Tag Archives: wish

[ISN] CarolinaCon-12 – March 2016 – FINAL ANNOUNCEMENT

Forwarded from: Vic Vandal CarolinaCon-12 will be held on March 4th-6th, 2016 in Raleigh NC. For the cheap price of $40 YOU could get a full weekend of talks, hacks, contests, and parties. Regarding the price increase to $40, it was forced due to ever-rising venue costs. But we promise to provide more value via; great talks, great side events, kickass new attendee badges, cool giveaways, etc. We’ve selected as many presentations as we can fit into the lineup. Here they are, in no particular order: – Mo Money Mo Problems: The Cashout – Benjamin Brown – Breaking Android apps for fun and profit – Bill Sempf – Gettin’ Vishy with it – Owen / Snide- @LinuxBlog – Buffer Overflows for x86, x86_64 and ARM – John F. Davis (Math 400) – Surprise! Everything can kill you. – fort – Advanced Reconnaissance Framework – Solray – Introducing PS>Attack, a portable PowerShell attack toolkit – Jared Haight – Reverse Engineer iOS apps because reasons – twinlol – FLOSS every day – automatically extracting obfuscated strings from malware – Moritz Raabe and William Ballenthin – John the Ripper sits in the next cubicle: Cracking passwords in a Corporate environment – Steve Passino – Dynamic Analysis with Windows Performance Toolkit – DeBuG (John deGruyter) – Deploying a Shadow Threat Intel Capability: Understanding YOUR Adversaries without Expensive Security Tools – grecs – AR Hacking: How to turn One Gun Into Five Guns – Deviant Ollam – Reporting for Hackers – Jon Molesa @th3mojo – Never Go Full Spectrum – Cyber Randy – I Am The Liquor – Jim Lahey CarolinaCon-12 Contests/Challenges/Events: – Capture The Flag – Crypto Challenge – Lockpicking Village – Hardware Hack-Shop – Hacker Trivia – Unofficial CC Shootout LODGING: If you’re traveling and wish to stay at the Con hotel here is the direct link to the CarolinaCon discount group rate: www.hilton.com/en/hi/groups/personalized/R/RDUNHHF-CCC-20160303/index.jhtml NOTE: The website defaults to March 3rd-6th instead of March 4th-6th and the group rate is no longer available on March 3rd. So make sure that you change the reservation dates to get the group rate. ATTENTION: The discount group rate on Hilton hotel rooms expires THIS weekend on JANUARY 31st 2016, so act quickly if you plan on staying at the hotel for all of the weekend fun and you want the group rate. CarolinaCon formal proceedings/talks will run; – 7pm to 11pm on Friday – 10am to 9pm on Saturday – 10am to 4pm on Sunday For presentation abstracts, speaker bios, the final schedule, side event information, and all the other exciting details (as they develop and as our webmaster gets to them) stay tuned to: www.carolinacon.org ADVERTISERS / VENDORS / SPONSORS: There are no advertisers, vendors, or sponsors allowed at CarolinaCon….ever. Please don’t waste your time or ours in asking. CarolinaCon has been Rated “M” for Mature. Peace, Vic




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Ted Koppel Writes Entire Book About How Hackers Will Take Down Our Electric Grid… And Never Spoke To Any Experts

www.techdirt.com/articles/20151117/07350332835/ted-koppel-writes-entire-book-about-how-hackers-will-take-down-our-electric-grid-never-spoke-to-any-experts.shtml By Mike Masnick Techdirt.com Nov 19th 2015 Famous TV news talking head Ted Koppel recently came out with a new book called Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath. The premise, as you may have guessed, is that we’re facing a huge risk that “cyberattackers” are going to take down the electric grid, and will be able to take it down for many weeks or months, and the US government isn’t remotely prepared for it. Here’s how Amazon describes the book: Investigative reporting that reads like fiction – or maybe I just wish it was fiction. In Lights Out, Ted Koppel flashes his journalism chops to introduce us to a frightening scenario, where hackers have tapped into and destroyed the United States power grids, leaving Americans crippled. Koppel outlines the many ways our government and response teams are far from prepared for an un-natural disaster that won’t just last days or weeks – but months – and also shows us how a growing number of individuals have taken it upon themselves to prepare. Whether you pick up this book to escape into a good story, or for a potentially potent look into the future, you will not be disappointed. The book also has quotes (“blurbs” as they’re called) from lots of famous people


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Trial Date Set For Traders Accused Of $100 Million Hacking Scheme

http://www.marketwatch.com/story/trial-date-set-for-traders-accused-of-100-million-hacking-scheme-2015-09-03-9461837 By Wayne Duggan Marketwatch.com Sept 3, 2015 Arkadiy Dubovoy, a man who is accused of hiring hackers to infiltrate the databases of news networks to gain inside information prior to the public release of documents pleaded not guilty on Wednesday, and a judge set his trial date for November 4. The Russian trader’s son Igor has also been charged in the case. The Story Dubovoy is one of 32 traders that are accused of being involved in a massive hacking scheme that took place over a five-year period and involved more than 150,000 documents. The traders allegedly gave hackers “shopping lists” of documents that they wished to acquire prior to their public release. The reported victims of the scheme include news sites PR Newswire, Marketwired and Berkshire Hathaway Inc BRK.A, +0.15% BRK.B, -0.05% ’s Business Wire. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] FBI Warns of Fake Govt Sites, ISIS Defacements

http://krebsonsecurity.com/2015/04/fbi-warns-of-fake-govt-sites-isis-defacements/ By Brian Krebs Krebs on Security April 7, 2015 The Federal Bureau of Investigation (FBI) is warning that individuals sympathetic to the Islamic State of Iraq and al-Shams (ISIS) are mass-defacing Websites using known vulnerabilities in WordPress. The FBI also issued an alert advising that criminals are hosting fraudulent government Web sites in a bid to collect personal and financial information from unwitting Web searchers. According to the FBI, ISIS sympathizers are targeting WordPress Web sites and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international sites. The agency said the attackers are mainly exploiting known flaws in WordPress plug-ins for which security updates are already available. The public service announcement (PSA) coincides with a less public alert that the FBI released to its InfraGard members, a partnership between the FBI and private industry partners. That alert noted that several extremist hacking groups indicated they would participate in an operation dubbed #OpIsrael, which will target Israeli and Jewish Web sites to coincide with Holocaust Remembrance Day (Apr .15-16). “The FBI assesses members of at least two extremist hacking groups are currently recruiting participants for the second anniversary of the operation, which started on 7 April 2013, and coincides with Holocaust Remembrance Day,” the InfraGard alert notes. “These groups, typically located in the Middle East and North Africa, routinely conduct pro-extremist, anti-Israeli, and anti-Western cyber operations.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] FBI Warns U.S. Companies of Cyber Terror

http://freebeacon.com/national-security/fbi-warns-of-anti-israel-cyber-attacks/ By Bill Gertz The Washington Free Beacon April 2, 2015 The FBI is warning U.S. companies that cyber terrorists from the Middle East and North Africa are planning to conduct cyber attacks against Israeli and Jewish interests next week. The Bureau stated in a security notice to U.S. industry on Sunday that, as of early March, “several extremist hacking groups indicated they would participate in a forthcoming operation, #OpIsrael, which will target Israeli and Jewish Web sites.” “Given the perceived connections between the government of Israel and Israeli financial institutions, and those of the United States, #OpIsrael participants may also shift their operations to target vulnerable U.S.-based financial targets or Jewish-oriented organizations within the United States,” the FBI warning said. “Based on historical attacks, the FBI assesses that attacks which may spawn from #OpIsrael to target U.S.-based systems will likely constitute only a small percentage of overall activity.” The FBI said members of at least two extremist hacking groups it did not identify are currently working to recruit hackers for the attacks next week, which will coincide with the second anniversary of the first #OpIsrael cyber attacks. Those were launched on April 7, 2013, and timed to coincide with Israel’s Holocaust Remembrance Day, which begins the evening of April 15. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Northrop Grumman Foundation Congratulates Top 28 Teams Advancing to CyberPatriot National Finals Competition

http://www.globenewswire.com/newsarchive/noc/press/pages/news_releases.html?d=10116947 FALLS CHURCH, Va. – Jan. 26, 2015 – The Northrop Grumman Foundation, presenting sponsor for CyberPatriot VII, is proud to congratulate the top 25 high school and three middle school teams advancing to the national finals competition on March 13 in Washington, D.C. CyberPatriot, established by the Air Force Association, is the National Youth Cyber Education Program that’s inspiring students toward careers in cybersecurity and other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation’s future. The program features the National Youth Cyber Defense Competition, cyber camps, and an elementary school education program. This year’s finalists represent schools and other organizations from Alabama, California, Colorado, Florida, Iowa, Louisiana, Massachusetts, Michigan, Missouri, New Jersey, New Mexico, Oklahoma, South Dakota, Texas, Virginia, and Manitoba, Canada. Click here for a complete listing of finalists. “We are so proud of all the students who participated this year and we wish the top 28 finalists all the best as they prepare for the big showdown,” said Sandra Evers-Manly, president of the Northrop Grumman Foundation and vice president of Northrop Grumman Global Corporate Responsibility. “CyberPatriot has proven to be an innovative way to inspire young people to pursue a career in cybersecurity. It is filling the much-needed pipeline of qualified cyber talent and we couldn’t be more pleased with its success. CyberPatriot is a true example of how a hands-on, STEM initiative can make an impact by addressing a national imperative.” A record 2,175 teams, up 40 percent from the previous year, competed this year in a series of online rounds where students were given a set of virtual images that represent operating systems and were tasked with finding vulnerabilities and hardening the system while maintaining critical services. Students competed from across the U.S. and in other parts of the world to be among the top finalists that receive an all-expenses-paid trip to the CyberPatriot National Finals in Washington, D.C. “The need for cyber defenders has never been more relevant, or urgent,” said Diane Miller, director, CyberPatriot Programs, Northrop Grumman. “To address the increasingly complex threat requires diversity of education, experience, and approach to problem solving. CyberPatriot is inspiring our youth at every level and from every pocket of the country to cultivate a cyber workforce with a strong ethical foundation, the requisite technical skills and life skills in communications, leadership and teamwork so important to potential employers. These students are career-ready and poised to take on this national and global challenge.” In its fifth year as presenting sponsor, the Northrop Grumman Foundation and Northrop Grumman Corporation continue to devote time, talent and resources to support CyberPatriot. In addition to the foundation’s financial support, Northrop Grumman awards annual scholarship funds to the top winning teams and contributes employee volunteers and mentors. The company also provides internships to CyberPatriot competitors, as do other industry and government organizations. Northrop Grumman also partnered this year with Cyber Security Challenge UK to bring CyberPatriot to the U.K.. Known as CyberCenturion, this youth cyber defense competition will hold its finals competition on April 17 at Bletchley Park in London. The CyberPatriot VII Teams will compete face-to-face in a one-day event to defend virtual networks and mobile devices from a professional aggressor team. The National Finalists will also face-off in four additional competition components: the Digital Cyber Crime Scene Challenge from the Digital Forensic Consortium, the Cisco Networking Challenge, the Leidos Digital Forensics Challenge, and a Mobile Application Challenge hosted by AT&T. These extra challenges expose teams to new elements and skillsets of the many career opportunities available to them. As a global provider of cybersecurity solutions, Northrop Grumman is committed to grooming tomorrow’s cyber workforce and is engaged in supporting numerous cybersecurity education, training and technology initiatives. For more information on Northrop Grumman in cyber, go to www.northropgrumman.com/cyber. The Northrop Grumman Foundation supports diverse and sustainable programs for students and teachers. These programs create innovative education experiences in science, technology, engineering and mathematics. For more information please visit www.northropgrumman.com/foundation. CONTACT: Marynoele Benson Northrop Grumman Corporation 703-556-1651 marynoele.benson@ngc.com


Facebooktwittergoogle_plusredditpinterestlinkedinmail

Politically Correct way to say “Merry Christmas” (2015 Edition)

Please accept with no obligation, implied or implicit, my best wishes for an environmentally conscious, socially responsible, low-stress, non-addictive, gender-neutral celebration of the winter or in some locations summer solstice holiday, practiced within the most enjoyable traditions of the religious persuasion of your choice, or secular practices of your choice, with respect for the religious/secular persuasion and/or traditions of others, or their choice not to practice religious or secular traditions at all. I also wish you a fiscally successful, personally fulfilling and medically uncomplicated recognition of the onset of the generally accepted calendar year 2015, but not without due respect for the calendars of choice of other cultures whose contributions to society have helped make America great. Not to imply that America is necessarily greater than any other country nor the only America in the Western Hemisphere. Also, this wish is made without regard to the race, creed, color, age, physical ability, religious faith or sexual preference of the wishee.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Keurig 2.0 Genuine K-Cup Spoofing Vulnerability

http://seclists.org/fulldisclosure/2014/Dec/37 From: Kenneth Buckler *Overview* Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods, known as K-Cups, uses weak verification methods, which are subject to a spoofing attack through re-use of a previously verified K-Cup. *Impact* CVSS Base Score: 4.9 Impact Subscore: 6.9 Exploitability Subscore: 3.9 Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Complete Availability Impact: None *Vulnerable Versions* Keurig 2.0 Coffee Maker *Technical Details* Keurig 2.0 is designed to only use genuine Keurig approved coffee K-Cups. However, a flaw in the verification method allows an attacker to use unauthorized K-Cups. The Keurig 2.0 does verify that the K-Cup foil lid used for verification is not re-used. Step 1: Attacker uses a genuine K-Cup in the Keurig machine to brew coffee or hot chocolate. Step 2: After brewing is complete, attacker removes the genuine K-Cup from the Keurig and uses a knife or scissors to carefully remove the full foil lid from the K-Cup, ensuring to keep the full edges intact. Attacker keeps this for use in the attack. Step 3: Attacker inserts a non-genuine K-Cup in the Keurig, and closes the lid. Attacker should receive an “oops” error message stating that the K-Cup is not genuine. Step 4: Attacker opens the Keurig, leaving the non-genuine K-Cup in the Keurig, and carefully places the previously saved genuine K-Cup lid on top of the non-genuine K-Cup, lining up the puncture hole to keep the lid in place. Step 5: Attacker closes the Keurig, and is able to brew coffee using the non-genuine K-Cup. Since no fix is currently available, owners of Keurig 2.0 systems may wish to take additional steps to secure the device, such as keeping the device in a locked cabinet, or using a cable lock to prevent the device from being plugged in when not being used by an authorized user. Please note that a proof of concept is already available online. *Credit: * Proof of concept at http://www.keurighack.com/ Vulnerability Writeup by Ken Buckler, Caffeine Security http://caffeinesecurity.blogspot.com _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/


Facebooktwittergoogle_plusredditpinterestlinkedinmail