Tag Archives: ROC

[ISN] CarolinaCon-12 – March 2016 – FINAL ANNOUNCEMENT

Forwarded from: Vic Vandal CarolinaCon-12 will be held on March 4th-6th, 2016 in Raleigh NC. For the cheap price of $40 YOU could get a full weekend of talks, hacks, contests, and parties. Regarding the price increase to $40, it was forced due to ever-rising venue costs. But we promise to provide more value via; great talks, great side events, kickass new attendee badges, cool giveaways, etc. We’ve selected as many presentations as we can fit into the lineup. Here they are, in no particular order: – Mo Money Mo Problems: The Cashout – Benjamin Brown – Breaking Android apps for fun and profit – Bill Sempf – Gettin’ Vishy with it – Owen / Snide- @LinuxBlog – Buffer Overflows for x86, x86_64 and ARM – John F. Davis (Math 400) – Surprise! Everything can kill you. – fort – Advanced Reconnaissance Framework – Solray – Introducing PS>Attack, a portable PowerShell attack toolkit – Jared Haight – Reverse Engineer iOS apps because reasons – twinlol – FLOSS every day – automatically extracting obfuscated strings from malware – Moritz Raabe and William Ballenthin – John the Ripper sits in the next cubicle: Cracking passwords in a Corporate environment – Steve Passino – Dynamic Analysis with Windows Performance Toolkit – DeBuG (John deGruyter) – Deploying a Shadow Threat Intel Capability: Understanding YOUR Adversaries without Expensive Security Tools – grecs – AR Hacking: How to turn One Gun Into Five Guns – Deviant Ollam – Reporting for Hackers – Jon Molesa @th3mojo – Never Go Full Spectrum – Cyber Randy – I Am The Liquor – Jim Lahey CarolinaCon-12 Contests/Challenges/Events: – Capture The Flag – Crypto Challenge – Lockpicking Village – Hardware Hack-Shop – Hacker Trivia – Unofficial CC Shootout LODGING: If you’re traveling and wish to stay at the Con hotel here is the direct link to the CarolinaCon discount group rate: www.hilton.com/en/hi/groups/personalized/R/RDUNHHF-CCC-20160303/index.jhtml NOTE: The website defaults to March 3rd-6th instead of March 4th-6th and the group rate is no longer available on March 3rd. So make sure that you change the reservation dates to get the group rate. ATTENTION: The discount group rate on Hilton hotel rooms expires THIS weekend on JANUARY 31st 2016, so act quickly if you plan on staying at the hotel for all of the weekend fun and you want the group rate. CarolinaCon formal proceedings/talks will run; – 7pm to 11pm on Friday – 10am to 9pm on Saturday – 10am to 4pm on Sunday For presentation abstracts, speaker bios, the final schedule, side event information, and all the other exciting details (as they develop and as our webmaster gets to them) stay tuned to: www.carolinacon.org ADVERTISERS / VENDORS / SPONSORS: There are no advertisers, vendors, or sponsors allowed at CarolinaCon….ever. Please don’t waste your time or ours in asking. CarolinaCon has been Rated “M” for Mature. Peace, Vic




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] [THOTCON] Tickets and After Party Update

Forwarded from: THOTCON *** BEGIN THOTCON TRANSMISSION Greetings: The Call for Papers (CFP) has closed and we are now in the process of reading through a record number of entries. We are working very hard to make this the best con we’ve ever put on for you.  ICYMI: A few weeks ago we announced that the Chicago rock chip-tune band I Fight Dragons will be performing live at the THOTCON 0x7 After Party. This party/concert which is fully funded by our sponsors is open to all attendees of the conference. It will take place Friday, May 6th 2016 at 8:30pm (about 3 hours after the closing remarks). Tons of food, candy (a shit ton of it), and full open bar will be provided.  Tickets have been selling out at a record pace. The only level that remains available is General Admittance (GA) and as of the writing of this update only 358 tickets remain. When those tickets are gone, we will be 100% sold out. No more tickets will be issued.  Note: We do not sell tickets at the door, so please don’t wait. Get your tickets ASAP!!! The next announcement will be in early February when we announce the first batch of our speaker line up. 


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] DNC: Sanders campaign improperly accessed Clinton voter data

www.washingtonpost.com/politics/dnc-sanders-campaign-improperly-accessed-clinton-voter-data/2015/12/17/a2e2e14e-a522-11e5-b53d-972e2751f433_story.html By Rosalind S. Helderman, Anne Gearan and John Wagner The Washington Post December 17, 2015 Officials with the Democratic National Committee have accused the presidential campaign of Sen. Bernie Sanders of improperly accessing confidential voter information gathered by the rival campaign of Hillary Clinton, according to several party officials. Jeff Weaver, the Vermont senator’s campaign manager, acknowledged that a low-level staffer had viewed the information but blamed a software vendor hired by the DNC for a glitch that allowed access. Weaver said one Sanders staffer was fired over the incident. The discovery sparked alarm at the DNC, which promptly shut off the Sanders campaign’s access to the strategically crucial list of likely Democratic voters. The DNC maintains the master list and rents it to national and state campaigns, which then add their own, proprietary information gathered by field workers and volunteers. Firewalls are supposed to prevent campaigns from viewing data gathered by their rivals. NGP VAN, the vendor that handles the master file, said the incident occurred Wednesday while a patch was being applied to the software. The process briefly opened a window into proprietary information from other campaigns, said the company’s chief, Stu Trevelyan. He said a full audit will be conducted. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Global Payments to Buy Heartland for $4.3 Billion

www.bankinfosecurity.com/global-payments-to-buy-heartland-for-43-billion-a-8753 By Tracy Kitten @FraudBlogger Bank Info Security December 16, 2015 Two leading payments processors that each suffered massive data breaches are consolidating. Atlanta-based Global Payments Inc. plans to buy its smaller rival, Princeton, N.J.-based Heartland Payment Systems Inc., for $4.3 billion. The deal that is expected to close during the fiscal fourth quarter ending May 31, 2016. Industry observers are weighing in on whether the merged companies will successfully build a strong culture of security. “Heartland really took its breach to heart and was one of the best examples of how to learn from such an event and turn it into a leadership opportunity,” says Al Pascual, director of fraud and security at Javelin Strategy & Research. “I give the CEO [Bob Carr] a lot of credit for that. Global Payments was quite the opposite, with one of the least transparent breach events in the payments industry. I’m hoping the security culture of Heartland becomes the dominant one.” But Tom Wills, managing director of payments security consultancy Secure Strategies, says it could be difficult for the new company created through the merger to improve security. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hello Barbie controversy re-ignited with insecurity claims

www.theregister.co.uk/2015/11/29/hello_barbie_controversy_reignited_with_insecurity_claims/ By Richard Chirgwin The Register 29 Nov 2015 Back in February, The Register queried the security and privacy implications of Mattel’s “Hello Barbie”, and now the doll has hit the shelves, a prominent security researcher has turned up the first security problems with the toy. After an initial flurry of concern, the issue went quiet, but last Friday Matt Jakubowski (formerly of Trustwave’s SpiderLabs) reignited it by extracting Wi-Fi network names, account IDs, and MP3 files from the toy. That brought a defensive response from Oren Jacob, CEO of ToyTalk (which provides the cloud processing chunk of Hello Barbie). He called Jakubowski an “enthusiastic researcher”, said the data is “already available” to customers, and “no major security or privacy protections have been compromised”. While it’s probably easier to get an SSID by standing outside a house and letting it pop up on your phone’s Wi-Fi connection list, an account ID is another matter, since all an attacker needs is to get a password and they have access to the Hello Barbie account. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] US Still Doesn’t Know Who’s In Charge of What If Massive Cyber Attack Strikes Nation

www.defenseone.com/threats/2015/11/us-still-doesnt-know-whos-charge-if-massive-cyber-attack-strikes-nation/123377/ BY PATRICK TUCKER Defense One NOVEMBER 3, 2015 The threat of a massive cyber attack on civilian infrastructure, leading to loss of life and perhaps billions in damages, has kept lawmakers on edge since before former Defense Secretary Leon Panetta warned of it back in 2012 (or the fourth Die Hard movie in 2007). Many experts believe that a sneak attack would be highly unlikely. The Department of Homeland Security has the lead in responding to most cyber attacks. But if one were to occur today, DHS and the Defense Department wouldn’t know all the details of who is in charge of what. The Department of Defense Cyber Strategy, published in April, carves out a clear role for the military and Cyber Command in responding to any sort of cyber attack of “significant consequence,” supporting DHS. Specifically, the strategy tasks the 13 different National Mission Force teams, cyber teams set up to defend the the United States and its interests from attacks of significant consequence, with carrying out exercises with other agencies and setting up emergency procedures. It’s the third strategic goal in the strategy. It’s also “probably the one that’s the least developed at this – at this point,” Lt. Gen. James K. McLaughlin, the deputy commander of U.S. Cyber Command, said at a Center for Strategic and International Studies event last month. He went on to describe the role that the military would play in such an event as “building the quick reaction forces and the capacity to defend the broader United States against an attack.” It’s something that the Defense Department, the Department of Homeland Security and the FBI and other agency partners all train for together in events like the Cyber Guard exercises, the most recent of which took place in July. The Defense Department, DHS and others worked through a series of scenarios related to a major attack on infrastructure. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ProtonMail taken down by ‘extremely powerful DDoS attack’

www.computing.co.uk/ctg/news/2433469/protonmail-taken-down-by-extremely-powerful-ddos-attack By John Leonard computing.co.uk 05 Nov 2015 ProtonMail, the Geneva-based encrypted email service that was developed by CERN scientists, was taken off line on Tuesday November 3rd by what the company describes as an “extrememly powerful DDoS attack”. At time of writing the service was still offline. Writing in a blog, CEO Andy Yen says: “The attackers began by flooding our IP addresses. That quickly expanded to the datacenter in Switzerland where we have our servers. In the process of attacking us, several other tech companies and even some banks were knocked offline temporarily.” Yen continues: “Despite our best efforts, we have been unable to stop the attack but we are working non-stop to get back online.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] A New Material Promises NSA-Proof Wallpaper

www.defenseone.com/technology/2015/10/new-material-promises-nsa-proof-wallpaper/123066/ By PATRICK TUCKER defenseone.com OCTOBER 23, 2015 Your next tinfoil hat will won’t be made of tinfoil. A small company called Conductive Composites out of Utah has developed a flexible material — thin and tough enough for wallpaper or woven fabric — that can keep electronic emissions in and electromagnetic pulses out. There are a few ways to snoop on electronic communications. You can hack into a network or you can sniff out radio emissions. If you want to defend against the latter, you can enclose your electronic device or devices within a structure of electrically conductive, (probably metallic) material. The result is something like a force field. The conductive material distributes the electromagnetic energy away from the target in every direction — think of the *splat* you get when you hurl a tomato at a wall. These enclosures are sometimes called Faraday cages after the 18th-century British scientist who discovered electrolysis. Today, Faraday cages are all over the place. In 2013, as the College of Cardinals convened to elect a new Pope, the Vatican’s Sistine Chapel was converted into a Faraday cage so that news of the election couldn’t leak out, no matter how hard the paparazzi tried, and how eager the cardinals were to tweet the proceedings. The military also uses Faraday cages for secure communications: Sensitive Compartmented Information Facilities or SCIFs are Faraday cages. You’ll need to be in one to access the Joint Worldwide Intelligence Communication System, or JWICS, the Defense Department’s top-secret internet. Conductive Composites has created a method to layer nickel on carbon to form a material that’s light and moldable like plastic yet can disperse energy like a traditional metal cage. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail