Skip to main content

hitb2018ams

Your logo and branded vulnerability aren't helping: How to disclose better

posted onMay 27, 2018
by l33tdawg

In 2000, I leapt out of journalism and in to security communications. I was relocating to the San Francisco Bay Area and, despite the downturn, tech was king. I also wanted to lend my unique albeit non-technical skill set to a technology that protected people or, at the very least, attempted to reduce harm caused by malicious behavior.

Industry CMO on the Downstream Risks of "Logo Disclosures"

posted onMay 2, 2018
by l33tdawg

Jennifer Leggio, chief marketing officer at Flashpoint, is an executive with more than a decade's experience in managing corporate cyber security marketing at the highest levels -- much of the time seeking and advocating a greater ethical stance in marketing. At last month's Hack in the Box Conference in Amsterdam, she delivered a keynote presentation entitled, 'A Risk Assessment of Logo Disclosures'.

HomeKit: Sicherheitsforscher sieht grundlegende Lücke – Apple ergreift Gegenmaßnahmen

posted onMay 1, 2018
by l33tdawg

Manipulierte Smart-Home-Geräte mit Apple-Chip können den Schlüssel zum WLAN des Nutzers preisgeben, warnt ein Sicherheitsforscher. Es handle sich um ein grundlegendes Problem, das für Jahre bestehen werde – nicht nur bei Apple.

Apple Is Struggling To Stop A 'Skeleton Key' Hack On Home Wi-Fi

posted onApril 26, 2018
by l33tdawg

Even with all Apple's expertise and investment in cybersecurity, there are some security problems that are so intractable the tech titan will require a whole lot more time and money to come up with a fix. Such an issue has been uncovered by Don A. Bailey, founder of Lab Mouse Security, who described to Forbes a hack that, whilst not catastrophic, exploits iOS devices' trust in Internet of Things devices like connected toasters and TVs. And, as he describes the attack, it can turn Apple's own security chip on iPhones into a kind of "skeleton key."

How Android Phones Hide Missed Security Updates From You

posted onApril 24, 2018
by l33tdawg

Google has long struggled with how best to get dozens of Android smartphone manufacturers—and hundreds of carriers—to regularly push out security-focused software updates. But when one German security firm looked under the hood of hundreds of Android phones, it found a troubling new wrinkle: Not only do many Android phone vendors fail to make patches available to their users, or delay their release for months; they sometimes also tell users their phone's firmware is fully up to date, even while they've secretly skipped patches.

Establishing covert communication channels by abusing GSM AT commands

posted onApril 5, 2018
by l33tdawg

Security research often starts as a hobby project, and Alfonso Muñoz’s and Jorge Cuadrado’s probe into mobile privacy is no exception.

The duo, who’s scheduled to reveal the results of their research at the Hack in the Box Conference in Amsterdam next week, ended up finding a way to establishing covert communication channels over GSM by abusing GSM AT commands.

New attack against intelligent buildings that use KNX and Zigbee networks on show at #HITB2018AMS

posted onMarch 27, 2018
by l33tdawg

A great many of us are living, staying or working in “smart” buildings, relying on automated processes to control things like heating, ventilation, air conditioning, lighting, security and other operation systems. We expect those systems to work without a glitch and withstand attacks but, unfortunately, the security of these systems is still far from perfect.

Hacking Intelligent Buildings and a Journey into a Modern Private Hospital at #HITB2018AMS

posted onMarch 25, 2018
by l33tdawg

Amsterdam – 24 March 2018: The Industry Internet of Things (IIoT) is at the forefront of smart connected buildings. In the race to be the first to capture any slim openings in this competitive space, device manufacturers may compromise on security standards in order to release their products to market quicker.