Hacks & Hackers

Remote Car Hacks Depend On The Internal Design, Say Researchers

When purchasing your next car, you face many options. You want a good price, but also good gas mileage and perhaps an entertainment system for the kids in back. But for Dr. Charlie Miller, Twitter, and Chris Valasek, director of vehicle security research at I/OActive, the main criteria is whether or not the car is a likely candidate to be hacked. In particular they said they were interested in cars that would be more susceptible to remote hacking. Work done previously by Professor Stefan Savage along with graduate students from the University of Santa Barbara and the University of Washington used the Onboard Diagnostic port to control a car. Last year Miller and Valasek used internal wiring to gain control of their test cars. This year the pair said they wanted to take a step back and look at how cars in general communicate internally as a predictor of hacking […]

PasswordsCon Preview: Passwords Are Dead. Long Live Passwords.

I had an opportunity to sit with Per Thorsheim, co-founder of PasswordsCon about next week’s Passwords14 Conference in Las Vegas, Nevada. If you haven’t checked it out before, PasswordsCon is the world’s premiere technical conference that is just focused on the security of passwords and pin codes. PasswordsCon is a one-of-a-kind event: bringing together folks whose specialty is cracking and defeating password security with security experts whose interest is in shoring up protections for sensitive data. This year’s conference, which is sharing space with the B-Sides Las Vegas Conference on August 5 and 6. PasswordsCon has earned a reputation for being the launching pad for some eye-popping new tools for password cracking. Back in 2012, we reported on a 25 GPU device that radically lowered the bar to cracking even the strongest passwords protected with weaker encryption algorithms, like Microsoft’s LM and NTLM, obsolete. Among other things, the Conference will feature […]

Hacker Summer Camp: Security Cons Blossom In The Desert

The mercury is expected to top 104 degrees Fahrenheit (40 C) in Las Vegas next week. And that could mean only one thing: it’s conference time for some of the world’s top computer hackers.   Indeed, next week brings the 22nd installment of the DEFCON hacker conference in Las Vegas, and the 18th of Black Hat, DEFCON’s younger, more straight-lace sibling. But, while Black Hat and DEFCON are still the main attraction on the Las Vegas strip, they’re hardly the only shows in town. B-Sides Las Vegas, an alternative mini-con, is in its fifth year and is attracting many of the “cool kids” in the security community to do presentations and demos on Tuesday and Wednesday, August 5 and 6th over at the Tuscan Suites and Casino. Running alongside B-Sides is Passwords 14, a conference that started in Norway and is in its second year on U.S. soil. As its name would […]

EFF wants to make Wi-Fi routers more secure | theguardian.com

Home routers and wi-fi access points are the canaries in the coal mine for security on the Internet of Things. Simply put: they’re ubiquitous, Internet-connected and innocuous. Unlike mobile phones, wi-fi routers aren’t in your pocket – buzzing and ringing and demanding your attention. In fact, it’s safe to be that the vast majority of Internet users are concerned wouldn’t know how to connect- and log in to their router if they had to. But appearances can deceive. Broadband routers are, indeed, mini computers that run a fully featured operating system and are perfectly capable of being attacked, compromised and manipulated. We have already seen examples of modern malware spreading between these devices. In March, the security firm Team Cymru published a report (PDF) describing what it claimed was a compromise of 300,000 small office and home office (SOHO) wireless routers that was linked to cyber criminal campaigns targeting online banking customers. In January, […]

TRUST: Threat Reduction via Understanding Subjective Treatment

It has become obvious (to me, anyway) that spam, phishing, and malicious software are not going away. Rather, their evolution (e.g. phishing-to-spear phishing) has made it easier to penetrate business networks and increase the precision of such attacks. Yet we still apply the same basic technology such as bayesian spam filters and blacklists to keep the human at the keyboard from unintentionally letting these miscreants onto our networks. Ten years ago, as spam and phishing were exploding, the information security industry offered multiple solutions to this hard problem. A decade later, the solutions remain: SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance). Still: we find ourselves still behind the threat, rather than ahead of it. Do we have the right perspective on this? I wonder. The question commonly today is: “How do we identify the lie?” But as machine learning and data science become the new norm, I’m […]