Software

Hacker Summer Camp: Security Cons Blossom In The Desert

The mercury is expected to top 104 degrees Fahrenheit (40 C) in Las Vegas next week. And that could mean only one thing: it’s conference time for some of the world’s top computer hackers.   Indeed, next week brings the 22nd installment of the DEFCON hacker conference in Las Vegas, and the 18th of Black Hat, DEFCON’s younger, more straight-lace sibling. But, while Black Hat and DEFCON are still the main attraction on the Las Vegas strip, they’re hardly the only shows in town. B-Sides Las Vegas, an alternative mini-con, is in its fifth year and is attracting many of the “cool kids” in the security community to do presentations and demos on Tuesday and Wednesday, August 5 and 6th over at the Tuscan Suites and Casino. Running alongside B-Sides is Passwords 14, a conference that started in Norway and is in its second year on U.S. soil. As its name would […]

Continue Reading

A Guide to Internet of Things Standards | Computerworld

From Colin Neagle over at Computerworld: a run-down of emergent IoT standards – a list that has suddenly become rather long. From his article: “The complexity of these standardization efforts has evoked comparisons to the VHS and Betamax competition in the 1980s. Re/Code’s Ina Fried wrote, “there’s no way all of these devices will actually be able to all talk to each other until all this gets settled with either a victory or a truce.” In the meantime, we’re likely to see some debate among the competing factions. “If this works out at all like past format wars, heavyweights will line up behind each different approach and issue lots of announcements about how much momentum theirs are getting,” Fried wrote. “One effort will undoubtedly gain the lead, eventually everyone will coalesce and then, someday down the road, perhaps all these Internet of Things devices will actually be able to talk to […]

Continue Reading

EFF wants to make Wi-Fi routers more secure | theguardian.com

Home routers and wi-fi access points are the canaries in the coal mine for security on the Internet of Things. Simply put: they’re ubiquitous, Internet-connected and innocuous. Unlike mobile phones, wi-fi routers aren’t in your pocket – buzzing and ringing and demanding your attention. In fact, it’s safe to be that the vast majority of Internet users are concerned wouldn’t know how to connect- and log in to their router if they had to. But appearances can deceive. Broadband routers are, indeed, mini computers that run a fully featured operating system and are perfectly capable of being attacked, compromised and manipulated. We have already seen examples of modern malware spreading between these devices. In March, the security firm Team Cymru published a report (PDF) describing what it claimed was a compromise of 300,000 small office and home office (SOHO) wireless routers that was linked to cyber criminal campaigns targeting online banking customers. In January, […]

Continue Reading

TRUST: Threat Reduction via Understanding Subjective Treatment

It has become obvious (to me, anyway) that spam, phishing, and malicious software are not going away. Rather, their evolution (e.g. phishing-to-spear phishing) has made it easier to penetrate business networks and increase the precision of such attacks. Yet we still apply the same basic technology such as bayesian spam filters and blacklists to keep the human at the keyboard from unintentionally letting these miscreants onto our networks. Ten years ago, as spam and phishing were exploding, the information security industry offered multiple solutions to this hard problem. A decade later, the solutions remain: SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance). Still: we find ourselves still behind the threat, rather than ahead of it. Do we have the right perspective on this? I wonder. The question commonly today is: “How do we identify the lie?” But as machine learning and data science become the new norm, I’m […]

Continue Reading

Chinese Firm Claims To Hack Tesla Model S To Win Security Contest – chicagotribune.com

A mainland China security firm, Qihoo 360 Technology Co., claims it has found a way to hack into systems that control Tesla’s Model S sedan, controlling features like the door locks, car horn and sunroof even while the vehicle was being operated, according to a report by Bloomberg News. The hack was in response to a contest associated with the SysCan security conference in Beijing. As reported by The Security Ledger, that contest offered a $10,000 reward to anyone who could hack the Model S. Bloomberg reporter Ma Jie cited this post on the company’s Sina Weibo account as proof of the compromise. Tranlated (via Google), the post reads: “Our safety performance Tesla recently conducted a series of tests and found that the certificate can be used to unlock the remote control of the vehicle, whistle, flash and so on. And can open the sunroof while driving the vehicle. Tesla owners […]

Continue Reading
1 80 81 82 83 84 123