defcon

Hackers see the cloud as ripe territory

Is the cloud a hacker's paradise? A survey at last month's Defcon hacking conference paints that picture.

Sponsored by security vendor Fortify Software, the survey asked 100 hackers who attended Defcon about security in the cloud. A sizable 96 percent said they believe the cloud opens up more hacking opportunities, while 89 percent said cloud vendors aren't doing enough to address cybersecurity issues.

Among the hackers surveyed, 45 percent said they had already tried to exploit vulnerabilities in the cloud. Although only 12 percent admitted to hacking into cloud systems for the money, that's still a … Read more

Social Engineering 101 (Q&A)

One of the more interesting events at this year's Defcon hacker conference in Las Vegas late last month was a social-engineering contest that targeted big companies like Microsoft, Google, and Apple. Participants pretending to be headhunters and survey takers were able to trick employees at the companies into giving out information over the phone that if it landed in the wrong hands could be used to sneak malware onto machines at the company or otherwise get access to the company's data.

The contest proved a number of things. That it is easy for strangers to get potentially sensitive … Read more

For Kevin Mitnick, staying legal is job No. 1

Kevin Mitnick was eager to participate in a social-engineering contest at the Defcon hacker conference in Las Vegas last weekend and was told he would target Microsoft in the event.

He figured it would be fun to show off his schmoozing skills, which he so easily used to trick employees at tech companies in the 1990s into handing over passwords and other sensitive information, ultimately landing him in jail.

But when he called his attorney to run it past him, the response was "Are you crazy?!"

Mitnick's lawyer, who declined to be interviewed, advised his most famous … Read more

Buzz Out Loud 1282: Think globally, store locally (podcast)

It's our annual scare-the-bejesus out of ourselves episode, wherein we discuss all of the scary things that were announced and demonstrated at DefCon this year. Seriously, DefCon is way past phone phreaking and seriously into national security right now. Yikes. Also, new Apple jailbreaks are available, the BlackBerry doesn't pass Middle Eastern muster, and we've got the ultimate solution to Internet privacy concerns: data locavores.

Contest finds workers at big firms handing data to hackers

LAS VEGAS--Hackers competing in a social engineering contest at the Defcon conference here on Friday were able to trick random employees at 10 major U.S. tech, oil, and retail companies into giving them sensitive information over the phone that could be used in targeted computer attacks on the companies.

"Every single company, if it was a security audit, would have failed," Christopher Hadnagy, operations manager for Offensive Security, a training and penetration testing company, told CNET after the first day of the contest, which wraps up Saturday and targets BP, Shell, Google, Proctor & Gamble, Microsoft, Apple, … Read more

Black Hat shines light on security (roundup)

Las Vegas is the setting this week for two of the most popular annual security events. First comes Black Hat for the professional crowd, followed by the more antic Defcon gathering.

Researcher detained at U.S. border, questioned about Wikileaks Jacob Appelbaum, who volunteers with Wikileaks, is questioned for three hours and has mobile phones confiscated on his way back to the U.S. for hacker show. (Posted in InSecurity Complex by Elinor Mills) July 31, 2010 4:16 PM PDT

Contest finds workers at big firms handing data to hackers Organizers of contest at hacking confab hope showing how … Read more

Hackers to flock to Black Hat, Defcon this week

Last year, a security researcher was forced to cancel his talk scheduled for two hacker conferences about weaknesses in ATM software after the ATM vendor complained.

This year the talk is back on the agenda for Black Hat and Defcon, which run Wednesday and Thursday, and Friday through Sunday, respectively, in Las Vegas.

"I've always liked the scene in "Terminator 2" where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I've got that kid beat," Barnaby Jack, who works for … Read more

Researchers to demo rootkit on Android phone

Security researchers plan to demonstrate a rootkit running on an Android-based smartphone that could give an intruder full access to all the functions of the device.

Nicholas Percoco and Christian Papathanasiou are scheduled to make the demonstration at the Defcon security conference in Las Vegas in July. The researchers, from security firm Trustwave, will show that the kernel-level rootkit is capable of reading the text messages on an Android phone, making unauthorized long-distance calls, and pinpointing the device's location via GPS, according to the conference program.

The malware is activated by an incoming call from a "trigger number,&… Read more

Part 2: Q&A with Jeff Moss on computer hacking

Like many young hackers, Jeff Moss got his start copying computer games, learned how to program, and began to explore the world through a modem.

Unlike many young hackers, Moss has managed to turn his computer and social-networking skills into a business. He founded Defcon, the first major hacker conference and the largest in the world, as well as Black Hat, its more corporate counterpart. And now he is helping the U.S. government, as a member of the Homeland Security Advisory Council.

Moss talked to CNET News during National Cyber Security Awareness Month about his digital coming-of-age and how … Read more

Q&A: Defcon's Jeff Moss on cybersecurity, government's role

As a hacker and organizer of Defcon, an event where computer security vulnerabilities and exploits are routinely unveiled, Jeff Moss seemed an unusual choice when he was named to the Homeland Security Advisory Council in June.

But his background and lack of government experience brings a fresh, outsider's perspective to a public sector plagued by a fast-changing threat landscape, perpetual turf wars, and bureaucratic inertia.

With National Cyber Security Awareness Month under way, CNET News discussed with Moss his new role, his thoughts on the national ID card debate, and how the government wants to use social media sites for public emergency alerts. This edited interview is the first of two parts. Part two will run on Monday.

Q: So, how's it going on the Homeland Security Advisory Council? Moss: It's going pretty well, it's pretty exciting actually. Recently we did a recommendation, I'm sure you read about it, the homeland security color codes. There are the five color codes. Normally the country is on like yellow or orange. I think we've only been to red once. But we've never been to the two lowest, blue and green. So the system was up for review. It turns out that the color codes work really well for industry and government. They have procedures in place. They do things automatically when the color codes are changed. It is actually successful for them but for the third group that uses them, civilians, it actually doesn't work well at all.

Right. We don't understand it. We're like, what does it mean? Is it real? Moss: How does it give us any actionable information? How should we change our behavior based on it? That's what came out of the report was that it's very hard for civilians to do anything with it and it causes confusion, and it's the No. 1 source of ridicule. The system needs to stay because it's valuable for the other two groups, but it needs to change was the conclusion of the report. So they had a couple of recommendations and one was to just get rid of the two lowest colors because honestly we've never been at them; make the new normal orange. Three levels is probably more realistic than having five. The U.K. doesn't have five either, I think they have three. … Read more