defcon

Adversarial Fashion: clothes designed to confuse license-plate readers

Adversarial Fashions have a line of clothes (jackets, tees, hoodies, dresses, skirts, etc) designed to confound automated license-plate readers; one line is tiled with fake license plates that spell out the Fourth Amendment (!); the designers presented at Defcon this year. (via JWZ) Read the rest

Security researcher cracks high-security lock used for ATMs, Air Force One, military bases

At this year's Defcon Lock Picking Village, Ioactive's Mike Davis will present a method for cracking high-security locks made by Dormakaba Holding, a Swiss company. The locks are used in very high-stake applications, from security ATMs to Air Force One, as well as guarding classified and sensitive materials on US military bases. Read the rest

Malware-packing Chinese lady who hacked her way into Trump's Florida Mar-a-Lago now faces federal charges

Yujing Zhang hacked her way into Donald Trump's private Florida club Mar-A-Lago with social engineering skills any self-respecting DEFCON or HOPE attendee would recognize. Read the rest

What ephemeral messaging is good for

A few years ago, a friend of mine, Nico Sell (who runs the Defcon kids' programming track r00tz) asked me to join the advisory board for her startup, Wickr, which does "ephemeral messaging," a subject that is greatly in the news with Facebook's recent announcement of a new kind of "ephemeral messaging" option. Read the rest

Ebay is full of used voting machines full of real electoral data and riddled with security defects

Back in 2012, Symantec researcher Bryan Varner bought some used US voting machines on Ebay and found them to be incredibly insecure and full of real, sensitive election data; in 2016, he did it again and things were even worse. Read the rest

MC Frontalot's new album: OG nerdcore looks in horror and asks "What hath we wrought?"

MC Frontalot (previously) is one of the OGs of nerdcore hiphop, bringing out huge crowds of fans for his music all over the world (I once caught him doing a show in North London at which a young man showed up in full Frontalot cosplay; I've also seen him perform for packed houses at Defcon). Read the rest

Defcon Voting Village report shows that hacking voting machines takes less time than voting

Every year, security researchers gather at Defcon's Voting Village to probe voting machines and report on the longstanding, systematic security problems with them, in order to give secure voting advocates the ammunition they need to convince Congress and local officials to take action into improve America's voting security. Read the rest

Join me and the Electronic Frontier Foundation today for a Reddit AMA about how copyright law can censor security research

Have you ever wanted to talk with the Electronic Frontier Foundation about the risks of talking in public about security issues, especially in connected Internet of Things devices? Today, you'll get your chance. Read the rest

Truthful security disclosures should always be legal. Period.

After a week of blockbuster security revelations from Defcon it's important to take a step back and address the ongoing battle by companies to seize a veto over who can reveal defects in their products. Read the rest

Insecure medical equipment protocols let attackers spoof diagnostic information

Douglas McKee of McAffee presented his research into the security of medical diagnostic equipment at last week's Defcon conference in Las Vegas. Read the rest

Predatory journals aren't just a scam: they're also how quacks and corporate shills sciencewash their bullshit

Inside the Fake Science Factory (German/English subtitles) documents Svea Eckert and team's years of investigation into predatory journals and the criminals behind them. Read the rest

11-year-old hacks replica of Florida's state election website in less than ten minutes

Can we please have paper ballots nationwide?

Last week at DEFCON 26 in Las Vegas, eleven-year-old Emmett Brewer hacked into a replica of Florida's state election site and changed the voting results. That's scary enough. What's even scarier is that it took him less than ten minutes. An eleven-year-old girl was able to hack into the same site in about fifteen minutes. And more than THIRTY kids were able to hack into replicas of other states' sites in less than half an hour.

That is straight up alarming and you'd think the folks in charge of our state and federal elections would be concerned about this and want to take immediate action. That would be the normal reaction. But we're a long way from normal.

In a statement regarding the event, the National Association of Secretaries of State said it is “ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections.” But the organization expressed skepticism over the hackers’ abilities to access the actual state websites.

“It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols,” it read. “While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.”’

I'm sure we'll be fine, though. Read the rest

Hackers find exploitable vulnerabilities in Amazon Echo, turn one into a listening device

At Defcon, Tencent's Wu HuiYu and Qian Wenxiang presented Breaking Smart Speakers: We are Listening to You, detailing their work in successfully exploiting an Amazon Alexa speaker, albeit in a very difficult-to-achieve fashion. Read the rest

The eminently hackable police bodycam

Josh Mitchell's Defcon presentation analyzes the security of five popular brands of police bodycams (Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc) and reveals that they are universally terrible, though the Digital Ally models are the least bad of the batch, as Wired's Lily Hay Newman reports. Read the rest

Stylistic analysis can de-anonymize code, even compiled code

A presentation today at Defcon from Drexel computer science prof Rachel Greenstadt and GWU computer sicence prof Aylin Caliskan builds on the pair's earlier work in identifying the authors of software and shows that they can, with a high degree of accuracy, identify the anonymous author of software, whether in source-code or binary form. Read the rest

Hackers can force airbags to deploy

Common Vulnerabilities and Exposures number 2017-14937: in unspecified post-2014 passenger car models, the explosive charge that deploys the airbag is controlled by an instruction that is secured by one of only 256 keypairs, and there is no rate-limit on authentication attempts over the CAN bus. It gets better! "In addition, at least one manufacturer's interpretation of the ISO 26021 standard is that it must be possible to calculate the key directly (i.e., the other 255 key pairs must not be used)." Read the rest

How do you dump the firmware from a "secure" voting machine? With a $15 open source hardware board

One of the highlights of this year's Defcon conference in Vegas was the Voting Machine Hacking Village, where security researchers tore apart the "secure" voting machines America trusts its democracy to. Read the rest

Next page

:)