DEF CON in the news

**TheCotMan** · September 6, 2011, 20:16

Re: DEF CON in the news

Originally posted by HighWiz

Here's what Google said:

https://www.defcon-switzerland.org/cms/

Thanks HighWiz!

URL=Multifunction printers may threaten network security byTJD, GMA News, on 09/06/2011 at 07:11 PM

Originally posted by URL

...
Security researcher Deral Heiland demonstrated various ways to compromise Internet-ready consumer-grade multifunction printers, according to an article posted on PC World.

In a talk at this summer’s DefCon 19 conference, he said vulnerable devices included include printers that can scan to a file, scan to email, and fax documents.
...
At DefCon 19, Heiland demonstrated changing the default Toshiba printer password from 123456 to something unique will not deter a criminal, who can simply add an extra backslash to the URL to gain administrator access to the device.
...

**Bbox** · September 7, 2011, 07:19

Re: DEF CON in the news

Originally posted by TheCotMan

Defcon Switzerland

I thought I would also just mention that they had really nice post cards they were distributing around Def Con 19 and were doing their best to promote their local Def Con chapter. It is amayzing to see the range Defcon has all over the world.

**TheCotMan** · September 27, 2011, 15:23

Re: DEF CON in the news

Defcon mentioned in story about a conference called "GrrrCon":

URL1=SSL authenticity evolution by David Schwartzberg on September 27, 2011

Originally posted by URL1

Moxie Marlinspike kicked off the event with his keynote presentation titled "SSL And The Future Of Authenticity."

He gave the same presentation at DEFCON, which my colleague Chester Wisniewski detailed in a fascinating article last month.
...

Visit their article to read more, but it is mostly about the same presentation at Defcon.

**TheCotMan** · September 30, 2011, 18:51

Re: DEF CON in the news

Metasploit Gets Covert Forensics And PXE Boot Attack Capabilities By John H. Sawyer, Sep 09, 2011 | 04:52 PM, Dark Reading
(New Metasploit modules released during the Vegas security conferences add cool, new features, like covert forensics and PXE boot pwnage)

Originally posted by URL1

Black Hat USA and DefCon bring a wealth of knowledge, new tools, and updates to old favorites. One thing that is often disappointing is that tools are released and nothing ever happens to further development. I attended several Metasploit-related talks, but I think it was during HD Moore's talk at BSides Las Vegas where I heard it said that if it makes it into Metasploit, it has to be maintained. That's great news because there have been some awesome, independently developed Metasploit modules released in Vegas that have since been included within the Metasploit Framework.

...

**TheCotMan** · October 3, 2011, 21:56

Re: DEF CON in the news

URL1=The future of malware by Jeff Vance (Network World), 03 October, 2011 21:32.

Originally posted by URL1

During the Black Hat and Defcon conferences in early August, researchers demonstrated a number of disturbing attack scenarios. One particularly scary hack showcased the possibility of hijacking a car. Hackers could disable the alarm, unlock its doors and remotely start it through text messages sent over cell phone links to wireless devices in the vehicle.

**TheCotMan** · October 10, 2011, 19:42

Re: DEF CON in the news

URL1=Techski: A simple experiment easily bypasses UCLA login protection levels By DAMIEN SUTEVSKI
Published October 10, 2011, 1:35 am

Originally posted by URL1

With only his last name, university ID number and birth date, I reset and changed a friend’s password to gain access to his UCLA law school email account Thursday.
...
While researching this column, I attended DEF CON, an annual hacker convention, in Las Vegas this summer. The convention scared me into caring about online security.

So I decided to check it out. I asked my friend Ben Shea, a first-year law student, for consent to “hack” his email account.
...

More details on what happened when the issues was found, motives for abusing stolen accounts, what has been done since then, and what is planned in the future.

**TheCotMan** · October 13, 2011, 15:30

Re: DEF CON in the news

Access to forums was fixed about one hour ago by Jeff when he worked on the firewall.

Access to most https-content at *.defcon.org was leading to timeout and eventually temporary blacklisting, denying access to http-only content.
Visiting the main page at http://www.defcon.org/ would work fine from browsers not using javascript, but those that used javascript would see a request in a served document to grab content from https://forum.defcon.org/ which could blacklist your for a while if followed. This loss of access to the forums and other https-only content lasted about 24 hours.

If you see problems like this, please let us know.

URL=Former HBGary Federal CEO Barr Regroups After Anonymous: By Jeremy Kirk, IDG News (Oct 13, 2011)

Originally posted by URL

[Aaron Barr] was scheduled to appear on a panel at the Defcon security conference in Las Vegas in August, but was prohibited from doing so at the request of his former employer. The reason, Barr said, is that his employer was afraid it might "stir the hornet's nest and they might attack again."

"I just kind of wanted to rip off the scab, deal with the issue and show people, 'listen this conversation can happen' between me and a group that attacked me," Barr said. "I may not want to drink a beer with them, but we can get through this."

This story is mostly not about Defcon.

**TheCotMan** · October 26, 2011, 20:23

Re: DEF CON in the news

URL1=Scaling the Firewall

Originally posted by URL1

Scaling the Firewall

Vermont's Pwnie Express sells a powerful new tool for cyber-security experts — and hackers
By Ken Picard [10.26.11]
...
Hacker Jeff Moss, aka “The Dark Tangent,” founded two of the world’s largest hacker conventions, Black Hat Technical Security Conference and DEF CON Hacking Conference. In recent years, these annual events have morphed into recruitment grounds for cyber-security experts working at the FBI, CIA, NSA and Pentagon.
...

More about Defcon in link to story.

**TheCotMan** · November 7, 2011, 13:29

Re: DEF CON in the news

URL1=College Notes for Nov. 7, 2011 Posted: Monday, November 7, 2011 12:00 am

(One of many stories, poorly formatted in the on-line new article. I've added "Bold" to highlight what is probably this article's title)

Originally posted by URL1

Students honored for hacking computers

Not only did four computer science students walk away with the top prize from their first computer hacking competition, but they also were awarded for outsmarting the judges.

Undergraduate students Austin Whipple and Tobias Kin Hou Lei and graduate students Kimball Germane and Scott Ruoti teamed up to test their hacking skills.

CTF, or capture the flag, competitions are hosted voluntarily throughout the year by schools, companies or other large groups. This competition was hosted by organizations interested in promoting STEM (science, technology, engineering and math) and all high school to graduate level students were eligible.

With a blue ribbon to BYU's name, the students were awarded paid entries to the DEF CON competition in Las Vegas, and a trip to Orlando to be recognized at The Security Congress (IC2) conference. IC2 is a worldwide information security group that certifies information security professionals.

Related:
* http://www.heraldextra.com/news/loca...3c58ff85e.html
* http://news.byu.edu/archive11-nov-hacking.aspx
* http://www.ldschurchnews.com/article...ity-award.html

Just to be clear, this was not the Defcon CTF, or Defcon OCTF. This was a different CTF: http://www.mitrestemctf.org/home/ctf

**TheCotMan** · November 14, 2011, 14:22

Re: DEF CON in the news

URL1=Darpa’s New ‘Fast Track’ Okays Hacker Projects in Just Seven Days: By Dawn Lim, November 14, 2011 @ 3:00 pm

Originally posted by URL1

It’s an open secret: For years, hackers and feds have been strange bedfellows in the mission to defend military networks. Three-letter agencies set up recruiting booths with schwag at security conferences like Black Hat, and feds party it up with the computer nerds at the so-called “underground hacking conference” DefCon after enlisting intelligence help.

Darpa, with the help of former hacker Peiter “Mudge” Zatko, wants to find a way for the government make that alliance even easier....

**TheCotMan** · November 15, 2011, 14:26

Re: DEF CON in the news

URL1=Occupy the Airwaves: Will Anonymous hijack TV and radio stations? Darlene Storm, November 15, 2011 - 11:42 A.M.

Originally posted by URL1

The Occupy movement may move to occupying the airwaves by hackers hijacking radio and TV stations to broadcast their message across the country. The potential plan to Occupy the Airwaves was reported ABC7News after interviewing a hacker and computer expert called "Jake" aka "Secret Squirrel." Jake's plan would be to hack into the FEMA Emergency Alert System (EAS) with a pro-Occupy movement message from Anonymous.

...

There has been a video on the subject since Matt "DCFLuX" Krick presented it at DefCon 16 in 2006, so it's hardly new but certainly attention-grabbing. Jake was "inspired" by V for Vendetta as was the creative hack by the V for Vendetta hacker who hijacked the projector system to broadcast his message at Washington State University, urging students to "Remember, Remember, the Fifth of November." In fact, it reminds me a bit of Live Free or Die Hard or at least some of the projects that have come out of it.

Jake was previously "convicted of causing damage...

...

**TheCotMan** · November 16, 2011, 10:02

Re: DEF CON in the news

Jeff and Defcon mentioned in this article:

URL1=Charlie Miller's Punishment By Apple Tests A Complex Relationship, 11/16/11 11:47 AM, By Gerry Smith:

Originally posted by URL1

...
... After Miller publicly disclosed a flaw in Apple's App Store, Apple punished him by revoking his app developer's license.

...

"Anything that stifles their willingness to come forward is going to hurt the public good," said Jeff Moss, founder of the Black Hat and DefCon hacker conferences in Las Vegas. "It's one less place to get insight on the quality of the product."

...

"If researchers don’t go public, things don’t get fixed," said Bruce Schneier, a security expert who has written several books on the subject. "Companies don't see it as a security problem; they see it as a PR problem. And if there's no PR problem, it'll never be a priority.”

...

But publicly disclosing security flaws can be risky, triggering hostile responses both from embarrassed companies and law enforcement. In 2001, the FBI arrested security researcher Dmitry Sklyarov at his hotel in Las Vegas, the day after he disclosed a bug in Adobe's PDF format at the DefCon hacker conference. He was charged with violating the Digital Millennium Copyright Act.

...

There is more in the story, and other people are quoted. The two spaces where Defcon appears in the article are quoted above.

**TheCotMan** · January 30, 2012, 21:10

Re: DEF CON in the news

URL1=http://www.nextgov.com/nextgov/ng_20120130_9449.php

Originally posted by url1

Feds need to start thinking like hackers
By Aliya Sternstein 01/30/2012

...
There's no product that can prevent hackers from plastering passwords and usernames on the Web, security experts warn. "You can't just throw technology at the problem. You can't just say we need more people . . . you have to think like a hacker," says Rasch...
...
Partly for recruitment, federal officials last summer visited kids at the annual hacker conference DEF CON in Las Vegas to encourage them to use their password cracking powers for the greater good.
...

**TheCotMan** · February 1, 2012, 15:09

Re: DEF CON in the news

URL1=http://dvice.com/archives/2012/02/darpa-wants-to-3.php

Originally posted by URL1

DARPA's F-BOMB is a disposable spy machine drones could drop, Eileen Marable
@ 11:49AM on Feb 1, 2012

DARPA has recently awarded a grant to a young security researcher to continue development of a viable spy computer so cheap it can be trashed after one use. Called the F-BOMB — the Falling- or Ballistically-launched Object that Makes Backdoors — is built from commercially available parts and can be assembled for about $50.
...
O'Connor is no stranger to DARPA projects, having worked for one of their contractors, and as a graduate student at John Hopkins' sensor research lab. He notes his inspiration for the F-BOMB came from last summer's hacker conference, Defcon, where he attended talks on firing camera projectiles and aerial surveillance platforms.
...

**TheCotMan** · March 8, 2012, 17:18

Re: DEF CON in the news

"Revenge: LulzSec Supporters Claim To Dump Symantec AV Source Code, Hack Vatican"
"(Wave of high-profile retribution attacks in the wake of arrests of LulzSec hackers and its leader's secret work for the FBI -- and new developments with three of the suspects)"
Mar 08, 2012 | 05:04 PM | By Kelly Jackson Higgins , Dark Reading

URL1=http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/232602284/revenge-lulzsec-supporters-claim-to-dump-symantec-av-source-code-hack-vatican.html

Originally posted by URL1

... Hammond, who is charged with allegedly hacking Stratfor, ... was a featured speaker at DefCon12 in 2004, ... controversial talk on electronic civil disobedience ... that included invoking physical violence. He went by "CrimetheInc" ...

His talk elicited protests from the audience when he called for people to disrupt the Republican National Convention at Madison Square Garden, including shutting off power to Madison Square Garden and shutting down charter buses for the convention. A DefCon official stepped up to the podium after Hammond said, "Let them call us terrorists: I'll still bomb their buildings."

The DefCon official noted that the conference neither condoned nor associated with violent and illegal acts, and that in the eyes of law enforcement, these actions would be considered terrorism.

DEF CON in the news

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment