Tag Archives: process

[ISN] [THOTCON] Tickets and After Party Update

Forwarded from: THOTCON *** BEGIN THOTCON TRANSMISSION Greetings: The Call for Papers (CFP) has closed and we are now in the process of reading through a record number of entries. We are working very hard to make this the best con we’ve ever put on for you.  ICYMI: A few weeks ago we announced that the Chicago rock chip-tune band I Fight Dragons will be performing live at the THOTCON 0x7 After Party. This party/concert which is fully funded by our sponsors is open to all attendees of the conference. It will take place Friday, May 6th 2016 at 8:30pm (about 3 hours after the closing remarks). Tons of food, candy (a shit ton of it), and full open bar will be provided.  Tickets have been selling out at a record pace. The only level that remains available is General Admittance (GA) and as of the writing of this update only 358 tickets remain. When those tickets are gone, we will be 100% sold out. No more tickets will be issued.  Note: We do not sell tickets at the door, so please don’t wait. Get your tickets ASAP!!! The next announcement will be in early February when we announce the first batch of our speaker line up. 




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] DNC: Sanders campaign improperly accessed Clinton voter data

www.washingtonpost.com/politics/dnc-sanders-campaign-improperly-accessed-clinton-voter-data/2015/12/17/a2e2e14e-a522-11e5-b53d-972e2751f433_story.html By Rosalind S. Helderman, Anne Gearan and John Wagner The Washington Post December 17, 2015 Officials with the Democratic National Committee have accused the presidential campaign of Sen. Bernie Sanders of improperly accessing confidential voter information gathered by the rival campaign of Hillary Clinton, according to several party officials. Jeff Weaver, the Vermont senator’s campaign manager, acknowledged that a low-level staffer had viewed the information but blamed a software vendor hired by the DNC for a glitch that allowed access. Weaver said one Sanders staffer was fired over the incident. The discovery sparked alarm at the DNC, which promptly shut off the Sanders campaign’s access to the strategically crucial list of likely Democratic voters. The DNC maintains the master list and rents it to national and state campaigns, which then add their own, proprietary information gathered by field workers and volunteers. Firewalls are supposed to prevent campaigns from viewing data gathered by their rivals. NGP VAN, the vendor that handles the master file, said the incident occurred Wednesday while a patch was being applied to the software. The process briefly opened a window into proprietary information from other campaigns, said the company’s chief, Stu Trevelyan. He said a full audit will be conducted. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Global Payments to Buy Heartland for $4.3 Billion

www.bankinfosecurity.com/global-payments-to-buy-heartland-for-43-billion-a-8753 By Tracy Kitten @FraudBlogger Bank Info Security December 16, 2015 Two leading payments processors that each suffered massive data breaches are consolidating. Atlanta-based Global Payments Inc. plans to buy its smaller rival, Princeton, N.J.-based Heartland Payment Systems Inc., for $4.3 billion. The deal that is expected to close during the fiscal fourth quarter ending May 31, 2016. Industry observers are weighing in on whether the merged companies will successfully build a strong culture of security. “Heartland really took its breach to heart and was one of the best examples of how to learn from such an event and turn it into a leadership opportunity,” says Al Pascual, director of fraud and security at Javelin Strategy & Research. “I give the CEO [Bob Carr] a lot of credit for that. Global Payments was quite the opposite, with one of the least transparent breach events in the payments industry. I’m hoping the security culture of Heartland becomes the dominant one.” But Tom Wills, managing director of payments security consultancy Secure Strategies, says it could be difficult for the new company created through the merger to improve security. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hello Barbie controversy re-ignited with insecurity claims

www.theregister.co.uk/2015/11/29/hello_barbie_controversy_reignited_with_insecurity_claims/ By Richard Chirgwin The Register 29 Nov 2015 Back in February, The Register queried the security and privacy implications of Mattel’s “Hello Barbie”, and now the doll has hit the shelves, a prominent security researcher has turned up the first security problems with the toy. After an initial flurry of concern, the issue went quiet, but last Friday Matt Jakubowski (formerly of Trustwave’s SpiderLabs) reignited it by extracting Wi-Fi network names, account IDs, and MP3 files from the toy. That brought a defensive response from Oren Jacob, CEO of ToyTalk (which provides the cloud processing chunk of Hello Barbie). He called Jakubowski an “enthusiastic researcher”, said the data is “already available” to customers, and “no major security or privacy protections have been compromised”. While it’s probably easier to get an SSID by standing outside a house and letting it pop up on your phone’s Wi-Fi connection list, an account ID is another matter, since all an attacker needs is to get a password and they have access to the Hello Barbie account. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ProtonMail taken down by ‘extremely powerful DDoS attack’

www.computing.co.uk/ctg/news/2433469/protonmail-taken-down-by-extremely-powerful-ddos-attack By John Leonard computing.co.uk 05 Nov 2015 ProtonMail, the Geneva-based encrypted email service that was developed by CERN scientists, was taken off line on Tuesday November 3rd by what the company describes as an “extrememly powerful DDoS attack”. At time of writing the service was still offline. Writing in a blog, CEO Andy Yen says: “The attackers began by flooding our IP addresses. That quickly expanded to the datacenter in Switzerland where we have our servers. In the process of attacking us, several other tech companies and even some banks were knocked offline temporarily.” Yen continues: “Despite our best efforts, we have been unable to stop the attack but we are working non-stop to get back online.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] HACKFEST 2015 – REGISTRATION & TRAININGS

HACKFEST 2015 – REGISTRATION & TRAININGS Hackfest 2015, November 6-7th Quebec City, Canada www.hackfest.ca REGISTRATION Online registration close on November 1st. – Current price is 80$CAD+tx  – Register in group to have a discount – Register now: www.hackfest.ca/en/register TRAININGS We have interesting trainings offered at Hackfest in Quebec city, Canada this year.   The price also includes admission to talks. NOVEMBER 5th Hunting Linux malware for fun and $flags Server-side Linux malware is a real threat now. Unfortunately, as for its Windows counterpart, most system administrators are inadequately trained or don’t have enough time allocated by their management to analyze and understand the threats that their infrastructures are facing. This tutorial aims at creating an environment where Linux professionals have the opportunity to study such threats safely and in a time-effective fashion. In this introductory tutorial you will learn to fight real-world Linux malware that targets server environments. Attendees will have to find malicious processes and concealed backdoors in a compromised Web server. In order to make the tutorial accessible for a range of skill levels several examples of malware will be used with increasing layers of complexity — from scripts to ELF binaries with varying degrees of obfuscation. Additionally, as is common in Capture-The-Flag information security competitions, flags will be hidden throughout the environment for attendees to find. Skills to acquire: * Live system incident response and forensics using Linux’s standard tools * System hardening * Introduction to reverse-engineering obfuscated scripts and binaries Price: * 150$ Regular (ID required) * 75$ Student (ID & Student proof required) Presented by: Olivier Bilodeau and Marc-Etienne M.Léveillé both are malware researchers at ESET Montreal Register now :http://www.hackfest.ca/en/training/hunting_linux_malware_for_fun_and_flags- 2015


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Highly personal data for 15 million T-Mobile applicants stolen by hackers

http://arstechnica.com/security/2015/10/highly-personal-data-for-15-million-t-mobile-applicants-stolen-by-hackers/ By Dan Goodin Ars Technica Oct 1, 2015 Hackers broke into a server and made off with names, driver license numbers, and other personal information belonging to more than 15 million US consumers who applied for cellular service from T-Mobile. The breach was the result of an attack on a database maintained by credit-reporting service Experian, which was contracted to process credit applications for T-Mobile customers, T-Mobile CEO John Legere said in a statement posted online. The investigation into the hack has yet to be completed, but so far the compromise is known to affect people who applied for T-Mobile service from September 1, 2013 through September 16 of this year. It’s at least the third data breach to affect Experian disclosed since March 2013. “Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian, but right now my top concern and first focus is assisting any and all consumers affected,” Legere wrote. “I take our customer and prospective customer privacy VERY seriously. This is no small issue for us. I do want to assure our customers that neither T-Mobile’s systems nor network were part of this intrusion and this did not involve any payment card numbers or bank account information.” According to a FAQ posted by Experian, the breach involved an Experian server storing data for people who applied for T-Mobile USA postpaid services. Company officials discovered the unauthorized access on September 15. The records contained names, addresses, social security numbers, birth dates, and passport numbers, military IDs, or driver license numbers. Experian said the social security and ID numbers were encrypted but that company investigators have determined the encryption may have been compromised. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Salted Hash: Live from DerbyCon 5.0 (Day 1)

http://www.csoonline.com/article/2986763/security-awareness/salted-hash-live-from-derbycon-5-0-day-1.html By Steve Ragan Salted Hash CSO Online Sept 25, 2015 DerbyCon 5.0 has officially started, and it didn’t take long before the halls were flooded with hackers looking to catch-up with their peers as they headed to the first talk of the day. On Thursday, I had the chance to catch-up with a number of people who resonated with the thought process of yesterday’s post. The point being, insider threats aren’t what you think they are, and the core issue isn’t a malicious user – it’s a clueless user. In addition, when dealing with insider-based issues, policies that prohibit or hinder workflow will create more problems than they solve. Today, the topic is threat intelligence. I learned something interesting recently, if you gather a group of hackers and researchers around a table and ask them to define threat intelligence, the conversation will quickly spins into a rage fueled discussion about sales-driven security (meaning InfoSec products that are pitched and sold with no real security value). […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail