There’s nothing like attendance at the annual Black Hat and Def Con security/hacker conferences to hike your paranoia into the red zone and keep it there forever.
You come away with the sense that nothing, anywhere, ever, is safe–and that’s just from talks given by people willing to publicize their work. Compared to the secret legions of the NSA and other governments’ equivalents, and invisible armies of mercenary black-hats selling zero-day exploits to the highest bidder, Def Con may well only be the iceberg’s tip.
What follows is a brief and highly subjective summary of the talks that people seemed to be talking about most, and/or the ones I found most interesting:
A seriously ill wind blows some good news for BlackBerry
Alex Stamos warned the world of a potential Cryptopocalypse: the RSA encryption algorithm, which is “by far the most widely used public-key cryptosystem in the world,” may be killed by mathwithin the next five years, along with the standard Diffie-Hellman key-exchange protocol. A viable alternative is available — but guess what? Many of its crucial patents are owned by none other than everyone’s favorite crippled dinosaur, BlackBerry.
HTTPS isn’t really so S
Even if some bright mathematician doesn’t destroy online security as we know it, HTTPS still has plenty of other vulnerabilities. The BREACH exploit can use a vulnerability in compression algorithms to pluck email addresses and other data from encrypted connections. A fake termination of a TLS session (note to power users; what you’ve been calling SSL has probably really been TLS for some time now) can lead to the hijacking of a Gmail session (for five minutes) or an Outlook one (for much longer.) Oh, yeah, and client-side TLS sessions appear to be vulnerable too.
The secret computer inside your phone
There are more than 7 billion SIM cards out there, including, probably, the one in yours. Did you know that each one is a tiny little computer in its own right, is under the complete control of your carrier, and can cause phones to make and receive calls, send and receive SMSes, open up URLs, and many other actions? Karl Koscher and Eric Butler (the creator of Firesheep) walked their audience through a great software-archaeology talk on how to program these quasi-obsolete but ubiquitous devices…which is particularly relevant in light of Karsten Nohl’s talk on how approximately 1/4 of all SIM cards in existence can be exploited via a serious security flaw.
CDMA phone? No SIM card! You’re…totally not safe either. Sorry.
Your home is not your castle
The Latest Bing News on:
Def Con
- Top Israeli university offering spots to Jews who don’t feel safe on university campuseson April 26, 2024 at 8:56 pm
Antisemitic rhetoric on college campuses has prompted a top Israeli university to offer Jewish students and faculty spots if they feel unsafe at their school.
- Shadow Boxing: Comments On Proof-Of-Work Centralization Hysteriaon April 26, 2024 at 11:35 am
If that sounds expensive to you that’s because it is. The pool effectively has to front every payment out of pocket and hope they can pay themselves back with the blocks they eventually mine. If you ...
- Five Essential Steps To Land Your First Cyber Security Jobon April 22, 2024 at 5:30 am
Most cyber security professional associations like ISC2 and ISACA have vibrant grassroots chapters. RI recommends that you regularly attend local cyber security meetups and develop professional ...
- Exclusive: Former Uber cyber boss is now advising execs on avoiding his mistakeson April 16, 2024 at 9:18 am
Sullivan, who faced criminal charges over incidents at Uber, is joining cyber risk management company BreachRx as a senior adviser.
- Kenneth L. Hardin: We’re at DEFCON Level One with our local youthon April 13, 2024 at 9:00 pm
By Kenneth L. Hardin The military uses a five-point readiness condition scale to keep our country on alert from threats to our normal way of life. So as not to cause panic, the DEFCON Level is never ...
- ‘Will Trent’ Drag-Themed Episode Gets Praise for Representationon April 10, 2024 at 12:05 pm
One commenter on Reddit, who claims to be a drag performer themself, wrote of the episode, “It’s rare we get such a good view of drag shows and drag performers on TV. Representation not only matters ...
- Government can step in as campus antisemitism reaches ‘DEFCON 1’: Expertson April 8, 2024 at 12:00 am
“Right now, we’re at a DEFCON 1 when it comes to antisemitism,” First Amendment lawyer and civil litigator Jeffrey Robbins told the Washington Examiner. In January, for example ...
- DEFCON Meanings: What Are They & What Do The Levels Mean?on January 5, 2024 at 2:34 am
DEFCON is a military readiness system with five levels, ranging from normal operations to the highest level of imminent or ongoing war. Each level has a specific color and nickname, triggering ...
- DEF CON to set thousands of hackers loose on LLMson May 6, 2023 at 10:30 am
This year's DEF CON AI Village has invited hackers to show up, dive in, and find bugs and biases in large language models (LLMs) built by OpenAI, Google, Anthropic, and others.… ...
- AND!XOR’s DEF CON 29 Electronic Badge Is An Assembly Puzzleon August 2, 2021 at 3:47 am
A bubble pack landed on my desk on Thursday with the newest offering, the AND!XOR electronic badge built for DEF CON 29, happening this weekend as a hybrid in-person and online conference.
The Latest Google Headlines on:
Def Con
[google_news title=”” keyword=”Def Con” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
The Latest Bing News on:
Computer security
- Bill Asks if AI Could Strengthen Border Securityon April 26, 2024 at 3:50 pm
Federal legislation from Santa Ana Democratic Rep. Lou Correa would compel leading border officials to make sense of how artificial intelligence could help in securing the nation’s border. AI already ...
- Biden administration taps tech CEOs for AI safety and security boardon April 26, 2024 at 1:17 pm
The Artificial Intelligence Safety and Security Board includes figures like OpenAI CEO Sam Altman, Microsoft CEO Satya Nadella and Alphabet CEO Sundar Pichai.
- Hackers claim to have infiltrated Belarus' main security serviceon April 26, 2024 at 11:24 am
A Belarusian hacker activist group claims to have infiltrated the network of the country’s main KGB security agency and accessed personnel files of over 8,600 employees ...
- The best security keys of 2024: Expert testedon April 26, 2024 at 11:00 am
We tested the best security keys that can help keep your online accounts safe from hackers and phishing attacks.
- AI-powered home security system strikes back with paintballs and tear gason April 26, 2024 at 3:00 am
An artificial intelligence-powered home security system can fire paintballs and tear gas at trespassers. The camera identifies human faces and animals.
- Security Think Tank: Maybe let's negotiate with terroristson April 26, 2024 at 1:44 am
In the wake of renewed calls for lawmakers to consider enacting legal bans on ransomware payments, the Computer Weekly Security Think Tank weighs in to share their thoughts on how to tackle the ...
- Homeland security talks online safety, fraud, and human trafficking at awareness eventon April 25, 2024 at 8:01 pm
The Department of Homeland Security Investigations spoke in Myrtle Beach about internet safety, fraud, and human trafficking. The community event was hosted at the Mary C. Canty Recreation Center by ...
- Best Online Computer Science Programs of 2024on April 25, 2024 at 5:00 pm
Online computer science programs let you earn a degree that can lead to a new job or higher pay. See our picks for the best online computer science degree.
- Computer scientists unveil novel attacks on cybersecurityon April 25, 2024 at 5:00 pm
Today, Intel is set to issue a Security Announcement, while AMD will release a Security ... libjpeg," said Hosein Yavarzadeh, a UC San Diego Computer Science and Engineering Department PhD student and ...
- Kernel: What it is, and why it's essential for your computer, smartphone, and tableton April 25, 2024 at 4:02 pm
The kernel plays an essential role, as it manages how your phone, tablet, and PC's hardware and operating system.
The Latest Google Headlines on:
Computer security
[google_news title=”” keyword=”computer security” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]