:09 am
If you're a thrill-seeker and love getting scared, why wait until Halloween when you can experience several jump scares in April? Billy Pon is a filmmaker and what he calls, a "hauntrepeneaur." "I was always into the VHS revolution and back then, your moms ... […]
USA's doomsday aircraft takes off, DEFCON 4 readiness level declared
on April 11, 2018 at 7:59 am
According to CivMilAir monitoring website, the United States took to the air the so-called "doomsday airplane." The E-4B Nightwatch aircraft can be used as a command post in a nuclear conflict, if ground control structures have been either destroyed or ... […]
AND!XOR DEFCON 26 Indie Badge
on April 3, 2018 at 4:21 am
AND!XOR has once again taken to Kickstarter to raise the required funds to take its new AND!XOR DEFCON 26 Indie Badge into production. The hackable Internet of Things conference badge is equipped with a full colour screen, blinking LED lights, games ... […]
Salesforce “red team” members present tool at Defcon, get fired
on August 10, 2017 at 11:31 pm
At Defcon in Las Vegas last month, word rapidly spread that two speakers—members of Salesforce's internal "red team"—had been fired by a senior executive from Salesforce "as they left the stage." Those two speakers, who presented under their Twitter ... […]
DEF CON's vote-hacking village made us think twice about election security
on August 2, 2017 at 4:58 am
A motley assortment of hackers walk into a room packed full of voting machines. You can guess what happened next. In many ways, the 25th Annual DEF CON went down like those that preceded it. Over the weekend, 25,000 hackers, cybersecurity professionals ... […]
The U.S. Army is teaching kids how to hack at DEF CON
on July 29, 2017 at 3:34 pm
At DEF CON, anyone can learn to hack -- toddlers included. In a packed room at one of the largest hacking conferences in the world, kids are learning how to hack everything from door locks to computer games to hardware. They're participating in the r00tz ... […]
UPS Is Scared Of Getting Hacked During DEF CON
on July 25, 2017 at 5:19 pm
While tens of thousands of hackers gear up to attend hacker week in Las Vegas, UPS is taking basic precautions to protect itself from any malicious links. The Caesar’s Palace UPS store is warning hotel guest that its printing services will be limited in ... […]
via Google News and Bing News