There’s nothing like attendance at the annual Black Hat and Def Con security/hacker conferences to hike your paranoia into the red zone and keep it there forever.
You come away with the sense that nothing, anywhere, ever, is safe–and that’s just from talks given by people willing to publicize their work. Compared to the secret legions of the NSA and other governments’ equivalents, and invisible armies of mercenary black-hats selling zero-dayexploits to the highest bidder, Def Con may well only be the iceberg’s tip.
What follows is a brief and highly subjective summary of the talks that people seemed to be talking about most, and/or the ones I found most interesting:
A seriously ill wind blows some good news for BlackBerry
Alex Stamos warned the world of a potential Cryptopocalypse: the RSA encryption algorithm, which is “by far the most widely used public-key cryptosystem in the world,” may be killed by mathwithin the next five years, along with the standard Diffie-Hellman key-exchange protocol. A viable alternative is available — but guess what? Many of its crucial patents are owned by none other than everyone’s favorite crippled dinosaur, BlackBerry.
HTTPS isn’t really so S
Even if some bright mathematician doesn’t destroy online security as we know it, HTTPS still has plenty of other vulnerabilities. The BREACH exploit can use a vulnerability in compression algorithms to pluck email addresses and other data from encrypted connections. A fake termination of a TLS session (note to power users; what you’ve been calling SSL has probably really been TLS for some time now) can lead to the hijacking of a Gmail session (for five minutes) or an Outlook one (for much longer.) Oh, yeah, and client-side TLS sessions appear to be vulnerable too.
The secret computer inside your phone
There are more than 7 billion SIM cards out there, including, probably, the one in yours. Did you know that each one is a tiny little computer in its own right, is under the complete control of your carrier, and can cause phones to make and receive calls, send and receive SMSes, open up URLs, and many other actions? Karl Koscher and Eric Butler (the creator of Firesheep) walked their audience through a great software-archaeology talk on how to program these quasi-obsolete but ubiquitous devices…which is particularly relevant in light of Karsten Nohl’s talk on how approximately 1/4 of all SIM cards in existence can be exploited via a serious security flaw.
CDMA phone? No SIM card! You’re…totally not safe either. Sorry.
Your home is not your castle
The Latest on: Def Con
- Introducing MLB's 'Best Shape of Their Life' Team for 2018 on February 22, 2018 at 4:33 am
But as far as concerns go, this one isn't quite at DEFCON 1. It's just as likely that Lindor's defense will stay the same and that his offense will get a boost. After he posted an .842 OPS and slugged a career-high 33 homers last year, such a boost would ... […]
- Election security a high priority — until it comes to paying for new voting machines on February 21, 2018 at 12:57 pm
There is no shortage of demonstrations of the former. Over a long weekend last summer, hackers at a conference in Las Vegas, DefCon, managed to breach all five models of paperless voting machines, as well as an electronic poll book. The hack received a ... […]
- Lottery scam mastermind rigged more drawings than first thought, records show on February 19, 2018 at 3:05 pm
Teitelman made the comments about the newly discovered third rigged date during a July 30 Def Con 25 Hacker conference called “Backdooring the Lottery and Other Security Tales from Gaming.” His presentation was cited last week by Dawson's lawyers in ... […]
- County officials say local election system secure on February 16, 2018 at 7:00 pm
It can’t be done.” She acknowledged that voting machines can be hacked by having them in hand, but even the fastest hacker who tried such a thing at a recent DEFCON Hacking Conference needed a half hour to get into the operating system of just one ... […]
- A Brief History of the Feud Between Sarah Jessica Parker and Kim Cattrall on February 12, 2018 at 11:58 am
There are rules of fair play in celebrity feuding, and maybe the biggest one is that you don’t name names. The drama by this point is at DEFCON 3, because Cattrall named that name, man. Things can only get darker from there. And what do ya know ... […]
- DEF CON's vote-hacking village made us think twice about election security on August 1, 2017 at 4:58 pm
A motley assortment of hackers walk into a room packed full of voting machines. You can guess what happened next. In many ways, the 25th Annual DEF CON went down like those that preceded it. Over the weekend, 25,000 hackers, cybersecurity professionals ... […]
- The U.S. Army is teaching kids how to hack at DEF CON on July 28, 2017 at 11:28 pm
At DEF CON, anyone can learn to hack -- toddlers included. In a packed room at one of the largest hacking conferences in the world, kids are learning how to hack everything from door locks to computer games to hardware. They're participating in the r00tz ... […]
- Defcon 1 Armory & The Chow Hall BBQ Pit opens in Emmaus on March 2, 2015 at 1:47 pm
Perhaps you’re in the market for a new pistol, rifle or shotgun. Maybe you’re craving some slow-smoked beef brisket, pulled pork or chicken wings. Either way, you’ll find both types of goods at Emmaus’ new Defcon 1 Armory & The Chow Hall BBQ Pit. […]
- Feds 'not welcome' at DEF CON hacker conference on July 10, 2013 at 10:08 pm
Now in its 21st year, DEF CON is America's flagship hacker conference - a place where hackers, security researchers, corporate recruiters, digital frontier legal eagles and law enforcement have mingled and boozed it up on noncombatant territory. […]
- Photos show the cultural difference between Black Hat and Defcon hacker events on August 7, 2011 at 4:56 am
Thousands of security professionals, hackers, federal agents and media descended on Las Vegas this week to attend the Black Hat and Defcon conferences. The two conferences exhibit the extremes of hacker and security culture, with federal agents and major ... […]
via Google News and Bing News