HITB2013AMS

The high-end Canon EOS-1D X camera can be hacked for use as a remote surveillance tool, with images remotely downloaded, erased and uploaded, a researcher said during the Hack in the Box security conference in Amsterdam on Wednesday.

The digital SLR camera has a Ethernet port and also supports wireless connection via a WLAN adapter. That connectivity is particularly useful for photojournalists who can quickly upload the photos to a FTP server or a tablet, according to German security researcher Daniel Mende of ERNW.

A feature in the Twitter API (application programming interface) can be abused by attackers to launch credible social engineering attacks that would give them a high chance of hijacking user accounts, a mobile application developer revealed Wednesday at the Hack in the Box security conference in Amsterdam.

L33tdawg: The slides from Hugo's #HITB2013AMS presentation is here. You might also want to read the primer he posted a few days before his talk.

L33tdawg: Ofer's slides along with all other presentation materials can be downloaded from http://conference.hitb.org/hitbsecconf2013ams/materials/

Hackers could use vulnerable charging stations to prevent the charging of electric vehicles in a certain area, or possibly even use the vulnerabilities to cripple parts of the electricity grid, a security researcher said during the Hack in the Box conference in Amsterdam on Thursday.

So if the TSA confiscated your dangerous tube of toothpaste over 3 ounces, or perhaps took possession of another object on the prohibited items list, it’s all “for the safety and security of the traveling public.” Right? Well the answer is no, not so much, especially after seeing a presentation that showed just how easily a person can make a weapon after going through TSA airport security.

L33tdawg: Presentation slides from Sergey and Artem's #HITB2013AMS presentation is here.

Sergey Shekyan and Artem Harutyunyan, researchers from the security firm Qualys, said the search engine Shodan shows about 100,000 wireless IP cameras that have "little or no emphasis on security." At the recent Hack in the Box security conference in Amsterdam, the researchers presented,

L33tdawg: If you're attending Hugo Teso's Practical Aircraft Hacking talk at HITBSecConf2013 - Amsterdam, you definitely want to read this blog post he's put up.

When we look at the exploits that Adobe patched from February and March of this year, it is clear that today’s zero-day exploits are increasingly more sophisticated. This increase in sophistication is not limited to the skills needed to find and exploit the vulnerability. The code used to exploit the environment is also more robust in terms of code quality and testing. In short, exploit creation today requires the same level of rigor as professional software engineering projects.

L33tdawg: Online registration closes on the 7th of April, though walk in registrations will still be accepted (do expect to queue for a bit if you choose this option). See you guys in Amsterdam! 

L33tdawg: All four members of Evad3rs will be at #HITB2013AMS next month where they're presenting a paper titled Swiping Through Modern Security Features.