Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label DefCon. Show all posts

Election Security: Lawmakers Will Introduce New Machines Against Defcon Hackers


August is marked as a busy month for computer hackers, since they attempt to break into the election equipment of the Las Vegas conference hall with their USB sticks, screwdrivers or bare fingertips, with one goal: discovering new and more effective security measures for the system.

However, organizers of this year’s DEF CON hacker convection (concluding this Sunday) spent as much time over the physical safety of the security researchers hacking into the devices.

The researchers who examine electoral equipment for vulnerabilities have come under growing intimidation and harassment since former President Donald Trump's effort to annul the 2020 election.

In order to protect these researchers, the organizers of the conference’s ‘Voting Village’ hacking event apparently appointed undercover security consultants. Additionally, they shifted the entire event to a side room so as to monitor the activities more closely and instructed their roughly two dozen volunteers on what to do in the event in case any agitators turned up.

The measures provide a little glimpse into a trend in the landscape of voting security in the US. Election officials, poll workers, and security researchers will eventually be forced to think more carefully about physical safety and take a variety of additional safeguards as a result of the increase in threats caused by disinformation.

According to Catherine Terranova, one of the organizers of the Voting Village, last year’s DEF CON witnessed certain troubling incidents, however minor. For an instance, a conspiracy theorist apparently set the alarm bells off during the event. Also, a group of people who appeared to be committed to advancing election denialism also attended the event the previous year and harassed a few of the Voting Village speakers.

“The day after DEF CON ended last year, I started pouring all of my time and energy into figuring out how to secure this village[…]I said to myself, ‘we are never doing this like this again,” Terranova said.

This is an issue which concerns the government election security officials too.

“Any threat of violence against an election official, poll worker, or anyone else working to safeguard our democracy is completely unacceptable. These folks are members of our communities, and dedicated public servants,” CISA Director Jen Easterly said in a statement.

Introducing a New Voting Machine

Voting Village lawmakers will now be introduced with a prototype of a $10 million DARPA-funded open source voting machine, created to mitigate any hacking activities executed to temper with votes.

The project will be headed by Galois, a DARPA awarded government contractor. For a fact, Galois has worked with Microsoft in developing ElectionGuard, a software for voting machines to verify ballots. 

The Galois machine reads votes on paper and scans them to ensure that they are legitimate. It will have a secure CPU that Galois developed that is geared to fend off common attacks that other voting machines were vulnerable to in prior Voting Villages.

Galois aims to provide the first voting system that hackers at Defcon will be unable to break, but in both years that the Voting Village has existed, hackers have been able to find one or the other vulnerabilities. However, even if hackers do discover flaws in the prototype, which its designers anticipate happening, it is still a win-win situation.

"There's an ambition that this demonstration will not have vulnerabilities comparable to what's in the room[…]But of course, the point of the exercise is to learn. If they do find flaws, it helps the researchers put on a different thinking cap and adjust their work over the next 2.5 years while this project continues," Joe Kiniry, a principal scientist at Galois, explained in an interview.  

Defcon Kerala 2013 - Call for papers


Defcon Kerala (DC0497) is a Defcon USA Registered group for promoting and demonstrating research and development in the field of Information Security. We are a group of Information Security Enthusiasts. Defcon Kerala is a platform for students, professionals, geeks, and nerds to present there technical research papers and show case their skills. Speakers are invited to present papers on various information security related research topics before the delegates and interact them.

Some Topics of Interest:

Disclosure of new Hacking Tools

New Vulnerabilities and Zero Day Exploits

Cyber Forensics

Lock picking & physical security exploitation

Web Application & Network Security

Antivirus/IDS/Firewall/filter evasion techniques

Social Engineering

Metasploit Framework

Web Browser Exploitation

Mobile Application Security and Exploitation

Wireless Security

Denial of Service Attacks

Hardware Hacking/ SCADA Hacking

Honeypots

Fuzzing Techniques

Open Source Security

Cyber Laws, Cyber warfare, Cyber Ethics

Anonymity in Internet

Carding and Black Market Analysis

NOTE: These are just some sample topics. You can send any topics related to Information Security.

Paper Submission Details

Please send your papers to this email


Follow the format given below:

=========================================================

Author Name:

Mobile:

Brief Biography:

Paper Title:

Paper Abstract:

Paper Outline:

Publishing/Disclosing any Tools/Vulnerabilities/Zero Days (YES/NO):

Any Additional Requirements:

=========================================================

NOTE: Paper should be submitted in PDF, DOC, DOCX, or ODF Format. Presentation should not exceed 25mins. If your paper is selected then you will be notified soon and you should register for a Speaker Pass.

Register

Buy your speaker pass for Defcon Kerala 2013 Meet

Please Register only after you get a notification by email that your paper is selected.

Click here => REGISTER

Important Dates

Call For Papers is open: 13th January 2013

Call For Paper submission Deadline: 1st April 2013

Defcon Kerala Meet 2013 Scheduled on: 21st April 2013


Tools released at Defcon can crack widely used PPTP encryption in under a day

Security researchers released two tools at the Defcon security conference which can be used to crack the encryption of any PPTP (Point-to-Point Tunneling Protocol) as well as WPA2-Enterprise (Wireless Protected Access) sessions which use MS-CHAPv2 for authentication.


MS-CHAPv2 is an authentication protocol created by Microsoft and introduced in Windows NT 4.0 SP4. Despite its age, it is still used as the primary authentication mechanism by most PPTP virtual private network (VPN) clients.

ChapCrack can take captured network traffic that contains a MS-CHAPv2 network handshake (PPTP VPN or WPA2 Enterprise handshake) and reduce the handshake's security to a single DES (Data Encryption Standard) key.


This DES key can then be submitted to CloudCracker.com -- a commercial online password cracking service that runs on a special FPGA cracking box developed by David Hulton of Pico Computing -- where it will be decrypted in under a day.


The CloudCracker output can then be used with ChapCrack to decrypt an entire session captured with WireShark or other similar network sniffing tools.


PPTP is commonly used by small and medium-size businesses -- large corporations use other VPN technologies like those provided by Cisco -- and it's also widely used by personal VPN service providers, Marlinspike said.


The researcher gave the example of IPredator, a VPN service from the creators of The Pirate Bay, which is marketed as a solution to evade ISP tracking, but only supports PPTP.


Marlinspike's advice to businesses and VPN providers was to stop using PPTP and switch to other technologies like IPsec or OpenVPN. Companies with wireless network deployments that use WPA2 Enterprise security with MS-CHAPv2 authentication should also switch to an alternative.

Keith Alexander, NSA Chief, asks hackers to make internet more secure

National Security Agency Director Gen. Keith Alexander, also the head of the U.S. Cyber Command, took the unprecedented step on Friday of asking a convention of unruly hackers to join him in an effort to make the Internet more secure.

In a speech to the 20th annual Def Con gathering in Las Vegas, four-star General Keith Alexander stressed common ground between U.S. officials and hackers, telling them privacy must be preserved and that they could help by developing new tools.

"You're going to have to come in and help us," Alexander told thousands of attendees.

The conference founder, Jeff Moss, known in hacking circles as the Dark Tangent, told the conference he had invited Alexander, who rarely gives speeches, because he wanted them to learn about one of the world's "spookiest, least known" organisations.

Attendees were respectful and gave modest applause, though several said they were concerned about secret government snooping and the failure of authorities thus far to stop foreign-backed attacks.

"Americans pay taxes so that federal agencies can defend them," said a researcher who asked not to be named. "I see it as a hard sell asking a business entity to spend money for the common good."

Alexander won points by wearing the hacker "uniform" of jeans and a tee shirt, wandering the halls and praising specific hacking efforts, including intrusion detection tools and advances in cryptology.

He also confronted civil liberties concerns that are a major issue for many researchers devoted to the internet.

Taking questions screened by Moss, Alexander denied that the NSA had dossiers on millions of Americans, as some former employees have suggested.

"The people who would say we are doing that should know better," he said. "That is absolute nonsense."

Alexander used the speech to lobby for a cyber security bill moving through the Senate that would make it easier for companies under attack to share information with the government and each other as well as give critical infrastructure owners some reward for adhering to future security standards.

"Both parties see this as a significant problem," he said, adding that the experts like those at Def Con should help in the process. "What are the standards that we should jointly set that critical networks should have?"

In addition to conducting electronic intelligence gathering, primarily overseas, the defence-department-controlled NSA is charged with protecting the American army from cyber-attacks.

Increasingly, it has been sharing its findings with the FBI to aid in criminal cases and with the department of homeland security, which warns specific industries of new threats.

Displaying a slide with the logos of several dozen of companies breached by criminals or spies in the past two years, Alexander said only the most competent even knew they had been hacked.

"There are 10 times, almost 100 times more companies that don't know they have been hacked," he said.

DEF-CON Bangalore September 2012 Meet-Call for Papers


September 2012, DEF-CON Meet (Bangalore Chapter) is the platform for the presentation of new advances and research results in the fields of theoretical, experimental, and applied Computer Technology and Science. The paper presentation held as part of The Meet attracts some of the best minds from all over the country. Participants are invited to present papers spanning various research topics pertaining to the different branches of engineering.

Topics of interest for submission include, but are not limited to:

  • New Vulnerabilities and Exploits/0-days
  • Open Source Security&Hacking Tools
  • Antivirus/Firewall/UTM Evasion Techniques
  • Software Testing/Fuzzing
  • Network and Router Hacking
  • Malware analysis & Reverse Engineering
  • Mobile Application Security-Threats and Exploits
  • Advanced Penetration testing techniques
  • Web Application Security & Hacking
  • Browser Security
  • Hacking virtualized environment
  • WLAN and Bluetooth Security
  • Lockpicking & physical security
  • Honeypots/Honeynets
  • Exploiting Layer 8/Social Engineering
  • Cloud Security
  • Critical Infrastructure & SCADA networks Security
  • National Security & Cyber Warfare
  • Cyber Forensics, Cyber Crime & Law Enforcement

PS: This is just a sample, the topics can be anything and everything related to computer science and security engineering.

Procedure for submitting your papers:-

Your submissions should follow the following format.

1. Author name
2. Title of the Paper
3. Email Address
4. Mobile Number
5. Provide Supporting Materials for your paper in form of PDF or Links
6. Presentation Format must be in PDF for submission.

Send your submissions to: defconbangalore@gmail.com

Important Dates

Date for Abstract Submission : 29th June 2012

Date for Notification of Selection : 8th July 2012

Date for Final submission of full paper : 15th August 2012
DEF-CON Bangalore Meet Scheduled on: 9th September 2012

Defcon Rajasthan(DC91141) - Invitation for the March 2012 Meet

Defcon Rajasthan invite all of you for our first meet which is going to held on 25th March 2012.

Defcon Rajasthan (DC91141) is a Defcon Registered group of people interested in exploring technology and it implications in security. It mostly consists of information assurance professionals and enthusiasts.

The main purpose of this group is to organize technical talks and hands on experience on topics of interest. While seasoned speakers will be invited to present for the initial several presentations. Our intention is to have local people with less experience present as well. This will allow younger professionals and researchers to get used to preparing a technical presentation and sharing it with an audience.

Why this meet ??

The main motivation behind this group is to have a place where technical people can discuss technical topics and problems and hopefully find solutions to them. There are multiple social groups of security professionals in the India but none of them seams to stick outside of the pub... so as a result, during one of those meetings, the idea was born and here it is...



[ Tickets for the Meet]

For General Public : 700 INR (Lunch Included)

For Students: 600 INR (Lunch Included)

Hotel Reservation is also available.

To book the tickets mail to rajasthan@defcon.co.in
or you can call us on +91-7597113236


[ Time of the Meet ]

On 25th March 2012

From 10 AM to 6 PM

Do make sure that your at the venue by 9:45 AM


[ Venue of the Meet ]

Royal Seminar Hall,

Near Bus Stand & Railway Station (Only 5 min walking distance from both Bus Stand and Railway Station)

Opposite Pink City Petrol Pump, Khasa Kothi Flyover,

M.I. Road, Jaipur, Rajasthan - 302001

Call for Paper - DEF CON Rajasthan March 2012 Meet

DEFCON Rajasthan invites unique and fresh research papers for March 2012 Jaipur Meet.

Defcon Rajasthan (DC91141) is a Defcon Registered group of people interested in exploring technology and it implications in security. It mostly consists of information assurance professionals and enthusiasts.

The main purpose of this group is to organize technical talks and hands on experience on topics of interest. While seasoned speakers will be invited to present for the initial several presentations. Our intention is to have local people with less experience present as well. This will allow younger professionals and researchers to get used to preparing a technical presentation and sharing it with an audience.



Paper shold be..
-> Paper should be of current subject and not more than 1 year old.
-> Papers can be on your own research with proof of concept.
-> Topics of interest includes everything related to Security.
-> Topics related to mobile security or any mobile operating system.
-> Any new methods of hacking or any 0day/tool disclosure.


Some of Example Topics are :-
  •  Wireless Security
  • Network Security
  •  Web Application Vulnerability
  •  Mobile Security
  • Cloud Computing
  •  Computer Forensics
  •  Cyber Laws
  •  Buffer Overflow
  • Reverse Engineering
  •  Exploits and 0day Vulnerability etc etc

** The above are just sample, the Paper can be of any topic related to security.

Your submission must contain the following information.
Please send your paper to rajasthan@defcon.co.in

1. Author name
2. Title of the Paper
3. Email Address
4. Mobile Number
5. Provide Supporting Materials for your paper in form of PDF or Links
6. Presentation Format must be in PDF for submission.

PS: Presentation should not exceed more than 20 minutes

—————————–
Further Information on Dates:
—————————–
Paper submission last date : 10 March 2012
Notification of paper Acceptance : 12 March 2012
Paper Presentation : 25 March 2012
Please send your paper to rajasthan@defcon.co.in

Defcon Japan First meeting scheduled on February 24 2012


DEFCON-JAPAN's First meeting is scheduled to February 24 (Fri) at 19:00. Please carefully read the description of the event for the entrance procedure. In case you can't enter the Information Technology Center call 080-4201-5588

If you planning to attend, please register here: First Meeting of DCG893

Speakers:
Marat Vyshegorodtsev - What is DEFCON Group?
Daisuke Miyamoto  - To be announced
Sen Ueno  - To be announced
Yoshinori Takesako - How to execute arbitrary code on x86 JIT Compiler