B-Sides

Attendees at DEFCON

Hacker Summer Camp: Security Cons Blossom In The Desert

The mercury is expected to top 104 degrees Fahrenheit (40 C) in Las Vegas next week. And that could mean only one thing: it’s conference time for some of the world’s top computer hackers.   Indeed, next week brings the 22nd installment of the DEFCON hacker conference in Las Vegas, and the 18th of Black Hat, DEFCON’s younger, more straight-lace sibling. But, while Black Hat and DEFCON are still the main attraction on the Las Vegas strip, they’re hardly the only shows in town. B-Sides Las Vegas, an alternative mini-con, is in its fifth year and is attracting many of the “cool kids” in the security community to do presentations and demos on Tuesday and Wednesday, August 5 and 6th over at the Tuscan Suites and Casino. Running alongside B-Sides is Passwords 14, a conference that started in Norway and is in its second year on U.S. soil. As its name would […]

Continue Reading
The Security Ledger podcast

This Week In Security: Poking Holes In Two Factor Authentication

It was another busy week in the security world. There was big news on the legal front, as The U.S. Supreme Court took steps to protect the data stored on mobile devices from warrantless searches by police. (That’s good news.) But the week also plenty of concerning stories about the security of data stored on mobile phones, tablets and the like. One of the stories that gained a lot of attention was DUO Security’s report on a flaw in PayPal’s two factor authentication feature that could expose the accounts of  security-conscious PayPal users. As The Security Ledger reported, DUO researcher Zach Lanier discovered a flaw in mobile APIs published by PayPal that would allow anyone with a valid PayPal user name and password to sidestep two-factor authentication when accessing PayPal accounts that had that option enabled. After DUO went public with information on the flaw, PayPal disabled two factor authentication […]

Continue Reading
BuilditSecurely

Vulnerabilities Lurking Far And Wide In IoT Ecosystem

The Internet of Things (IoT) promises to revolutionize the way people live and work. But while the media’s attention is focused on high-profile Internet of Things firms like NEST, the smart-home products vendor that Google acquired for more than $3 billion last month, much of the innovation in IoT – at least in the consumer market – is a bottom-up, grass roots phenomenon. Quietly, the combination of ready-made components, point and click development environments and cloud based back end management tools has enabled an army of (mostly) novice developers to assemble novel, connected products for a public enraptured with the idea of using their mobile devices to control something — anything. At the same time, crowd-funding platforms like Kickstarter and Indiegogo have created a platform for products to get funded and distributed to hundreds, thousands or even tens of thousands of customers – once a monumental task.  That’s great for the […]

Continue Reading
The Show Floor at RSA

Snowden RSA Controversy Just One Of Many Facing Security Industry

In a little more than a week, executives from world’s leading technology firms will gather in San Francisco for the RSA Conference, the cyber security industry’s biggest show in North America. No hacker con, RSA is something akin to corporate speed dating for companies in the security industry. But, like so much else in the technology world, this year’s conference has become mired in controversy stemming from Edward Snowden’s leak of classified documents related to government surveillance. In December, Reuters broke the story that, among the documents leaked by Snowden was evidence that RSA, the security division of EMC and parent company to the conference, accepted a $10m payment from the NSA to implement what turned out to be a vulnerable encryption algorithm as the default option for its BSafe endpoint protection product. RSA, the security division of EMC, has denied the allegations that it accepted the money while knowing that […]

Continue Reading
UAV Used For Oil Exploration

Future Will Bring More Drones, More Drone Hacks

Unmanned Aerial Vehicles, or UAVs (aka “drones”) are evolving – and fast. Just within the last five years, drones have morphed from stealthy and secretive military gear used for hunting down terrorists in the hills of Afghanistan and Yemen, to widely available consumer technology. The “consumerization” of UAV technology has  created a lot of opportunities for Cool! – like this video of a UAV flying over (and almost in to) Niagra Falls. But it has also led to some problems. In March, a UAV “quadrcopter” came within a couple hundred feet of striking an Alitalia flight trying to land at JFK Airport in New York. More concerning: the FAA is set to license tens of thousands of drones for use over the U.S., many by law enforcement or private security firms. That has prompted warnings about a huge breach of privacy for U.S. citizens. But one security researcher warns that […]

Continue Reading
1 2