Black Hat

How the pros thwart computer spies with James Bond tricks

H.D. Moore wasn't taking chances.

During the spring of 2009, the information specialist traveled to Shanghai on a work trip. For a computer, though, he carried only a stripped down Netbook that he modified using a trick even James Bond would have admired. He sawed off the end of one of the laptop case screws and mashed a small bit of a crushed Altoids mint into the hole before putting the screw back in. After leaving it in his hotel room for a few hours, he came back to find that the powder had disappeared. Something had caused … Read more

iOS app hacking alive and well

LAS VEGAS -- While Apple was making its decidedly lackluster Black Hat debut just one floor up, security researcher Jonathan Zdziarski was explaining the dark art of iOS app hacking to a smaller but still crowded room.

A senior forensics scientist at viaForensics, he clearly didn't have much faith in the security of apps running on iOS. "iOS can be infected through a new zero-day, or you can take a phone and run real fast. Apparently, bars are a great way to pick up iPhones," he said as the audience chuckled, clearly remembering the two separate lost iPhone prototype incidents. … Read more

Pen and sword equally mighty for science fiction's Stephenson

LAS VEGAS -- It's been a double-whammy of stardom for the attendees of the 15th annual Black Hat USA conference. Many people here suffered a line more commonly associated with Comic-Con or CES to get into an exclusive performance by electronica and trance legend Paul Oakenfeld at Club PURE last night.

And then this morning, they rubbed the hangover from their eyes and the ringing from their ears to listen to an on-stage conversation with noted science fiction author Neal Stephenson in the Caesar's Palace convention center.

Stephenson spoke for almost an hour with Brian Krebs, the investigative journalist who writes about security. While they ranged from his childhood influences to his books to his non-writing projects, Stephenson's face lit up as they discussed his recent Kickstarter project, "Clang." … Read more

Ho-hum first date with Apple at Black Hat

LAS VEGAS -- Apple today gave its first-ever talk at the Black Hat security conference, and it left me feeling like I'd had a really disappointing Match.com date with the hottest guy on the dating site.

The vaunted Apple decided to show up after snubbing the event for 15 years. As manager of the platform security team at Apple, Dallas De Atley seemed to have everything a Black Hat attendee could want -- popularity, experience, discriminating taste, a good sense of style, and a promising future. Playing hard to get only makes us want you more.

But 15 … Read more

Hacking, the card game, debuts at Black Hat

LAS VEGAS -- There's much more to hacking than just the Hollywood portrayal of a speed typing contest, say the computer security professionals who've developed a new hacking-themed card game called Control-Alt-Hack.

Control-Alt-Hack is based on Steve Jackson Games' Ninja Burger, but from the characters to the mission cards to the entropy cards, the demystification of white hat computer security is the name of this game. Game co-designer, security researcher, and University of Washington Computer Security and Privacy Research Lab honorary member Adam Shostack said at the Black Hat 2012 confab here that when it comes to teaching … Read more

Researcher uses NFC to attack Android, Nokia smartphones

LAS VEGAS -- Security specialist Charlie Miller demonstrated at the Black Hat security conference today a way to hijack an Android smartphone via the Near Field Communication (NFC) technology that's turned on by default on the device, and said he's found problems with NFC implementations on Nokia as well.

NFC tags have built-in antennas and are found in stickers and smart cards that are designed to transfer data to NFC readers, to send specific phone numbers and Web addresses to smartphones and other benign purposes. They require close proximity, a few centimeters or so, for data to be … Read more

How to stay safe at Black Hat and DefCon

LAS VEGAS -- From journalists hacking the press room Ethernet to RFID skimmers swiping your ID without even touching your credit card, the war stories you've heard about Black Hat and DefCon are true more often than not.

The best way to avoid getting hacked at the annual security conferences is to not show up. Go somewhere disconnected, like a nice mountain retreat, instead of hitting the paranoia pills with several thousand other security professionals and obsessives in Vegas' urban playground.

But if you must go to Sin City, there are some actions you can take to protect your … Read more

Romanian arrested on Pentagon, NASA hacking charges

A 20-year-old Romanian has been arrested on charges of hacking into Pentagon and NASA servers, stealing confidential data, and posting it on his personal blog, according to a statement today from the Romanian prosecutors office.

Razvan Manole Cernaianu, an information technology student who allegedly used the online alias "TinKode," offered a software program for sale on his blog and also showed a video that demonstrated how he compromised the servers, officials said.

Romanian officials said they were working with the FBI and NASA representatives on the case. An FBI spokesman in Washington, D.C., did not immediately have … Read more

Researcher battles insulin pump maker over security flaw

A security researcher who has proven he can remotely disable the insulin pump he relies on to keep his diabetes in check says the device maker is refusing to acknowledge the problem and misleading the public.

However, Medtronic, the maker of the insulin pump in question and one of the largest medical device manufacturers in the world, insists that the risk is very low.

Other insulin pumps allow for software updates, but to plug any holes in the software of the Medtronic pump would require a recall of all the devices now in use by patients--a costly endeavor and potentially … Read more