An admin of Silk Road 2, named Brian Farrell, who helped maintain the notorious dark web site by providing customer and technical support, approving and suspending vendors, and promoting staff members, has pleaded guilty and could face 8 years in prison.
The 28-year-old man, who used the moniker “DoctorClu,” had been accused last year of being the right-hand to the creator of Silk Road 2.0
There was a “car hacking” area at Defcon 23 last week, where Tesla proudly displayed their brand and a new Model S. While there were a couple of other vehicles at the show (in various states of having their electronics torn down), the buzz was all about Tesla.
The Model S was hacked, and that was big news at the conference. After the hack, Tesla fixed the vulnerabilities and delivered patches to their vehicles using an Over The Air (OTA) update. With OTA, drivers didn’t need to bring their vehicles in for service or worry about managing software upgrades; updates happened automatically.
By being an active participant at Defcon, Tesla is showing how to build a positive, trusting and productive relationship with white hat hackers. When the hackers called Tesla with the vulnerabilities, Tesla quickly responded. As a result, they now have a more secure system and better separation between core car systems (engine, brakes, etc.) and the infotainment functions. The differences between Tesla’s approach and the Jeep approach are pretty stark.
Manufacturers across industries should take note of Tesla’s engagement of the Defcon community as a model to follow. Companies need to engage and build trust with white hat hackers if they are to fully utilize the knowledge and expertise the community offers.
The Model S is just one example of a Thing connected to the Internet – an IoT device. A Tesla is a big-ticket item, with serious implications if it is compromised. From that perspective, Tesla’s investment in back-end infrastructure and OTA systems makes a lot of sense. Similar infrastructure should be in place for other IoT devices, but is often not.
Take IoT baby monitors, for example. None of the products tested at Defcon met even a minimal level of security, including several products that lack encrypted video and audio feeds. The problem is that a baby monitor is an inexpensive device (compared to a Tesla), and the economics make it harder to justify large investments in security and back end systems. This is a problem (and opportunity) the industry needs to address. Some security frameworks are emerging, but we don’t yet have a comprehensive approach. Until we do, we will see more IoT hacks. While they may not get the media attention the Tesla hack got, in many ways they are just as serious and are more difficult to fix.
We need to get to a place where more IoT vendors are proud to display their brands at Defcon (and other security conferences) because they understand the importance of security and are willing to engage positively with hackers. Perhaps next year, we will see many more companies alongside Tesla at Defcon, proudly displaying their brand.
If Black Hat is becoming the new RSA, then DEF CON is oozing toward Black Hat, it seems, and B-Sides is the new DEF CON. This year it got some Ikea furniture to spruce up its mom’s basement. Not totally commercial, but definitely more – first apartment folding furniture – chic; the basement just got upgraded.
The post DEF CON – Upgrading your mom’s basement appeared first on We Live Security.
A planned Defcon talk around a low-cost privacy device called ProxyHam has been cancelled.
The post Cheap wifi privacy device pulled with no explanation appeared first on We Live Security.
Internet of Things devices from the likes of Apple, Fitbit and Samsung will be pushed to their limits this August at the DefCon 23 conference, where hackers have been invited to test the latest gadgets for possible exploits.
The post Hackers invited to break Apple, Fitbit and Samsung devices at Defcon 2015 appeared first on We Live Security.
But this is no ordinary conference, this is “Kiwicon” the eighth consecutive annual security conference held in Wellington, New Zealand whose theme this year is – “It’s always 1989 in computer security”.
No expense has been spared by the organisers to reinforce the 80’s theme including name badges in the form of real audio cassettes (yes, they still exist) that are labelled with your hacker name. I’m afraid my hacker name of “Michael” was somewhat plain in hindsight!
The self-deprecating humour scattered throughout the Kiwicon website and program guide is nothing short of amazing; a must-read if you get the chance. And the permanent stage props of a Llama and Sheep really help paint the picture of a conference that has a wonderful relaxed, if not quirky tone.
With more than 1,100 security geeks attending, including many international guests, this conference is likely the closest thing to DEFCON this side of the Pacific; and from comments I’ve heard from fellow attendees, maybe even better.
The first day has concluded with talks as diverse as real cases of journalists and human rights activists being hacked by suspicious government actors, to researchers who reverse engineered the Bluetooth powered controls of an electric skateboard.
Presentations at Kiwicon tend to be very technical, and give you an insight into the genius minds behind some of the leading edge security research that over time assists in keeping all of us safer online, as vulnerabilities are discovered and disclosed.
Day two of Kiwicon is packed with topics such as a walk through of techniques that can be used to detect hoax images that are all too familiar on the Internet these days, as well as some possible disclosures relating to Minecraft which may well turn into breaking news.
But if attending security talks aren’t your thing, the conference also offers the chance to participate in a hacking challenge, lock-picking competition and other activities to keep the minds of the brightest up and coming security professionals occupied.
Until the next conference, stay safe out there.
