![]() One easy way in-person participants could unlock additional functionality was to “mate” their badge with someone else’s, either via one of the USB connectors at each end of the lanyard/cable or directly, via one of the connectors at the badge’s lower edge. And “We didn’t want to give you a two week head start” on unlocking the various puzzles and other challenges built into the programmable chip mounted inside, said badge designer Michael Whiteley. After all, virtual participants who chose the paid option (the talks were also broadcast free on Twitch and Discord) received badges early. This year, more so than ever, since the official conference hardware medallions were accompanied not just by a harrowing tale of triumph over supply chain misadventures, but a flashable firmware update released as DEF CON opened. As anyone who’s been to DEF CON knows, badges are big. One of the best anecdotes at the war stories session concerned physical pentesting at a bank (the session was strictly off the record, so that’s all we can say.) There are whole villages (mini cons-within-a-con) dedicated to lock-picking and social engineering. Lots of people come to DEF CON to talk about defeating/getting around/ultimately improving physical security. I want those people to be on my team,” said Olson, unphased as hackers at the Aerospace Village dismantled one of her lego robots to build a paper airplane launcher. “For too long, it’s been hackers over here, security researchers over there, and the government right over here. They’re recruiting, too, but more importantly, Olson said, with the longer-term mission of bridging a cultural divide. “It’s an incredible opportunity to get at what the vulnerabilities might be before an adversary” can. ![]() The feds are there because it’s the cutting edge of research into vulnerabilities and exploits, Olson told README. Defense Digital Services Acting Director Katie Olson staffed an exhibit that featured a mini Mars Rover that Twitch users controlled remotely and Lego mining robots that DEF CON attendees could tinker with. But feds were there anyway, including a dozen or so from CISA. CISA Director Jen Easterly also opted not to attend. “It would have been weird and might have been glitchy,” Moss told README. In the end, Mayorkas didn’t come to Vegas and organizers opted to cancel rather than try and stage the conversation remotely. There was much controversy last month about the DEF CON decision to invite DHS Secretary Alejandro Mayorkas to take part in a keynote interview with founder Jeff Moss. The researchers say classic web vulnerabilities like this will have serious consequences for the future security of cryptocurrencies. Security researchers for the Chinese tech giant TenCent demonstrated a proof-of-concept exploit against Tron cryptocurrency, a $5 billion blockchain implemented using a version of Java. One of DEF CON’s buzzier talks this year was about the first published attack to covertly steal user assets by employing remote code execution (RCE) obtained through a JSON deserialization 0day. But to make it work in the real world, blockchain has to be implemented - and implementations, like every other piece of software, are hackable. Cryptocurrency boosters and other advocates of Satoshi Nakamoto’s famous protocol are fond of asserting that the blockchain “can’t be hacked.” It is true that - “ 51 percent” attacks aside - the underlying cryptographic protocols of the blockchain are robust (and likely to remain that way until the advent of quantum computing pretty much breaks all contemporary encryption). Here are 10 of our highlights from DEF CON 29: As the slogan this year put it: “You can’t stop the signal.” But that didn’t stop the hacking, badge tinkering and collecting and high-jinks that took place alongside brilliant security talks from some of the brightest people in the industry. ![]() As a result, everyone was masked - and there were some amazing ones like this and this - and many of the presentations were delivered via video. But this year was more unusual than most - owing mainly to the fact that it took place under the cloud of Covid-19 and its surging Delta variant, which cut normal attendance numbers by about a third. ![]() 10 things we learned - and relearned - at DEF CON 29 (some that have nothing to do with security)Ī lot of it has to do with cryptocurrency fallacies, hacking buildings, bizarre contests, furs, bad IoT security and other wonderful and intriguing elements of infosec culture.ĭEF CON has always been weird, and that’s the way organizers and attendees like it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |