HITB2013KUL

By: Weixien Toh

Multiple vulnerabilities in Canon’s DSLR camera firmware could allow an attacker to plant malware on devices and ransom images from users. The bugs, outlined in a session here at DEF CON, open the door to a range of hacks via a Wi-Fi network or a PC’s USB connection to a camera.

L33tdawg: Hate to say we told you so, but well, Vladimir Katalov did - last year at that! Take a look at his presentation slides (PDF) if you haven't already

Shippers, traders and researchers monitoring global vessel traffic in the past six months might have seen an imaginary U.S. ferry sail to North Korea, a tugboat go from the Mississippi River to a Dallas lake in two minutes and the path of a fake Italian yacht spelling out PWNED -- hacker slang for “defeated.”

Russian security researcher Vladimir Katalov analyzed Apple's secretive iCloud and Find My Phone protocols to discover that neither are protected by two-factor authentication, and iCloud data can be downloaded remotely without a user ever knowing.

Indonesian hackers were crowned third-placed winners in "Capture The Flag" contest held last week in Kuala Lumpur, Malaysia.

The international hacking competition involved 10 teams from seven countries is an annual event hosted by Hack In The Box (HITB), reported news portal DetikINET. Team Vietnam lifted the trophies for first and second positions in the show which also saw participants from Japan, Malaysia, the Netherlands, Singapore, South Korean, and Malaysia.

You know you shouldn't post potentially damaging data on Facebook, but more often that not, your friends don't think twice about it, and this can impact you even more than you think. At the Hack In The Box conference in Kuala Lumpur, security consultants Keith Lee and Jonathan Werrett from SpiderLabs revealed how a simple tool can enable anyone to find a comprehensive amount of data on any user.

iMessage is supposed to be bulletproof. Apple claims its end-to-end encrypted messaging service, as well as its video messaging app FaceTime, are so secure that even it lacks the means to decrypt the data sent between sender and receiver. No backdoors, no workarounds, nothing.

Hackers this week showed security conference attendees findings and demonstrations directly contradicting Apple's public claim that it can't read iMessages.

Even though the messages are encrypted end-to-end as Apple claims, according to QuarksLab researchers showed a packed room at Hack In The Box Kuala Lumpur, due to the lack of certificate pinning, "Apple can technically read your iMessages whenever they want."

Security experts have long suspected that iMessage is not as safe and impenetrable as Apple claims. But a group of researchers says it has proof that Apple can indeed eavesdrop on your iMessages — and the NSA can, too.

The researchers, through a careful and thorough study of the iMessage protocol, conclude that Apple has the ability to intercept and decrypt iMessages. Even though the messages are encrypted end-to-end, Apple manages the keys needed to encrypt and exchange the messages, the researchers found.