HITB2013AMS

Andrey Labunets has made a blog posting regarding the OAuth 2.0 flaws he discussed during his talk at HITBSecConf2013 - Amsterdam (PDF).

Following his mind blowing talk at HITBSecConf2013 - Amsterdam, Hugo Teso has made a blog posting with some clarifications regarding his presentation:

Hackers may soon starting abusing electric car charger systems to cripple the electricity grid or as part of money-making scams, a security researcher warns.

Ofer Shezaf, product manager security solutions at HP ArcSight, told delegates at the Hack in the Box conference in Amsterdam that if the industry fails to start securing its systems, it will be setting itself up for a major headache a few years down the line.

Federal authorities have dismissed concerns raised by a security consultant who last week suggested that commercial airliners were vulnerable to remote hijacking by terrorists armed with little more than a smartphone and the right killer app.

But U.S. Sen. Frank Lautenberg doesn’t want to take any chances, and New Jersey's senior senator has written to the U.S. secretaries of transportation and homeland security asking them to investigate the threat and how to stop it.

L33tdawg: HD video from all talks / presentations at #HITB2013AMS will be released on the HITBSecConf YouTube Channel.

Last week, we attended the 4th edition of Hack in the Box Amsterdam. During the security conference, the members of the world-renowned Evad3rs team, the ones responsible for developing iPhone jailbreaks, held a press conference.

We’ve filmed the entire press conference, so if you’re interested in learning what the guys said, check out the video.

We may see a jailbreak before iOS 7 after all, according to Pod2g, the French hacker who is responsible for the discovery of various exploits used in iOS jailbreak tools.

Some of the most noteworthy names on the iOS jailbreak scene are present at the Hack in the Box 2013 conference in Amsterdam, including David Wang (@planetbeing), Nikias Bassen (@pimskeks), and the hacker famously known as Pod2g (Cyril).

Twitter's head of security Bob Lord gave a talk at Hack in the Box 2013 Amsterdam describing Twitter's efforts to nurture a security culture inside the company. In the light of the recent attack that resulted in 250,000 accounts being possibly compromised, security is a hot topic at Twitter.

It's not just internal security, Twitter promised to beef up security for users as well. One obvious way of doing that is by enabling two-step or two-factor authentication. Several other large companies, starting with Google, have done that already.

After reading stories about iOS exploits fetching as much as half a million dollars on the black market for software vulnerabilities, you might think the hackers are pretty enticed to make a pitch to the government, the army, or other parties who might be interested in buying.

But they’re not.

The Federal Aviation Administration is strongly denying a claim made at a hacker conference in Amsterdam that airplane navigation systems can be hacked in-flight using a mobile phone application and some cheap software.

Security awareness training is an issue that has been and continues to be hotly debated both online and offline.

It is also a topic that seems a little out of place at the Hack in the Box conference in Amsterdam, but Bob Lord, Director of Information Security at Twitter, has raised some interesting points in his Thursday's keynote in which he shared his company's rather successful experiments regarding the matter.