DEF CON 22, Las Vegas, NV 2014 – On the last day of DEF CON 22, in oddly empty halls and with very subdued (hung over) conversations going on, I walked into what was probably the most entertaining security talks I have ever seen. To start with the premise of the talk was absurdly enticing. How and, of course, why would anyone want to put a sniffer on a cat or turn a dog into a denial of service station? Even though I had briefly covered the concept I still needed to hear how it all happened and then the real why behind it.
DEF CON 22, Las Vegas, NV 2014 – If you have ever stayed in a top end hotel you might find an iPad or similar tablet that allows you to control various functions of the room. This is becoming a more and more common practice in hotels where the guest experience is being moved from the phone or standard TV to movable and WiFi enabled devices. The problem is that there are potential flaws in the system that could allow someone to compromise the system and take control of multiple systems in the room.
DEF CON 22, Las Vegas, NV 2014 - Over the past year or so there have been several discoveries in the aviation industry that have had security researchers and regular people very concerned. We have covered a couple of these that have hit including a claim that a plane can be attacked through its inflight WiFi system and also a very recent one that claims to have found hard coded root credentials in the firmware of some satellite communication equipment. The aviation industry has been quick to refute these claims (and with good reason), but the question still persists: are air craft vulnerable to remote hacking?
DEF CON 22, Las Vegas, NV 2014 - The idea that individual devices can monitor and control many aspects of our lives is an exciting one. Right now you can pick up inexpensive products that can allow you to keep an eye on everything from your house to the temperature of your eggs. Of course this mass growth of interconnected devices is also a big concern for people looking out for security.
DEF CON 22, Las Vegas, NV 2014 - Yesterday at DEF CON we had the chance to listen to Christopher Soghoian, Principal Technologist, American Civil Liberties Union talk about the state of the surveillance state and how we can help fight against it. Of course you might think that his talk would be about the use of spy proof technologies, but oddly enough very little of that was talked about except to make it clear that talk of spy-proof technology makes people in Washington nervous.
DEF CON 22, Las Vegas, NV - The thought of getting a root kit or back door on a critical system is always a bad one. These pieces of malicious code allow an attacker to continue to exploit your network and move laterally increasing their foot hold. The good news is that in most cases you can find and remove these holes either by paving the system (formatting and reinstalling) or by cleaning (not always the best choice).
DEF CON 22, Las Vegas, NV Aug 2014 – One of the most concerning things about the future of the internet and technology in general is the fact that the “bad guys” have the advantage. We have known about this for a very long time, but because of the state of the security industry many have allowed themselves to be blinded to just how bad it is and also how our current methods of patching and fixing are not working.
Black Hat 2014, Las Vegas, NV - If you have ever had to build a network or add in a new service then you know the joys that can bring to your life. Not only do you have to plan for power, space, cooling for the systems that actually run the service you want, but you also have to plan for all of the myriad of devices that keep this service safe from the bad guys. You have Web Application Firewalls (WAF), SSL offloading, load balancers, traditional firewalls and sometimes much more. Even with all of that you may (probably will) find yourself with a breach or hack that makes all of that work and hardware seem useless. Traditionally there is no easy way to protect a web service or site with a single solution.
Black Hat 2014 Las Vegas, NV - The thought of a network breach or targeted attack is what keeps most systems admins up at night and constantly irritated to boot. The need to man the walls and make sure the moat is filled all the time is exhausting and nearly impossible in today’s moderns and increasingly distributed networks and business models. It makes the thought of a breach not a “what if”, but a “when”. This is becoming the new way of thinking about security. As we have talked about in the past people are no longer thinking they can keep everyone out, but are concentrating on quickly identifying and mitigating the inevitable breach.
Black Hat 2014 Las Vegas, NV – Today we had the chance to talk with Karl Sigler, Threat Intelligence Manager at Trustwave who walked us through the latest version of Backoff. For those of you that do not know Backoff is a new threat that targets POS systems through remote desktop or other remote access systems. The vector of attack is very simple, port scan for common RDP ports, perform a basic dictionary attack on any systems found, deposit the malware and cash in on the credit card information that flows through.