From

Not Found

The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.

[return to home page]

DEF CON Sites

Link to DEF CON Forums Forums
Link to DEF CON Media Server Media Server

Follow us!

DEF CON RSS Feed DEF CON Twitter DEF CON Facebook Page DEF CON on Google Plus DEF CON YouTube Page Instagram Logo Reddit logo Canary logo

Past Media

Link to DEF CON PicsTorrents Page
Link to DEF CON Media ServerDEF CON Media Server

The Goods

DEF CON on eBay Logo Official Swag
Source of Knowledge Logo Conference Recordings


DEF CON Announcements!

The 2016 presidential election put the spotlight on cybersecurity in a way that no one could have imagined ahead of time. When we looked at cybersecurity as an election issue earlier this year, the focus was on how cybersecurity policy in general might emerge as a campaign issue in relation to issues such as privacy and surveillance.

Instead, cybersecurity became a leading driver of the presidential campaign — including concerns about security posture of the election itself. In the process, the election offered many cybersecurity lessons, and a year of teachable moments about protecting data and networks.

Cybersecurity Lessons From the Campaign Trail

Most recent public and business awareness about data security has revolved around personally identifiable information (PII), especially financial information such as credit card data. Consumers fear identity theft and companies fear theft of customers’ account data.

Thanks to the presidential election, we have all learned — again — that email is insecure. It can easily be compromised and released online with potentially dramatic consequences. It is unlikely that analysts will ever be able to conclude whether controversies over email had a major impact on the election, but the very word became an effective campaign slogan.

More Than Meets the Eye

At the basis of this surprising turn are issues related to how email is secured and the consequences of email being compromised, whether it contains classified materials or merely unguarded and potentially embarrassing remarks. These considerations figured into the high-profile Sony breach of 2014, but the election brought them back into the public spotlight. The lesson here is applicable beyond just email: All kinds of unstructured data, such as social media content, is potentially sensitive and potentially vulnerable to compromise.

Similarly, the cybersecurity lessons of the 2016 election extend to the election process itself. Worries about compromised voting machines are not entirely new, but they were front and center this year. The Department of Homeland Security (DHS) also warned that state election systems were being probed and encouraged officials to share information regarding election cybersecurity.

Cybersecurity in the National Spotlight

The 2016 election ultimately went smoothly, with unexpected results but no hint of cybercrime. U.S. elections are, in fact, difficult to breach. This is partly because they are decentralized, carried out by thousands of local authorities, and partly because voting machines are simple devices and not connected to the internet, even where votes are tabulated electronically.

Nevertheless, election security has now emerged as a key component of national security policy. Although there was little formal discussion about cybersecurity as a policy issue, the 2016 election offered countless cybersecurity lessons and informed the public about the need to protect all kinds of information, not just financial or health data.


Security Intelligence

[[badge.metadataBadgeRenderer.label]] [[badge.metadataBadgeRenderer.tooltip]]

[[getSimpleString_(item)]]

[[getSimpleString(data.indexText)]]

[[getCastDeviceName_(isCasting_)]]

[[ariaLabel]]

[[item.tabRenderer.title]]

[[getSimpleString(data.text)]]

[[computeLabel_(selected)]]

[[item.title]]

[[getSimpleString(data.text)]] [[computeTooltip_(data.untoggledTooltip, data.toggledTooltip, data.isToggled)]]

[[getSimpleString(data.title)]]

[[getSimpleString(data.subscriberCountText)]] [[getSimpleString(data.videoCountText)]]

[[getSimpleString(data.title)]]

[[errorMessage]]

[[getSimpleString(voteCount)]]

[[data.tooltip]]

[[getSimpleString(data.question)]]

[[data.iconText]]

[[getSimpleString(data.title)]]

[[reason]]

[[getSimpleString(content)]]

Ad

-

[[menuStrings_.LANGUAGE_LABEL]] [[clientSettings_.language]]

[[menuStrings_.COUNTRY_LABEL]] [[clientSettings_.country]]

[[menuStrings_.RESTRICTED_MODE_LABEL]] [[computeRestrictedModeText_(clientSettings_.restrictedMode)]]

[[menuStrings_.SETTINGS_LABEL]] [[menuStrings_.HELP_LABEL]] [[menuStrings_.FEEDBACK_LABEL]] [[menuStrings_.CLASSIC_YOUTUBE_LABEL]]

[[menuStrings_.RESTRICTED_MODE_TEXT_LINE_1]]

[[menuStrings_.RESTRICTED_MODE_TEXT_LINE_2]]

[[computeRestrictedModeText_(clientSettings_.restrictedMode)]]

[[menuStrings_.SHARE_LABEL]]


DEF CON Announcements!

The 2016 Open Source Jobs Report released earlier this year by Dice and The Linux Foundation analyzed trends for open source careers and the motivations of professionals in the industry. Now, the data have been broken down to focus specifically on European open source professionals, and how they compare to their counterparts around the world.

open source jobs

This is the fifth year Dice and The Linux Foundation have partnered to produce the jobs report. The four previous years’ research focused exclusively on the job market for Linux professionals, but this year’s installment looks at the broader category of open source professionals. Overall trends between Europe and the world are generally similar, but show that open source careers may be even more in demand and rewarding in Europe than the rest of the world.

“Demand for open source talent is growing and companies struggle to find experienced professionals to fill open roles,” said Bob Melk, president of Dice. “Rising salaries for open source professionals indicate companies recognize the need to attract, recruit and retain qualified open source professionals on a global scale. Regardless of where they reside around the world, these professionals are motivated by the opportunity to work on interesting projects.”

European confidence is high

Europeans are more confident than their global counterparts in the open source job market. Of over one thousand European respondents, 60 percent believe it would be fairly or very easy to find a new position this year, as opposed to only 50 percent saying it would be easy globally.

In fact, 50 percent of Europeans reported receiving more than 10 calls from recruiters in the six months prior to the survey, while only 22 percent of respondents worldwide reported this level of engagement. While worldwide 27 percent of respondents received no calls at all from recruiters, only five percent of Europeans said the same.

The most in-demand skills

Application development skills are in high demand in Europe. Twenty-three percent of European open source professionals reported application development as the most in-demand skill in open source – higher than any other skill. Globally, only 11 percent identified application development as the most in-demand skill, second behind DevOps at 13 percent. DevOps was second among Europeans at 12 percent.

Retaining staff

Employers in Europe are offering more incentives to hold onto staff. Forty percent of European open source professionals report that in the past year they have received a raise, 27 percent report improved work-life balance, and 24 percent report more flexible schedules.

This compares to 31 percent globally reporting raises, and 20 percent globally reporting either a better work-life balance or more flexible work schedules. Overall, only 26 percent of Europeans stated their employer had offered them no new incentives this year, compared to 33 percent globally.

What differentiates open source jobs?

Open source professionals enjoy working on interesting projects more than anything. European open source professionals agreed with their global counterparts that the best thing about working in open source is the ability to work on interesting projects, at 34 percent (31 percent globally). However, while respondents around the world said the next best things were working with cutting-edge technology (18 percent) and collaboration with a global community (17 percent), European professionals selected job opportunities second at 17 percent, followed by both cutting-edge technologies and collaboration tied at 16 percent each. Five percent of European respondents said money and perks are the best part of their job, more than double the two percent who chose this response worldwide.

“European technology professionals, government organizations and corporations have long embraced open source,” said Jim Zemlin, executive director at The Linux Foundation. “The impressive levels of adoption of and respect for open source clearly have translated into more demand for qualified open source professionals, providing strong opportunities for developers, DevOps professionals and others.”

The findings of the annual Open Source Jobs Report are based on survey responses from more than 4,500 open source professionals worldwide, including 1,082 in Europe.


Help Net Security

It has been an odd day for Newsweek – its main site was taken offline after it published a story claiming a company owned by Republican presidential candidate Donald Trump broke an embargo against doing deals with Cuba.

The magazine first thought that the sheer volume of interest in its scoop was the cause for the outage, but quickly realized that something more sinister was afoot.

The site was being bombarded by junk traffic from servers all around the world, but the majority came from Russia, the editor in chief Jim Impoco has now said.

"Last night we were on the receiving end of what our IT chief called a 'massive' DoS [denial of service] attack," he told Talking Points Memo.

"As with any DDoS [distributed DoS] attack, there are lots of IP addresses, but the main ones are Russian, though that in itself does not prove anything. We are still investigating."

The story, written by staffer Kurt Eichenwald, detailed how former employees of Trump Hotels had arranged a visit to Cuba in 1998 to explore the possibility of joint ventures with the communist regime. A consultancy company called Seven Arrows made the visit, and the funds to pay for the trip were then allegedly hidden as a charitable expense.

Shortly after the story was published, traffic on the site started to rise – as you'd expect in a presidential season with serious allegations being made. But the traffic count continued to rise and eventually brought the site down.

As with any DDoS attack, finding the culprit is nearly impossible. But it appears that the article has pissed off a lot of people who control many Russian servers. ®

Sponsored: Flash storage buyer's guide


The Register - Security

The RIG exploit kit recently stopped distributing Tofsee and cybercriminals have decided to use the botnet’s own spamming capabilities to deliver the malware, Cisco’s Talos team reported on Thursday.

Tofsee, a multi-purpose malware that has been around since 2013, allows cybercriminals to conduct various activities, including click fraud, cryptocurrency mining, DDoS attacks and sending spam.

Up until June 2016, cybercriminals distributed the malware using the RIG exploit kit and malvertising campaigns. Then, after the notorious Angler exploit kit disappeared from the scene, cybercriminals started leveraging RIG to deliver other payloads, which experts believe might have been more profitable.

After RIG stopped delivering Tofsee, cybercriminals turned to email spam campaigns to infect computers. Typically, the Tofsee botnet has been used to send spam emails advertising adult dating and pharmaceutical websites. However, in August, researchers noticed that the spam messages had changed and started delivering Tofsee malware downloaders.

The volume of these spam emails has gradually increased since mid-August, reaching more than 2,000 messages on some days in September, Cisco Talos reported.

The spammy emails are adult-themed and they purport to come from women in Russia and Ukraine. Recipients are instructed to download and open the ZIP archive attached to the messages as it allegedly contains pictures of the sender.

Instead of pictures, the archive contains an obfuscated JavaScript file that includes a WScript downloader designed to fetch and run an executable from a remote server controlled by the attacker. Once the file is executed, the system becomes infected with Tofsee.

The malware connects to various SMTP relays, which it uses to send spam emails. The threat also initiates HTTP connections as it simulates clicking on ads as part of its click fraud mechanism.

Since the demise of Angler, the RIG exploit kit has been used to deliver the SmokeLoader (aka Dofoil) backdoor and other malware. Its developers have been working on improving the kit with new exploits and command and control (C&C) patterns that could help it evade detection.

Earlier this week, researchers reported that RIG had taken the place of Neutrino in a massive malvertising campaign that delivered CryptMIC ransomware. The campaign had previously used Neutrino, which took the leading position after Angler disappeared.

Related: Cisco Targets RIG Exploit Kit

Related: Kaspersky Confirms Lurk Gang Developed Angler Exploit Kit

view counter

Previous Columns by Eduard Kovacs:

Tags:


SecurityWeek RSS Feed

Heading into the first presidential debate, 58 percent of Americans feel the presidential candidates are not paying enough attention to cybersecurity, according to LifeLock.

cybersecurity presidential candidates

The results of the survey, conducted online Sept. 9-13 by Harris Poll among more than 2,000 U.S. adults, come as hacked emails from the personal accounts of public officials, most recently former secretary of state Colin Powell, continue to draw headlines.

In fact, more Americans believe they are likely to become a victim of a data breach (39 percent) than catch Zika (8 percent) in the next 12 months, according to the survey.

Older Americans (age 65+) are more likely than younger adults (age 18 – 34) to believe that they are likely to have their personal information compromised in a data breach in the next 12 months (43 percent vs. 34 percent).

The survey also asked Americans about the perceived threat of foreign-government hackers and found 60 percent of Americans are worried about foreign-government sponsored cyberattacks.

The majority of Americans (70 percent) said the U.S. government should be responsible for protecting their personal information. More than half (54 percent) think the U.S. government should spend more on cybersecurity, while only 44 percent say we should spend more on national defense.

The vast majority of Americans (96 percent) agree that it’s important for companies like retailers and financial institutions to make every effort to protect their personal information. And 92 percent also acknowledged that it is ultimately their own responsibility to ensure their personal data is secure.


Help Net Security

Pokémon GO Spam, Ransomware, On the Rise

August 17, 2016 , 12:58 pm

Experts Want Transparency From Government’s Vulnerabilities Equities Process

September 20, 2016 , 2:41 pm

Bruce Schneier on Probing Attacks Testing Core Internet Infrastructure

September 15, 2016 , 11:15 am

Generic OS X Malware Detection Method Explained

September 13, 2016 , 9:14 am

Patched Android Libutils Vulnerability Harkens Back to Stagefright

September 9, 2016 , 2:06 pm

Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017

September 8, 2016 , 3:43 pm

Threatpost News Wrap, September 2, 2016

September 2, 2016 , 9:00 am

Insecure Redis Instances at Core of Attacks Against Linux Servers

September 1, 2016 , 1:08 pm

Dropbox Forces Password Reset for Older Users

August 29, 2016 , 9:58 am

Cisco Begins Patching Equation Group ASA Zero Day

August 24, 2016 , 5:53 pm

New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption

August 24, 2016 , 8:00 am

Cisco Acknowledges ASA Zero Day Exposed by ShadowBrokers

August 17, 2016 , 4:06 pm

ProjectSauron APT On Par With Equation, Flame, Duqu

August 8, 2016 , 1:40 pm

Miller, Valasek Deliver Final Car Hacking Talk

August 4, 2016 , 3:26 pm

Researchers Go Inside a Business Email Compromise Scam

August 4, 2016 , 10:00 am

Export-Grade Crypto Patching Improves

August 3, 2016 , 10:00 am

Kaspersky Lab Launches Bug Bounty Program

August 2, 2016 , 9:00 am

Threatpost News Wrap, July 29, 2016

July 29, 2016 , 10:45 am

KeySniffer Vulnerability Opens Wireless Keyboards to Snooping

July 26, 2016 , 9:30 am

Upcoming Tor Design Battles Hidden Services Snooping

July 25, 2016 , 3:51 pm

EFF Files Lawsuit Challenging DMCA’s Restrictions on Security Researchers

July 21, 2016 , 1:18 pm

Oracle Patches Record 276 Vulnerabilities with July Critical Patch Update

July 20, 2016 , 9:21 am

Threatpost News Wrap, July 15, 2016

July 15, 2016 , 11:00 am

Academics Build Early-Warning Ransomware Detection System

July 14, 2016 , 1:05 pm

xDedic Hacked Server Market Resurfaces on Tor Domain

July 12, 2016 , 11:40 am

Conficker Used in New Wave of Hospital IoT Device Attacks

June 30, 2016 , 11:48 am

655,000 Healthcare Records Being Sold on Dark Web

June 28, 2016 , 10:00 am

Windows Zero Day Selling for $ 90,000

May 31, 2016 , 5:44 pm

Millions of Stolen MySpace, Tumblr Credentials Being Sold Online

May 31, 2016 , 1:37 pm

OTR Protocol Patched Against Remote Code Execution Flaw

March 10, 2016 , 10:23 am

BASHLITE Family Of Malware Infects 1 Million IoT Devices

August 30, 2016 , 3:29 pm

New Gmail Alerts Warn of Unauthenticated Senders

August 11, 2016 , 2:10 pm

New Trojan SpyNote Installs Backdoor on Android Devices

July 29, 2016 , 12:21 pm

Keystroke Recognition Uses Wi-Fi Signals To Snoop

August 25, 2016 , 2:19 pm

PLC-Blaster Worm Targets Industrial Control Systems

August 5, 2016 , 4:49 pm

Android Patch Fixes Nexus 5X Critical Vulnerability

September 2, 2016 , 12:49 pm

Critical MySQL Vulnerability Disclosed

September 12, 2016 , 11:00 am


Threatpost | The first stop for security news

Tesla car owners are urged to update their car’s firmware to the latest version available, as it fixes security vulnerabilities that can be exploited remotely to take control of the car’s brakes and other, less critical components.

The vulnerabilities were discovered by researchers from Tencent’s Keen Security Lab, and responsibly disclosed to Tesla. The company’s Product Security Team confirmed them, and implemented fixes in the latest version of the firmware.

Tencent’s researchers understandably didn’t reveal details about the flaws, but have provided a video demonstration of the attacks:

They have managed to remotely open various Tesla cars’ sunroof, turn on the blinkers, move the car seat, and open doors, all while the cars were in parking mode. But they have also managed to control windshield wipers, fold the side rearview mirrors, open the trunk, and manipulate the brakes from 12 miles away.

“As far as we know, this is the first case of remote attack which compromises CAN Bus to achieve remote controls on Tesla cars. We have verified the attack vector on multiple varieties of Tesla Model S. It is reasonable to assume that other Tesla models are affected,” they noted.

“The issue demonstrated is only triggered when the web browser is used (web browser functionality not enabled in Australia). Our realistic estimate is that the risk to our customers was very low, but this did not stop us from responding quickly,” a Tesla spokesperson told ZDNet.

The software update fixing the flaws has already been deployed over-the-air, so details about them should soon be revealed.


Help Net Security

Understanding the intersection between health care and data security is becoming more critical in our increasingly connected world. In order to keep sensitive medical records secure, hospitals and other health care organizations need to recognize what makes this data so valuable and appreciate that they face unique data security challenges.

Also unique is the path that brought Dr. Michael Ash to his current role as Associate Partner for Security, Strategy, Risk and Compliance at IBM. Having previously practiced as an oral surgeon with the U.S. Air Force, Michael has an uncommon familiarity with the worlds of both health care and security. In this podcast, Michael uses his distinct viewpoint to illustrate the value of protected health information (PHI), the dangers of ransomware and the need for better security practices in the health care industry.

Listen now — or download and listen on the go — to hear Michael’s data security insights and his actionable advice on what organizations can do to address their PHI protection challenges.

Read the IBM X-Force Research Report: Security Trends in the Health Care Industry

Never miss a new edition of the Security Intelligence podcast! Subscribe today via iTunes or your favorite platform.


Security Intelligence