For this year's DEFCON conference, the Electronic Frontier Foundation released an encryption-puzzle t-shirt (with glow-in-the-dark clues!) designed by EFF Senior Designer Hugh D'Andrade and Staff Technologist Micah Lee. The puzzle was fiendishly clever and made for a beautiful tee, and now it has been cracked by some of DEFCON's intrepid attendees, the first ten of whom stand to win a beautiful, limited edition, signed print.
Read the rest
Alex Stamos's Defcon 21 presentation The White Hat’s Dilemma
is a compelling and fascinating look at the ethical issues associated with information security work in the era of mass surveillance, cyberwar, and high-tech extortion and crime.
Read the rest
Kwikset makes an incredibly popular line of reprogrammable locks that can be easily re-keyed, meaning that landlords don't have to physically change the locks when their tenants move out. Kwikset boasts that their locks are extremely secure, but Marc Weber Tobias and Toby Bluzmanis will present six Kwikset vulnerabilities at DEFCON; their demo includes an attack that opens the lock "in 15 seconds with a screwdriver and a paper clip." Tobias and Bluzmanis have spoken to Kwikset technicians about this, and in recorded conversations, the Kwikset employees insisted that the product was secure, something that can't be taken seriously if you've seen Bluzmanis and Tobias work on them.
Read the rest
Justin Engler and Paul Vines will demo a robot called the Robotic Reconfigurable Button Basher (R2B2) at Defcon; it can work its way through every numeric screen-lock Android password in 19 hours. They built for for less than $200, including the 3D printed parts. It doesn't work on screen-patterns (they're working on that) nor on Ios devices (which exponentially increase the lockout times between unsuccessful password attempts). They're also whomping up new versions that can simulate screen-taps with electrodes, which will run much faster. They're also working on versions that can work against hotel-room safes, ATMs, and other PIN-pad devices. It's a good argument for a longer PIN (six-digit PINs take 80 days to crack), and for using robust and random PINs (26% of users use one of 20 PINs).
Read the rest
Defcon is an astounding hacker convention held annually in Las Vegas, and is known as an extraordinary environment in which spooks and hackers mix freely -- last year, the head of the NSA gave a keynote in which he called for cooperation between security professionals and America's spies. That cooperation is being paused, and may be coming to an end. In Feds, we need some time apart, a posting on the Defcon site, The Dark Tangent (AKA Jeff Moss -- Defcon's owner and hacker-in-chief) says:
For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.
When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year.
This will give everybody time to think about how we got here, and what comes next.
Read the rest
Here's Katy Levinson's semi-drunken robotics tutorial from DEFCON XX in Vegas this past summer. To get a sense of Levinson's presentation style, imagine if Bill Hicks was a young, female roboticist. Watch this presentation and you will learn that four-way linkages are pimp, bolts are zinc-plated turds, and all robots should wear sunglasses. Levinson's last gig was designing an autonomous robot for the aborted US lunar mission, and now she works to save Hacker Dojo, the embattled hackspace in Mountain View that incubated Pinterest.
By popular demand, Defcon's angry little roboticist is back with more stories of robot designs gone awry that make practical lessons on making better robots. Drinking will happen: vodka-absconding scoundrels are not invited.
This talk will cover material assuming the average audience member is a relatively intelligent coder with a high-school physics/math background and has seen linear algebra/calculus before. The intent is to navigate people new to robotics around many lessons my teams and I learned the "hard way," and to introduce enough vocabulary for a self-teaching student to bridge the gap between amateur and novice professional robotics. It will not cover why your Arduino doesn't work when you plugged your USB tx into your RS232 tx.
Katy Levinson Defcon 20 - Robots: You're Still Doing It Wrong
Brian Krebs interviews Joe Stewart, a security researcher
"who’s spent 18 months cataloging and tracking malicious software that was developed and deployed specifically for spying on governments, activists and industry executives." Speaking at Defcon in Las Vegas, Stewart says the "complexity and scope of these cyberspy networks now rivals many large conventional cybercrime operations. — Xeni
Many social games have measures to prevent cheating by mucking around with the date settings. But kids are too smart to be stopped that easily. PC Magazine's Sara Yin reports on a brilliant exploit discovered by CyFi, a 10 year-old Girl Scout who presented her findings at Defcon.
She began tinkering with the code after growing impatient with the game's slow place, and discovered that by disconnecting her phone from Wi-Fi and re-setting the clock forward in small increments, she could fast-forward many of the actions in the game, "a new class of vulnerabilities" she dubbed "TimeTraveler."
10-Year-Old Presents App Exploit at DefCon [PC Mag]