Quantcast

Archive: 2014

Best Security Software 2015

Looking back at 2014, the progress in technology used for antivirus protection, online security and user privacy defense is to the fore. In the framework of increasingly tight competition within the industry and the vendors’ approaches that have to rapidly advance in order to meet the more serious...

How to remove Vosteran Search from infected web browser

What makes it easy to tell a reputable web service enhancement from a potentially unwanted one is its mode of installation and whether or not it clearly asks for user authorization to amend browsing settings in one way or another. Based on these indisputable criteria, the add-on called Vosteran (or Vosteran...

The State of Incident Response by Bruce Schneier 4: OODA Loops in Cybersecurity

The concept of OODA loops, which originated in the U.S. Air Force, is being explained and extrapolated to digital incident response in this entry. Alright, so, people, process, and technology. The key here is making it scale. I’m at the follow-on sentence from Lorrie Cranor, she wrote: “However,...

The State of Incident Response by Bruce Schneier 3: Effects of the Prospect Theory

The nuances covered by Bruce Schneier in this part are related to the psychological effects on IT security, namely the behavioral patterns for loss aversion. Now my one piece of psychology. I am going to try to explain security in terms of one psychological theory. And the theory is “prospect...

The State of Incident Response by Bruce Schneier 2: Security-Related IT Economics

Having highlighted the basic IT security trends, Bruce Schneier moves on to dwell on the economic facet of the contemporary cybersecurity. Now I want to give you some IT economics that’s relevant to security. I have four pieces of economics that matter for IT and matter for security, and I think the more...

The State of Incident Response by Bruce Schneier

This series of articles reflects a Black Hat talk by prominent computer security expert Bruce Schneier where he covers the current state of incident response. I’m going to talk about incident response. I’m going to talk about it in kind of a meandering fashion. I’m going to talk about three trends in...

Exploiting network surveillance cameras like a Hollywood hacker 6: Demo time

A bunch of cameras having been analyzed for security vulnerabilities, Craig Heffner demonstrates a demo about hacking admin’s video feed and does a brief Q&A. … So the admin will now always see the empty elevator no matter what is actually going on in there. This is actually a lot more fun to see in...

Exploiting network surveillance cameras like a Hollywood hacker 5: Messing around with admin’s video feed

Mr. Heffner demonstrates a proof of concept where live video feed on TRENDnet camera gets replaced with a static image through the use of an old vulnerability. But I wanted to kind of take a step back from that and say, okay, that’s great and all, but what can I do to the camera itself? I’ve got root on...

Exploiting network surveillance cameras like a Hollywood hacker 4: Attack surface analysis of 3S Vision

Moving on to another vendor, Craig Heffner now analyzes the nuances of getting access to video feed and, even more, becoming root on 3S Vision cameras. By far, the most expensive camera I looked at, though, was the N5072 from 3S Vision (see right-hand image). This one has a list price of “Contact...

Exploiting network surveillance cameras like a Hollywood hacker 3: Accessing the admin area on IQinVision

Having discovered vulnerabilities for D-Link and Cisco, which aren’t camera-focused companies, Craig Heffner looks into how IQinVision is doing security-wise. So I said, okay, clearly, D-Link and Cisco are doing it wrong in their defense, though, you know, they’re not really camera companies; they...

Exploiting network surveillance cameras like a Hollywood hacker 2: Cisco’s weaknesses

It’s turn for the business IP cameras by Cisco to undergo Craig Heffner’s examination security-wise, in particular the popular PVC2300 and WVC2300 models. So I said, okay, D-Link is an easy target, as I mentioned – that’s why I picked them. Let’s move on to perhaps a more reputable vendor, like...

Exploiting network surveillance cameras like a Hollywood hacker

Craig Heffner, a Vulnerability Analyst with Tactical Network Solutions, presented at Black Hat to cover common security issues in network surveillance cameras. Hi, I’m Craig Heffner; this talk is, obviously, “Exploiting Surveillance Cameras Like a Hollywood Hacker”. As some of you may or may...

I am a legend 6: Hearthstone card affinities

The closing part of the Burszteins’ presentation is dedicated to modeling and evaluating card affinities in Hearthstone for accurate game outcome prediction. Before you get all your hopes too high and I tell you about how black magic is done, just a word of disclaimer. Because Naxxramas has just been...

I am a legend 5: Predicting the opponent deck

Elie Bursztein now turns it over to his wife Celine to talk about their in-game web application which can help foresee the opponent’s deck in Hearthstone. So, let’s switch gears a little bit. We are going to tell you about how you can predict your opponent’s deck, and I’m going to let Celine tell...

I am a legend 4: Pricing cards with unique effects

Delving further into game analysis, Elie Bursztein provides some results of modeling cards with special effects to see if they are overpriced or undervalued. So, how do you take it to the next level? Well, it’s really difficult, at least without extra data. And this extra data is how people play the game....

I am a legend 3: Looking for undervalued cards in Hearthstone

What Elie Bursztein now looks into is the process of modeling cards by attributes to determine their real values and then compare those to the face values. Okay, so how do we scale that to hundreds of cards? More precisely, we were able to do 130 cards for this research, because modeling each attribute is a...

I am a legend 2: Card attributes and basic game assumptions

Elie Bursztein now looks into the attributes for each card in Hearthstone, providing a few simple examples of value discrepancy for some of the common ones. What makes this game so interesting is the cards. Everything is a card, and you should look at how the game is structured. Actually, your hero is a...

I am a legend: Hacking Hearthstone with machine learning

At Defcon 22, Elie Bursztein and his wife Celine present their research about finding undervalued cards in Hearthstone and predicting the opponent’s actions. Hi everyone! My name is Elie. Today Celine and I are going to talk to you about Blizzard’s new game Hearthstone. Just a quick disclaimer before we...

Weaponizing Your Pets 8: The Conclusions

The closing part of Mr. Bransfield’s presentation highlights the key takeaways from his research and some extracurricular activities for the Defcon community. So, what have we learned overall? A tech hobbyist with no prior firmware experience can create a functional War Kitteh Collar in a relatively short...

Weaponizing Your Pets 7: The Denial of Service Dog in Action

Gene Bransfield moves on to describe further experiments with weaponizing pets, now covering the deployment of the Denial of Service Dog project. Now I’ll move on to the Denial of Service Dog. So, the Denial of Service Dog, admittedly, is just trolling. There’s nothing socially redeeming about it...

Weaponizing Your Pets 6: The War Kitteh Success

The cat collar assembly being finally completed, the War Kitteh goes for a walkabout to do some wardriving in the neighborhood while staying tracked via GPS. So, now we’re back to our volunteer cat (see right-hand image). This bastard still owes me a cell phone. We’re going to send him out with some...

Weaponizing Your Pets 5: The Final Collar Assembly

This part of Gene Bransfield’s talk covers the final troubleshooting and gear preparation before the volunteer pets are good to go with the collar. So, when I was working with the Arduino stuff I had the TinyGPS++ stuff that I’d really liked to use. I loved to use TinyGPS++ because it was very easy to...

Weaponizing Your Pets 4: Spark Core to the Rescue

Having run into hurdles with Arduino, Gene Bransfield now turns to Spark Core development platform to make the needed pet collar and try to get it working. Looking into another form factor, this is the Spark Core (see leftmost image below). I call it the “Arduino mullet” because it’s got WiFi...

Weaponizing Your Pets 3: Some Fun with Arduino

After the fail with tech inside the cat coat, Gene decides to give Arduino a shot due to the right form factor and sufficient functionality – read how it went. I was talking to my friend Bill about this, and he laughed. He said: “Why don’t you try Arduino? It’s a small form factor, low power...

Weaponizing Your Pets 2: Better Luck Next Time with the Cat

Gene Bransfield’s very first attempts sending out the War Kitteh with not-so-sophisticated gear turned out a fail – read the entry to learn what happened. So, requirements… The CONOP is to put a collar or harness on a cat with stuff in it and have the cat do a walkabout and get data. Well, number 0 is...

Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog

In his first-time Defcon presentation, Tenacity Solutions’ Gene Bransfield shares his hilarious experience of making a ‘volunteer’ cat and dog go technical. Good morning Defcon! I can’t tell you what a pleasure it is to be here. I’d wanted to present here for a while. I’d like to start...

Unexpected Stories from a Hacker inside the Government 5: A Tribute to Barnaby Jack

This is the closing part where Peiter Zatko tells the Defcon community two hilarious stories from his reminiscence of the famous white hat hacker Barnaby Jack. 5. A Tribute to Barnaby Jack Okay, so let me try and give my Barnaby one without actually breaking down into tears here. Let’s see if I pulled...

Unexpected Stories from a Hacker inside the Government 4: Hacker Equals Researcher, Not Criminal

This part is dedicated to the interactions between the Government and the hacker researcher communities, also covering recommendations to both parties. Government communities and the hacker researcher communities Now the fourth story, and maybe I’ll do the fifth story about Barnaby Jack and Abu Dhabi –...

Unexpected Stories from a Hacker inside the Government 3: Game Theory Is a Bitch

Mudge now shares some of his thoughts about why the Government tends to stay with the same contractors even after their tech findings have been compromised. 3. Game theory is a bitch My third story is … well, let me give you a little background. I’ve got a lot of people approach me outside of work and...

Unexpected Stories from a Hacker inside the Government 2: DoD’s Controversial Message

Another story by Mudge is about how blurred and poorly worded statements of the Government agencies can pull off cyber attacks by movements like Anonymous. 2. Department of Defense vs. Anonymous The second story is about Anonymous and the Department of Defense. I remember Anonymous from way back. I mean,...