Sunday, August 7, 2016

Forget The RIO Olympics Hacker Conference Defcon Is Back In Vegas

We Are Change

Forget the RIO Olympic games and turn off your cell phones because the widely known Defcon is back in Las Vegas, for it’s 24th conference. White-hats and Black-hats alike meet once a year in Las Vegas to discuss security and security vulnerabilities as well as display their findings the hack-a-thon last three days and usually presents some pretty bizarre findings about our sense of “security. If you are interested and have further questions the Defcon team provides a rather hilarious faq to answer your questions.

cgc

Defconians will meet at Bally’s Las Vegas Hotel & Casino to display their computing skills. If there is anything iv learned being so rooted within the Anonymous movement and other hacking groups it’s this, there is no secure system it’s all a matter of how determined an individual is to hack into a system by researching it’s architecture it’s vulnerabilities and exploiting those vulnerabilities to gain root or admin access and there are many ways to do that.

So what did you miss what are some of the highlights and why is this so important even if you are not a hacker?

First off, the U.S. Defense Advanced Research Projects Agency (DARPA) displayed it’s technical prowess by having the first ever automated super computer hacking competition. In which as bluntly as it sounds automated computers attempted to hack each other.

Samsung pay was also hacked by researcher Salvador Mendoza, which with us shifting more towards digital currency and using credit cards this is a huge revelation of how in-secure we really are entrusting our cell phones with our personal financial information. Mendoza displayed how he could steal authentication tokens using a sniffing device in his presentation he showed how a user could purchase a drink hen could then steal the authentication token of Samsung pay and get himself a drink for free.

Another researcher, Weston Hecker, a security engineer and pentester at Rapid7 displayed how easy it is to exploit magnetic stripe hotel key cards.
He went further to state that the device could be used to malicious then exploit the POS (Point of Sale) systems adding on that manager and special privileged mag stripe keys “Skeleton Keys” were possible to be emulated with his device. Essentially what Hecker is implying is that if exploited a hacker could have access to all rooms in a hotel a malicious hacker could then break into these rooms and steal other people’s personal items they could also essentially get free stay at any hotel switching from room to room.

“From field observations, the brute force susceptibility appears to affect most any property management system that uses magstripe key cards, so it’s multi vendor Some cards are RFID, not magstripe, so those aren’t affected.”
~Weston Hecker, a security engineer and pentester at Rapid7 said.

“The vulnerability for both of the attacks is not feasible without the ability to inject using the device that I made A lot of these vulnerabilities also stem from relying on security through obscurity.”
~Weston Hecker, a security engineer and pentester at Rapid7 said.

“When a person obtains a second key to their hotel room, that key has encoding information on it that attackers can leverage to read numbers and key information in the clear In my research, I used information on a room that I was checked out of and back in.”
~Weston Hecker, a security engineer and pentester at Rapid7 said.

Security is always important and We Are Change would like to give you a few security tips,
use password managers and create strong passwords use this password generator to create strong passwords don’t use weak passwords that can easily be guessed or are likely in a brute force dictionary. Also be aware of your surroundings when using your debt and credit cards be aware of skimmers that can steal your credit card information and use life-lock it’s only a few bucks a month to protect your identity.

The post Forget The RIO Olympics Hacker Conference Defcon Is Back In Vegas appeared first on We Are Change.



from We Are Change http://wearechange.org/forget-rio-olympics-hacker-conference-defcon-back-vegas/

No comments:

Post a Comment