Tag Archives: selected

[ISN] CarolinaCon-12 – March 2016 – FINAL ANNOUNCEMENT

Forwarded from: Vic Vandal CarolinaCon-12 will be held on March 4th-6th, 2016 in Raleigh NC. For the cheap price of $40 YOU could get a full weekend of talks, hacks, contests, and parties. Regarding the price increase to $40, it was forced due to ever-rising venue costs. But we promise to provide more value via; great talks, great side events, kickass new attendee badges, cool giveaways, etc. We’ve selected as many presentations as we can fit into the lineup. Here they are, in no particular order: – Mo Money Mo Problems: The Cashout – Benjamin Brown – Breaking Android apps for fun and profit – Bill Sempf – Gettin’ Vishy with it – Owen / Snide- @LinuxBlog – Buffer Overflows for x86, x86_64 and ARM – John F. Davis (Math 400) – Surprise! Everything can kill you. – fort – Advanced Reconnaissance Framework – Solray – Introducing PS>Attack, a portable PowerShell attack toolkit – Jared Haight – Reverse Engineer iOS apps because reasons – twinlol – FLOSS every day – automatically extracting obfuscated strings from malware – Moritz Raabe and William Ballenthin – John the Ripper sits in the next cubicle: Cracking passwords in a Corporate environment – Steve Passino – Dynamic Analysis with Windows Performance Toolkit – DeBuG (John deGruyter) – Deploying a Shadow Threat Intel Capability: Understanding YOUR Adversaries without Expensive Security Tools – grecs – AR Hacking: How to turn One Gun Into Five Guns – Deviant Ollam – Reporting for Hackers – Jon Molesa @th3mojo – Never Go Full Spectrum – Cyber Randy – I Am The Liquor – Jim Lahey CarolinaCon-12 Contests/Challenges/Events: – Capture The Flag – Crypto Challenge – Lockpicking Village – Hardware Hack-Shop – Hacker Trivia – Unofficial CC Shootout LODGING: If you’re traveling and wish to stay at the Con hotel here is the direct link to the CarolinaCon discount group rate: www.hilton.com/en/hi/groups/personalized/R/RDUNHHF-CCC-20160303/index.jhtml NOTE: The website defaults to March 3rd-6th instead of March 4th-6th and the group rate is no longer available on March 3rd. So make sure that you change the reservation dates to get the group rate. ATTENTION: The discount group rate on Hilton hotel rooms expires THIS weekend on JANUARY 31st 2016, so act quickly if you plan on staying at the hotel for all of the weekend fun and you want the group rate. CarolinaCon formal proceedings/talks will run; – 7pm to 11pm on Friday – 10am to 9pm on Saturday – 10am to 4pm on Sunday For presentation abstracts, speaker bios, the final schedule, side event information, and all the other exciting details (as they develop and as our webmaster gets to them) stay tuned to: www.carolinacon.org ADVERTISERS / VENDORS / SPONSORS: There are no advertisers, vendors, or sponsors allowed at CarolinaCon….ever. Please don’t waste your time or ours in asking. CarolinaCon has been Rated “M” for Mature. Peace, Vic




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Korean Log-in Security Questions ‘Too Easy’

http://english.chosun.com/site/data/html_dir/2015/05/22/2015052201606.html Chosun.com May 22, 2015 Internet users in Korea are notoriously more exposed to security risks than their counterparts in other countries, partly because their password hints are too easy to guess, Google analysis released Thursday shows. The search giant analyzed security questions selected by the users around the world to help them when they forget the password. According to the analysis, a majority of Korean users selected too-easy-to-guess questions like “the city where you were born” and “what’s your favorite food.” If a hacker tries 10 times to crack the password, their chances of guessing the right answer are 39 percent and 43 percent. If “Seoul” is the answer to the birthplace question, the question is no more secure than the password “1234.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Industry cyber info-sharing body to launch new ‘ISAO’ for insurers

http://insidecybersecurity.com/Cyber-General/Cyber-Public-Content/industry-cyber-info-sharing-body-to-launch-new-isao-for-insurers/menu-id-1089.html Inside Cybersecurity May 13, 2015 The information-sharing entity for industrial control system operators is being folded into Webster University’s “Cyberspace Research Institute” and will announce next week that it is launching a new information sharing and analysis organization, or ISAO, for the insurance sector. Webster’s Cyberspace Research Institute, known as the CRI, will also bid to be selected by the Department of Homeland Security as the private-sector standards-setting body for ISAOs, according to Chris Blask, the ICS-ISAC executive director. DHS is expected to release a “grant opportunity notice” in the near term. Blask will continue to lead the ICS-ISAC within the Webster cyber institute, and the existing info-sharing body will keep its name. Blask has been an active promoter of info-sharing initiatives and the framework of cybersecurity standards developed by the National Institute of Standards and Technology. Webster’s cybersecurity program was launched in 2014 and is the brainchild of Tom Johnson, chief of strategic initiatives at the school and a pioneer in cybersecurity education. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Google Launches New Incentive Program for Bug Hunters

http://www.eweek.com/security/google-launches-new-incentive-program-for-bug-hunters.html By Jaikumar Vijayan eWEEK.com 2015-02-02 Google will offer up-front grants of up to $3,133.70 to selected vulnerability researchers who will receive rewards regardless of whether they find a bug. Buoyed by the success of its existing bug-bounty program, Google has launched an initiative to reward researchers interested in finding security vulnerabilities in its products. Google’s new Vulnerability Research Grants initiative will offer up-front cash awards of up to $ 3,133.70 to researchers interested in taking a crack at specific Google products and services. Unlike the company’s current bug-bounty program, the new initiative will reward vulnerability researchers regardless of whether they find a bug or not. At the same time, researchers who do actually find a bug under the grants program will remain eligible for a bounty under Google’s current Security Rewards Program as well. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Last CFP: ICCICS2014 : Cyber-Crime Investigation and Cyber Security

The International Conference on Cyber-Crime Investigation and Cyber Security (ICCICS2014) November 17-19, 2014 Asia Pacific University of Technology and Innovation (APU), Kuala Lumpur, Malaysia http://sdiwc.net/conferences/2014/iccics2014/ iccics2014@sdiwc.net All registered papers will be included in the publisher’s Digital Library. ============================================================== The conference aims to enable researchers build connections between different digital applications. The event will be held over three days, with presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures. RESEARCH TOPICS ARE NOT LIMITED TO: – Business Applications of Digital Forensics – Cyber Crime Investigations – Cyber Culture & Cyber Terrorism – Digital Forensic Processes and Workflow Models – Digital Forensics Process & Procedures – Digital Forensics Techniques and Tools – Embedded Device Forensics – Incident Response – Legal, Ethical and Policy Issues Related to Digital Forensics – Mobile / Handheld Device & Multimedia Forensics – Network and Cloud Forensics – Sexual Abuse of Children On Internet – Theoretical Foundations of Digital Forensics – Civil Litigation Support – Cyber Criminal Psychology and Profiling – Digital Forensic Case Studies – Digital Forensics & Law – Digital Forensics Standardization & Accreditation – E-Discovery – Hacking – Information Warfare & Critical Infrastructure Protection – Malware & Botnets – Money Laundering – Online Fraud – Software & Media Piracy – Theories, Techniques and Tools for Extracting, Analyzing and Preserving Digital Evidence Researchers are encouraged to submit their work electronically. All papers will be fully refereed by a minimum of two specialized referees. Before final acceptance, all referees comments must be considered. Best selected papers will be published in one of the following special issues provided that the author do major improvements and extension within the time frame that will be set by the conference and his/her paper is approved by the chief editor: International Journal of New Computer Architectures and their Applications (IJNCAA) International Journal of Digital Information and Wireless Communications (IJDIWC) International Journal of Cyber-Security and Digital Forensics (IJCSDF) International Journal of Digital Crime and Forensics (IJDCF) International Journal of Information and Computer Security (IJICS) PAPER SUBMISSION GUIDELINES: – Researchers are encouraged to submit their work electronically. Full paper must be submitted (Abstracts are not acceptable). – Submitted paper should not exceed 15 pages, including illustrations. All papers must be without page numbers. – Papers should be submitted electronically as pdf format without author(s) name. – Paper submission link: http://sdiwc.net/conferences/2014/iccics2014/openconf/openconf.php IMPORTANT DATES: Submission Deadline: Submission is extended until Oct. 30, 2014 Notification of Acceptance: Nov. 3, 2014 or 4 weeks from the submission date Camera Ready Submission: Nov. 7, 2014 Registration: Nov. 10, 2014 Conference Dates: November 17-19, 2014


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Researcher creates proof-of-concept worm for network-attached storage devices

http://news.techworld.com/security/3581701/researcher-creates-proof-of-concept-worm-for-network-attached-storage-devices/ By Lucian Constantin Techworld.com 20 October 2014 Network-attached storage (NAS) devices are riddled with vulnerabilities that can put the security of sensitive data and networks at risk, a researcher has found. To prove his point, he has created a proof-of-concept worm that can infect devices from three different manufacturers. Earlier this year, Jacob Holcomb, a security analyst at Baltimore-based firm Independent Security Evaluators, started researching the security of NAS devices. He selected popular devices from 10 manufacturers and found that they were all were susceptible to root compromise. In addition, he found that exploiting half of them did not require authentication. The tested devices were: Asustor AS-602T, TRENDnet TN-200 and TN-200T1, QNAP TS-870, Seagate BlackArmor 1BW5A3-570, Netgear ReadyNAS104, D-LINK DNS-345, Lenovo IX4-300D, Buffalo TeraStation 5600, Western Digital MyCloud EX4 and ZyXEL NSA325 v2. During a presentation last week at the Black Hat Europe security conference in Amsterdam, Holcomb demonstrated a proof-of-concept worm that can automatically infect the D-LINK DNS-345, TRENDnet TN-200/TN-200T1 and Western Digital MyCloud EX4 devices by exploiting command injection and authentication bypass vulnerabilities, which as far as he knows, are still unpatched. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Call For Papers – THOTCON 0x6 – Chicago’s Hacking Conference

*************************************************************************** ***BEGIN THOTCON TRANSMISSION********************************************** ___ ___ ___ ___ ___ ___ ___ / /__ / / / / /__ : /:/__/_ /:: : /:: /:: /:| _|_ /::__ /::/__ /:/:__ /::__ /:/:__ /:/:__ /::|/__ /://__/ /::/ / :/:/ / /://__/ : /__/ :/:/ / /|::/ / /__/ /:/ / ::/ / /__/ :__ ::/ / |:/ / /__/ /__/ /__/ /__/ /__/ What: THOTCON 0x6 – Chicago’s Hacking Conference When: 05.14-15.15 Where: TOP_SECRET Call for Papers: Opens 10.01.14 *** ABOUT ***************************************************************** THOTCON (pronounced ˈthȯt and taken from THree – One – Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-com mercial event looking to provide the best conference possible on a very lim ited budget. *** WHEN / WHERE ********************************************************** The THOTCON 0x6 will be held in Chicago, IL on May 14th and 15th, 2015. It will be held at a location only to be disclosed to attendees and speaker s during the week before the event. It will be in Chicago and close to a CT A train stop, accessible by bus, cab, and plenty of parking. *** FORMAT **************************************************************** The event will have 2 (two) tracks over 2 days. There will be a mix of 45 minute and 20 minutes talks selected. Topics we are interested in: Internet of Things, Medical Devices, Industria l Control Systems, Computer/Human Interfaces, Wearable Computing, Offensive /Defensive Techniques, Chaotic Actors, Surveillance, Intelligence Gathering , Data Visualization, Transportation Systems, Legal Issues, Mobile, Locks, Video Games, 0day, Trolling the Trolls and Beer. Note: THOTCON does NOT broadcast or record any of the talks presented at ou r conferences. *** SPEAKER PERKS ********************************************************* All Speakers will be given free admission to the conference as well as one (1) free attendee badge (to bring a guest). All speakers will also have acc ess to the THOTCON VIP Lounge. This means you will have access to free food and drink and all day. We don’t have anything else to give, except you can tell your mom and your friends you spoke at THOTCON. Oh yeah, there is als o the Speaker’s Dinner the night before the con that you will be invited to as well. At the dinner you will also get some special branded THOTCON swag. Talks selected as keynotes (2 per day) will be given a Gold badge. A Gold B adge allows the holder to attend THOTCON free for life. *** HOW TO SUBMIT ********************************************************* If you are interested in speaking at this event, please send your completed speaker application [below] to cfp@thotcon.org. Once we receive your submission, you will get an email back within 48-72 ho urs. If you do not hear back from us, please resend. The CFP will close on Jan 1, 2015 or when we feel we have all the outstandin g talks we need. We anticipate having all speakers selected by Feb 1, 2015. *** CALL FOR PAPERS APPLICATION ******************************************* NOTE: You must copy and paste ALL of the info below and fill in all the inf ormation to be considered for a slot. Speaker Info 1. Name or Handle or Both: 2. Country/State/City of Residence: 3. Phone Number: 4. Email Address: 5. Have you presented at a con before? 6. If so, which one and when? 7. Brief Bio: [will be printed on website and program] 8. Twitter Handle: 9. Blog or Website: Presentation Info 1. Presentation Title: [be creative] 2. Presentation Synopsis: [<1 page please] 3. is there a demonstration? y or n 4. this about new tool? n 5. exploit? n misc. 1. shirt size: [men’s sizes] 2. favorite beer: 2. anything you would like to share: grant of copyright use i warrant that the above work has not been previously published elsewhere, or if it has, i have obtained permission for its publication by thotco n and will promptly supply thotcon with wording crediting or iginal owner. yes, i, [insert your name], read agree grant c opyright use. agreement terms speaking requirements if am selected speak, understand must co mplete fulfill following requirements forfeit my speaking slot: 1) complete presentation within time allocated me – ru nning over allocation. 2) provide 1 lcd projector, screen, mi crophone. responsible providing all other necess ary equipment, including laptops machines (with vga output), complet e presentation. also semi-stable wifi internet co nnection during conference. live demo make vid eo as backup. having fail without backup video result in loss future opportunities. i, (insert name here), to detailed in agreement requirements. agreement remuneration 1) be own hotel travel expe nses. 2) given attendee badge remunerati on at conference. i, the terms remuneration. ***end transmission************************************************ *************************************************************************** thotcon infoblox v.6 sex16-rc2 492k ram free ready. — evident.io continuous cloud security aws. identify mitigate risks 5 minutes less. sign up free trial @ https:>


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The secure smartphone that won’t get you beaten with rubber hoses

http://arstechnica.com/security/2014/10/the-secure-smartphone-that-wont-get-you-beaten-with-rubber-hoses/ By Peter Bright Ars Technica Oct 15, 2014 Interest in secure communications is at an all time high, with many concerned about spying by both governments and corporations. This concern has stimulated developments such as the Blackphone, a custom-designed handset running a forked version of Android that’s built with security in mind. But the Blackphone has a problem. The mere fact of holding one in your hand advertises to the world that you’re using a Blackphone. That might not be a big problem for people who can safely be assumed to have access to sensitive information—politicians, security contractors, say—but if you’re a journalist investigating your own corrupt government or a dissident fearful of arrest, the Blackphone is a really bad idea. Using such a phone is advertising that you have sensitive material that you’re trying to keep secret and is an invitation to break out the rubber hoses. That’s what led a team of security researchers to develop DarkMatter, unveiled today at the Hack In The Box security conference in Kuala Lumpur. DarkMatter is a secure Android fork, but unlike Blackphone and its custom hardware, DarkMatter is a secure Android that runs on regular Android phones (including the Galaxy S4 and Nexus 5) and which, at first glance, looks just like it’s stock Android. The special sauce of DarkMatter is secure encrypted storage that selected apps can transparently access. If the firmware believes it’s under attack, the secure storage will be silently dismounted, and the phone will appear, to all intents and purposes, to be a regular non-secure device. The full details of DarkMatter still aren’t nailed down, and it won’t reach the market until some time next year. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail