There’s nothing like attendance at the annual Black Hat and Def Con security/hacker conferences to hike your paranoia into the red zone and keep it there forever.
You come away with the sense that nothing, anywhere, ever, is safe–and that’s just from talks given by people willing to publicize their work. Compared to the secret legions of the NSA and other governments’ equivalents, and invisible armies of mercenary black-hats selling zero-day exploits to the highest bidder, Def Con may well only be the iceberg’s tip.
What follows is a brief and highly subjective summary of the talks that people seemed to be talking about most, and/or the ones I found most interesting:
A seriously ill wind blows some good news for BlackBerry
Alex Stamos warned the world of a potential Cryptopocalypse: the RSA encryption algorithm, which is “by far the most widely used public-key cryptosystem in the world,” may be killed by mathwithin the next five years, along with the standard Diffie-Hellman key-exchange protocol. A viable alternative is available — but guess what? Many of its crucial patents are owned by none other than everyone’s favorite crippled dinosaur, BlackBerry.
HTTPS isn’t really so S
Even if some bright mathematician doesn’t destroy online security as we know it, HTTPS still has plenty of other vulnerabilities. The BREACH exploit can use a vulnerability in compression algorithms to pluck email addresses and other data from encrypted connections. A fake termination of a TLS session (note to power users; what you’ve been calling SSL has probably really been TLS for some time now) can lead to the hijacking of a Gmail session (for five minutes) or an Outlook one (for much longer.) Oh, yeah, and client-side TLS sessions appear to be vulnerable too.
The secret computer inside your phone
There are more than 7 billion SIM cards out there, including, probably, the one in yours. Did you know that each one is a tiny little computer in its own right, is under the complete control of your carrier, and can cause phones to make and receive calls, send and receive SMSes, open up URLs, and many other actions? Karl Koscher and Eric Butler (the creator of Firesheep) walked their audience through a great software-archaeology talk on how to program these quasi-obsolete but ubiquitous devices…which is particularly relevant in light of Karsten Nohl’s talk on how approximately 1/4 of all SIM cards in existence can be exploited via a serious security flaw.
CDMA phone? No SIM card! You’re…totally not safe either. Sorry.
Your home is not your castle
The Latest Bing News on:
- Hands-On: The Pandemic DEF CON Badge Is An Audio Cassetteon January 15, 2021 at 4:00 pm
My DEF CON Safe Mode badge just arrived in the mail this afternoon. The Vegas-based conference which normally hosts around 30,000 attendees every year has moved online in response to the global ...
- All The Hardware Badges Of DEF CON 25on January 15, 2021 at 4:00 pm
Hardware is the future. There is no better proof of this than the hardware clans that have grown up around DEF CON, which in recent years has become known as Badgelife. I was first drawn to the ...
- Justice Department was unprepared for family separations but Jeff Sessions pushed it anyway, watchdog sayson January 14, 2021 at 10:58 am
At one point, Sessions emphasized to US attorneys that "we need to take away children," according to notes from the call cited in Thursday's report. " [T]he Department's single-minded focus on ...
- Top performers after 7-on-7 tryouts in South Floridaon January 11, 2021 at 8:29 am
The high school football offseason is here, at least in South Florida. Over the past few weeks a number of 7-on-7 organizations in both the Miami and Fort Lauderdale metro areas have held their ...
- It's Defcon 1 for America's small businesses, this is what has to happen nexton December 4, 2020 at 6:22 am
Continue Reading Below It's Defcon 1 for small businesses. Experts assume that the country will achieve vaccine-induced herd immunity by May, so call the effort to keep small businesses alive ...
- After US Capitol assault, a different cybersecurity threat emergeson April 3, 2020 at 5:00 pm
The insurrection at the Capitol had many worried about nation-state actors. It turns out, the real threat could be much closer to home.
- White House on "DEFCON 2" after McConnell fails to block witness testimonyon January 29, 2020 at 4:25 am
White House on "DEFCON 2" after McConnell fails to block witness testimony A senior administration official deeply involved in the White House impeachment strategy has told CBS News they are on ...
- Krebs on Securityon January 22, 2020 at 10:09 am
Perhaps the best example of this at last week’s annual DefCon security conference in Las Vegas came from hackers who built on research first released in 2010 to show just how trivial it ...
- Hackers gather at Def Con to test voting system vulnerabilityon August 9, 2019 at 5:44 pm
NBC News’ technology correspondent Jacob Ward is live from the Def Con hacking conference in Las Vegas, where attendees are searching for vulnerabilities in voting systems. Correction ...
- Black Hat, DEF CON pose challenge to Las Vegason August 7, 2019 at 11:36 am
Every year, hackers and cybersecurity professionals descend on Las Vegas, Nevada, for the Black Hat and DEF CON security conferences, where attendees have been known to hack into casino elevators ...
The Latest Google Headlines on:
The Latest Bing News on:
- Voice of the consumer: Red flags pop up all over computer security scamon January 17, 2021 at 11:17 am
The man told me he got a call from someone claiming to be a case officer for McAfee, a computer security software company. Really, this was just a scammer pretending to work for a legitimate company.
- Global Computer Security for Customer Market 2020 Research Study with Trends and Opportunities to 2025 - Impact of COVID-19on January 6, 2021 at 3:35 am
Global Computer Security for Customer Market Growth (Status and Outlook) 2020-2025 introduced by MarketandResearch.biz offers exclusive research & analysis on the market that gives analysis on market ...
- As Comcast drops one computer security plan, what – if anything – should you replace it with?on January 3, 2021 at 1:29 pm
The new year will bring a new computer security problem for some Comcast users when the Philadelphia cable firm’s Xfinity internet service drops the Norton security-software bundle it began ...
- Top 10 investigations and national security stories of 2020on January 2, 2021 at 3:46 am
Computer Weekly was the first publication to break the story of a devastating ransomware attack against Travelex. The Sodinokibi cyber crime group demanded a six-figure ransom from the company to ...
- Computer Security For Business Market in the post Covid-19 paradigm, Global Outlook by 2021-2030on December 30, 2020 at 11:19 pm
Pune, Maharashtra, December 31 2020 (Wiredrelease) Market.Biz –:Impact of Covid-19 on the Computer Security For Business market: [Covid-19 is an unforeseen and unprecedented situation that has ...
- The Future of Computer Security for Customer Market: In-Depth Analysis & Global Outlook by 2021-2030on December 30, 2020 at 8:48 pm
Pune, Maharashtra, December 31 2020 (Wiredrelease) Market.Biz –:Impact of Covid-19 on the Computer Security for Customer market: [Covid-19 is an unforeseen and unprecedented situation that has ...
- Top 10 cyber security stories of 2020on December 29, 2020 at 3:15 am
This process was bypassed by PhD student Lennert Wouters of the University of Leuven’s Computer Security and Industrial Cryptography research group in a proof of concept using a self-made device ...