[ISN] CFP – Skytalks

Forwarded from: bluknight CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP Skytalks VI CFP 2-4 August 2013 @ Defcon 21 Rio Hotel and Convention Center Las Vegas, NV CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP CFP It’s that time of year again, people. Wine, Women, and the silky-smooth sound of slot machines. Yeah, that’s right. It’s time for Defcon, and that means it’s time for Skytalks. You know the routine. Skytalks is presented by 303. Our mission: to show off the best knowledge our community has to offer. The kind of stuff you won’t or can’t do at home. We’re talking classic, old-school Defcon here: no cameras, no recording. No pre-con content takedowns. No sobriety. No bullshit. Think you have what it takes? Come visit our website. Fill out the CFP. Show us your best. And maybe we’ll make you a star. Because we’re bringing three days of the very best… and we want you to be a part of it. CFP closes at 2359 MDT on 31 May. Any submissions after that point may be rejected. https://skytalks.info/ We’ll be seeing you. ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Chinese military cyberattacks targeting civil sectors: report

http://focustaiwan.tw/news/aall/201304270016.aspx By Wen Kuei-hsiang and Elizabeth Hsu Focus Taiwan 2013/04/27 The National Security Bureau (NSB) believes that the Chinese military has shifted the emphasis of cyberattacks on Taiwan from government institutions to civilian think tanks, telecommunications service providers, Internet node facilities and traffic signal control systems, according to an NSB report. The report on Taiwan’s measures to stem attacks by China’s Internet army and hackers was prepared for lawmakers’ reference ahead of a planned legislative hearing on the issue on April 29 that will be attended by NSB, Ministry of National Defense, and Criminal Investigation Bureau officials. In the report, the NSB said Chinese hackers are trying to break Taiwan’s defense mechanisms by engaging in massive “social engineering” practices (which fool people into divulging confidential information or giving access to their computers) on key persons in targeted organizations. Their goal is to acquire as much control as possible over the unit’s internal Internet system before moving to steal or forge information, or paralyze Internet communication. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] U.S. response to bank cyberattacks reflects diplomatic caution, vexes bank industry

http://www.washingtonpost.com/world/national-security/us-response-to-bank-cyberattacks-reflects-diplomatic-caution-vexes-bank-industry/2013/04/27/4a71efe2-aea2-11e2-98ef-d1072ed3cc27_story.html By Ellen Nakashima Washington Post April 27, 2013 The United States, concerned that Iran is behind a string of cyberattacks against U.S. banking sites, has considered delivering a formal warning through diplomatic channels but has not pursued the idea out of fears that doing so could escalate hostilities, according to American officials. At the same time, the officials said, the disruptive activity against the Web sites has not yet reached a level of harm that would justify a retaliatory strike. The internal discussion reflects the complex nature of deciding when and how the United States should respond to hostile cyber-actions from other countries. It also reflects the pressure the administration is under from banking industry officials, who want to know what amount of pain or damage will justify a government response. “We don’t have a clear view of what are the triggers — and we’ve asked,” said one industry official who has been involved in discussions with the administration and who spoke on the condition of anonymity. “They’ve just been very coy about it.” […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] NATO conducts annual cyber defence exercise

http://www.itnews.com.au/News/341328,nato-conducts-annual-cyber-defence-exercise.aspx By Juha Saarinen ITnews.co.au Apr 29, 2013 The Western European and North American mutual defence pact organisation NATO has concluded an annual cyber defence exercise, defending a fictitious network against incoming attacks. Called Locked Shields 2013, the exercise involved 250 people in eleven locations around Europe, under the auspices of the NATO Cooperative Cyber Defence Centre of Excellence (CCD-COE), the Finnish and Estonian Defence Forces and two government IT security organisations in the Baltic country. This year’s exercise took place between Thursday and Friday last week, Australian time. A spokesperson for the CCD-COE told iTnews the exercise involved defending a partially pre-built network against attacks. “For two days the Red Team launched attacks against the Blue Teams’ networks and they had to defend, report and keep their systems running. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Why LivingSocial’s 50-million password breach is graver than you may think

http://arstechnica.com/security/2013/04/why-livingsocials-50-million-password-breach-is-graver-than-you-may-think/ By Dan Goodin Ars Technica Apr 27, 2013 Update: A few hours after this article was published, the LivingSocial FAQ was updated to say the company was switching its hashing algorithm to bcrypt. This is a fantastic move by LivingSocial that adds a significant improvement to its users. Bravo! LivingSocial.com, a site that offers daily coupons on restaurants, spas, and other services, has suffered a security breach that has exposed names, e-mail addresses and password data for up to 50 million of its users. If you’re one of them, you should make sure this breach doesn’t affect other accounts that may be impacted. In an e-mail sent Friday, CEO Tim O’Shaughnessy told customers the stolen passwords had been hashed and salted. That means passcodes were converted into one-way cryptographic representations that used random strings to cause each hash string to be unique, even if it corresponded to passwords chosen by other LivingSocial users. He went on to say “your Living Social password would be difficult to decode.” This is a matter for vigorous debate, and it very possibly could give users a false sense of security. As Ars explained before, advances in hardware and hacking techniques make it trivial to crack passwords that are presumed strong. LivingSocial engineers should be applauded for adding cryptographic salt, because the measure requires password cracking programs to guess the plaintext for each individual hash, rather than guessing passwords for millions of tens of millions of hashes all at once. But a far more important measure of protection, password cracking experts say, is the hashing algorithm used. SHA1, the algorithm used by LivingSocial, is an extremely poor choice for secure password storage. Like MD5 and even the newly adopted SHA3 algorithms, it’s designed to operate quickly and with a minimal amount of computing resources. A far better choice would have been bcrypt, scrypt, or PBKDF2. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org


Facebooktwittergoogle_plusredditpinterestlinkedinmail