I just read on the official DEF CON Twitter account that Dark Tangent has decided to cancel DEF CON 28 due to the COVID-19 pandemic. The good news is he said it was the “in-person” conference held in Las Vegas, so there is still hope that they will have a virtual version of it just like Way West Wild Hackin’ Fest did in March for their in-person conference for the same reason.
I just found out from chutzp4 our own 5n1p3r came in first place this week in GRIMMCon’s COBOL CTF. Everyone join me in congratulating him on his achievement!
The Order of the Overflow (OOO) has announced on Twitter that they will be pushing back the DEF CON 2020 CTF qualifiers. The new date hasn’t been announced yet, but on their tweet they said it would be announced on May 16th.
First discovered by a Reddit user, he observed his Samsung device making calls out to Chinese owned domains. The software that was responsible for this is installed on nearly all Samsung’s line Android products, including their smart phones and tablets. Further research revealed that Samsung had partnered with Qihoo 360, a Chinese owned firm with a reputation for censoring users at the request of the Chinese government, to develop software that can’t be uninstalled of the device. Samsung released a public statement stating that the only data being sent to China is model, storage, and operating system version [for now].
You can read more about China’s “Great Cannon” here: http://bit.ly/34awInD
Will the United State government ever learn that by making the encryption keys available to law enforcement it’s setting up the potential for the keys to be stolen by an adversary? This is just plain dumb.
The folks that run the website RTL-SDR have a comprehensive list of all the software defined radio (SDR) software, both commercial and free. That list can be found here:
While I was trolling around on Twitter this morning PortSwigger tweeted about their latest release of Burp Suite which now supports intercepting WebSockets. Check out their release note regarding v2.1.01. This feature also appears to be in the Community version as well as their Professional version:
To all the female engineers in information security, here’s are some articles regarding women working in technology. Most of the articles are inspiring while others show how far women have come in technology but also there’s still a lot that needs to be addressed before women get the recognition that they deserve in this field.
If you haven’t changed your IoT devices credentials from their defaults, you should! This botnet is using default credentials to take over the IoT device and corrupts the embedded Linux operating system by overwriting it’s storage, dropping the firewall, etc. To get it back up and running you will need to re-flash the firmware in most of the cases.