There’s nothing like attendance at the annual Black Hat and Def Con security/hacker conferences to hike your paranoia into the red zone and keep it there forever.
You come away with the sense that nothing, anywhere, ever, is safe–and that’s just from talks given by people willing to publicize their work. Compared to the secret legions of the NSA and other governments’ equivalents, and invisible armies of mercenary black-hats selling zero-day exploits to the highest bidder, Def Con may well only be the iceberg’s tip.
What follows is a brief and highly subjective summary of the talks that people seemed to be talking about most, and/or the ones I found most interesting:
A seriously ill wind blows some good news for BlackBerry
Alex Stamos warned the world of a potential Cryptopocalypse: the RSA encryption algorithm, which is “by far the most widely used public-key cryptosystem in the world,” may be killed by mathwithin the next five years, along with the standard Diffie-Hellman key-exchange protocol. A viable alternative is available — but guess what? Many of its crucial patents are owned by none other than everyone’s favorite crippled dinosaur, BlackBerry.
HTTPS isn’t really so S
Even if some bright mathematician doesn’t destroy online security as we know it, HTTPS still has plenty of other vulnerabilities. The BREACH exploit can use a vulnerability in compression algorithms to pluck email addresses and other data from encrypted connections. A fake termination of a TLS session (note to power users; what you’ve been calling SSL has probably really been TLS for some time now) can lead to the hijacking of a Gmail session (for five minutes) or an Outlook one (for much longer.) Oh, yeah, and client-side TLS sessions appear to be vulnerable too.
The secret computer inside your phone
There are more than 7 billion SIM cards out there, including, probably, the one in yours. Did you know that each one is a tiny little computer in its own right, is under the complete control of your carrier, and can cause phones to make and receive calls, send and receive SMSes, open up URLs, and many other actions? Karl Koscher and Eric Butler (the creator of Firesheep) walked their audience through a great software-archaeology talk on how to program these quasi-obsolete but ubiquitous devices…which is particularly relevant in light of Karsten Nohl’s talk on how approximately 1/4 of all SIM cards in existence can be exploited via a serious security flaw.
CDMA phone? No SIM card! You’re…totally not safe either. Sorry.
Your home is not your castle
The Latest Bing News on:
Def Con
- When politicians fire up on ‘security’, my bulldust detector goes to DEFCON 1on May 7, 2024 at 10:30 am
Using “security” as a justification for a policy initiative opens the door to interventions that are, in the words of former Treasury secretary Dr Ken Henry, “frankly, bad”.
- Liberal Media Scream: ABC’s Karl cries wolf with DEFCON 1 Trump warningon May 6, 2024 at 3:29 pm
This week’s Liberal Media Scream features another breathless election warning from another ABC Trump critic, Jonathan Karl.
- ‘DEF CON 1′ Tornado Outbreak Looms for Texas, Oklahoma and Kansason May 6, 2024 at 8:25 am
The Storm Prediction Center has issued a very dangerous and rare advisory to parts of Texas, Oklahoma, and Kansas ...
- Sony Gives Up ‘Helldivers 2’ PSN Link Demand, The Only Way This Could Have Endedon May 6, 2024 at 3:59 am
Controversies in the industry can reach a critical mass where they simply cannot be ignored or sidestepped, and that’s exactly what happened with the Helldivers 2 PSN ...
- Kansas City manufacturer supplies bomb shelters amid high demandon May 5, 2024 at 11:30 pm
The current global unrest has fueled an interest in preparing for a worst-case scenario like a nuclear attack. DEFCON Underground Manufacturing, based in Kansas City, specializes in underground ...
- Ornstein: Trump’s second term plans make it impossible to treat this like a ‘typical’ electionon May 4, 2024 at 10:12 am
A new interview with Time Magazine paints a disturbing picture of what a second Trump term could look like. Norm Ornstein, senior fellow emeritus at the American Enterprise Institute, joins Ali Velshi ...
- ‘These are just ordinary people’: More Kansas Citians embracing ‘prepper’ way of lifeon April 25, 2024 at 12:50 pm
Researchers found, since 2017, the number of preppers in America has doubled to 20 million, and up to a quarter of them are people of color.
- DEFCON Meanings: What Are They & What Do The Levels Mean?on January 5, 2024 at 2:34 am
DEFCON is a military readiness system with five levels, ranging from normal operations to the highest level of imminent or ongoing war. Each level has a specific color and nickname, triggering ...
- DEF CON to set thousands of hackers loose on LLMson May 6, 2023 at 10:30 am
This year's DEF CON AI Village has invited hackers to show up, dive in, and find bugs and biases in large language models (LLMs) built by OpenAI, Google, Anthropic, and others.… ...
- Hands On: DEF CON 29 Badge Embraces The New Normalon August 5, 2021 at 4:45 am
Our community had to rethink how we congregated, and major events like HOPE, DEF CON, and even our own Hackaday Supercon, had to be quickly converted into virtual events that tried with varying ...
The Latest Google Headlines on:
Def Con
[google_news title=”” keyword=”Def Con” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
The Latest Bing News on:
Computer security
- Neurable raises $13M for brain-computer interface with everyday productson May 7, 2024 at 11:00 am
Neurable raised $13 million for its brain-computer interface (BCI) technology that can work with everyday products.
- When Will Social Security Run Out? A New Government Report Estimates the Dateon May 7, 2024 at 10:24 am
The Social Security Trustees annual report this week gives a fresh estimate for how long Social Security benefit funds will last.
- Computer scientists discover vulnerability in cloud server hardware used by AMD and Intel chipson May 7, 2024 at 10:12 am
Public cloud services employ special security technologies. Computer scientists at ETH Zurich have now discovered a gap in the latest security mechanisms used by AMD and Intel chips. This affects ...
- This Mac Malware Can Take Screenshots of Your Computeron May 6, 2024 at 9:14 am
Researchers from Kandji have discovered a new Mac malware they're calling Cuckoo: This malware can scrape details about your Mac, your passwords, and even take screenshots of your machine.
- 4 dangerous PC security exploits being attacked right now (and how to fight them)on May 6, 2024 at 6:08 am
In this way, the attackers could, for example, install ransomware on a computer, bypass security measures, extend their own access rights, or read out data in order to sell it to other groups or ...
- How Computer Vision Is Transforming Cybersecurityon April 27, 2024 at 1:40 am
Explore how computer vision revolutionizes cybersecurity, enhancing threat detection and surveillance systems through innovative technology.
- How Computer Security Exercises Help Increase Readiness for Response to Cyberattacks in Nuclear Securityon June 16, 2023 at 8:57 pm
The development of national frameworks for computer security and response against cyberthreats to nuclear facilities have become necessary. Through large-scale exercises, the IAEA assists countries in ...
- Computer Security for Nuclear Securityon June 16, 2023 at 8:35 pm
This publication provides detailed guidance on developing, implementing, and integrating computer security as a key component of nuclear security. This guidance applies to computer security aspects of ...
- Master’s (MS) in Computer Security and Privacyon March 20, 2023 at 8:56 am
Apply to the Master's in Computer Security and Privacy program today at the College of Computing & Informatics. Please refer to the application deadlines below: Yes ...
- What to Do with a New Computeron June 14, 2019 at 8:37 am
Determine your support structure for the new computer. Is there an IT service in charge of installing and updating this computer? Is there a support contact at Purdue who will help with the computer?
The Latest Google Headlines on:
Computer security
[google_news title=”” keyword=”computer security” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
