TECH NEWS RADIO PODCAST #374 | 2023-02-20 | Recommendo Book, Wine 8.3, & Red Team Tools

 Download! (Size 0.692-MBs, Running Time 1m49s)
 
Today's podcast references material from the following links:

Feel free to follow along with Steve Holden at Twitter For technology news only updates follow TechNewsRadio @ Twitter.


DEF CON 31 Notes & References

Defcon-collage1Here are my DEF CON notes from the sessions that I attended in 2023 for DEF CON 31:

Please feel free to do what you want with these notes.  I go to sessions, so you don't have to.

Defcon-collage3

Here are some quick links to notes from previous years: 30 (2022), 29 (2021), 28 (2020)*, 27 (2019), 26 (2018), 25 (2017)24 (2016)23 (2015)22 (2014)21 (2013)20 (2012)19 (2011), & 18 (2010)

*I have 28 (2020) notes, but they still need work.

You can find some videos from DEF CON 31 (2023) here.

I plan on attending DEF CON 32 (2024).  Follow along near real-time on Twitter @technewsradio, Instagram @otto_locke

Defcon-collage2


DEF CON 30 Notes & References

Defcon_30_graphicHere are my DEF CON notes from the sessions that I attended in 2022 for DEF CON 30:

Please feel free to do what you want with these notes.  I go to sessions, so you don't have to.

Here are some quick links to notes from previous years: 29 (2021), 28 (2020)*, 27 (2019), 26 (2018), 25 (2017)24 (2016)23 (2015)22 (2014)21 (2013)20 (2012)19 (2011), & 18 (2010)

*I do have notes for 28 (2020), but they still need work.

You can find some videos from DEF CON 30 (2022) here.

I plan on attending DEF CON 31 (2023).  Follow along near real-time on Twitter @technewsradio, Instagram @otto_locke


DEF CON 29 Notes & References

Defcon-29-collageHere are my DEF CON notes from the sessions that I attended in 2021 for DEF CON 29:

Please fell free to do what you want with these notes.  I go to sessions so you don't have to.

Defcon-29

Here some quick links to notes from previous years: 27 (2019), 26 (2018), 25 (2017)24 (2016)23 (2015)22 (2014)21 (2013)20 (2012)19 (2011), & 18 (2010)

I do have notes for 28 (2020) but they still need work.

I plan on attending DEF CON 30.  Follow along near real-time on Twitter @technewsradio, Instagram @otto_locke


Some Photos Of Slides From The NOC (Network Operations Center)

Here are a few photos of the presentation by the NOC at Def Con 27 (2019).  But first here is may favorite non-focused photo as it says a lot:

DSC01331-ANIMATIONSquirrels? 

DSC01334Some WIFI User Tracking

DSC01339Some Traffic Analysis

DSC01341High-Level Network Diagram #1 For 2019

DSC01345High-Level Network Diagram #2 For 2019

DSC01348Previous WIFI Architectures (Rio)

DSC01350Yuck! #1

DSC01354Yuck #2

DSC01356Bathrooms Make Great NOCs!

Other photos!


Some Favorite Slides From Def Con #27 (2019).

The following photos of slides that are some of my favorites from Def Con #27 (2019).

DSC01307Default Elevator Passwords

DSC01310SQL Injection's Found In Vendor Databases For Schools

DSC01319Radar Gun Frequencies

DSC01323Some References On How To "Mess With" Radar Guns

DSC01327Multi-Printer Attack Surfaces

DSC01329More Detail On Multi-Printer Attack Surfaces

DSC01361Sound Damage Levels


DEF CON 27 Notes & References

Defcon27-2019-collageHere are my DEF CON notes from the sessions that I attended in 2019 for DEF CON 27:

Please fell free to do what you want with these notes.  I go to sessions so you don't have to.

Screenshot 2019-08-12 at 11.25.43

Here some quick links to notes from previous years: 26 (2018), 25 (2017)24 (2016)23 (2015)22 (2014)21 (2013)20 (2012)19 (2011), & 18 (2010)

Some podcasts that covered news from Black Hat and Def Con (there are probably more -- send me links!):

Here are some more recent news links published since the conference:

  1. https://www.irishtimes.com/life-and-style/motors/10-700-in-speeding-tickets-after-invisibility-test-goes-wrong-1.3985905
  2. https://www.cisomag.com/smart-speakers-can-be-turned-into-cyber-weapons-to-make-aural-attacks-researcher/
  3. http://www.securitysystemsnews.com/blog/discovered-defcon-27-automated-license-plate-readers-alprs-being-hoodwinked-clothing
  4. https://www.csoonline.com/article/3432158/thoughts-from-defcon-27.html
  5. https://securityboulevard.com/2019/08/black-hat-2019-recap-transformation-the-new-cybersecurity-culture/
  6. https://timesofindia.indiatimes.com/gadgets-news/this-next-gen-weapon-is-sitting-in-your-room-and-you-dont-even-know/articleshow/70645696.cms
  7. https://edition.cnn.com/2019/08/12/politics/defcon-voting-village-darpa-dominion/
  8. https://www.bleepingcomputer.com/news/software/nmap-780-def-con-release-first-stable-version-in-over-a-year/
  9. https://www.infosecurity-magazine.com/news/defcon-cisa-improve-election/
  10. https://www.infosecurity-magazine.com/news/defcon-american-flaws-school/
  11. https://www.c4isrnet.com/battlefield-tech/2019/08/12/the-air-force-is-all-in-on-software/
  12. https://www.infosecurity-magazine.com/news/defcon-hackers-netflix-bank-acount/
  13. https://www.prnewswire.com/news-releases/carnegie-mellon-team-flexes-hacking-prowess-with-fifth-defcon-title-in-seven-years-300899772.html
  14. https://techspective.net/2019/08/14/qualys-has-a-prescription-for-better-cybersecurity/
  15. https://hub.packtpub.com/nmap-7-80-releases-with-a-new-npcap-windows-packet-capture-driver-and-other-80-improvements/
  16. https://futurism.com/the-byte/tesla-surveillance-hack
  17. https://www.cnet.com/news/anti-surveillance-clothes-foil-cameras-by-making-you-look-like-a-car/
  18. https://www.krdo.com/news/hacker-makes-iphone-cable-that-can-tap-into-computer/1109318553
  19. https://www.kare11.com/article/news/minnesota-team-places-2nd-in-national-hacking-competition/89-77305e34-dadd-4b55-afcb-c8d1af6165f9
  20. https://www.cmu.edu/news/stories/archives/2019/august/hacking-champs.html
  21. https://www.forbes.com/sites/jeanbaptiste/2019/08/14/defcon-27-how-hackers-used-a-netflix-account-to-steal-banking-information/#1f0f14a33710
  22. https://www.wired.com/story/null-license-plate-landed-one-hacker-ticket-hell/
  23. https://www.idgconnect.com/interviews/1502595/secret-cso-rick-howard-palo-alto-networks
  24. https://www.technologyreview.com/f/614175/a-new-clothing-line-confuses-automated-license-plate-readers/
  25. https://news.gcu.edu/2019/08/gcu-students-log-in-to-hacker-summer-camp/
  26. https://www.newsweek.com/cybersecurity-vulnerability-fighter-jet-f15-defcon-hacking-tads-flight-system-hack-pentagon-1454491
  27. https://www.thenewamerican.com/tech/item/33162-clothing-line-fools-big-brother-surveillance-by-making-you-look-like-a-car
  28. https://www.military.com/daily-news/2019/08/16/hackers-find-serious-vulnerabilities-f-15-fighter-jet-system.html
  29. https://www.timeslive.co.za/motoring/news/2019-08-16-go-for-it-try-to-hack-my-car/
  30. https://gizmodo.com/buttplug-hacker-talks-security-consent-and-why-he-hac-1837252628
  31. http://industrynewsreport24.com/congressmen-intelligence-members-rush-to-hackers-conference/412/
  32. https://www.soyacincau.com/2019/08/17/defcon-omg-apple-lightning-cable-hackers-hijack-computer/
  33. https://mashable.com/article/black-hat-conference-virus-measles/
  34. https://techxplore.com/news/2019-08-paris-sartorial-hacking-le-dernier.html
  35. https://arstechnica.com/information-technology/2019/08/badge-life-the-story-behind-defcons-hackable-crystal-electronic-badge/
  36. https://insideevs.com/news/366333/tesla-hack-mod-surveillance-detection-scout/
  37. https://www.dailymail.co.uk/news/article-7394157/Bluetooth-left-leaves-devices-vulnerable-hackers-attacks-cause-hearing-loss.html
  38. https://technical.ly/baltimore/2019/08/29/cybersecurity-annapolis-sixgen-grabbed-the-win-at-defcon-27s-capture-the-flag/
  39. https://www.wired.com/story/this-diy-implant-lets-you-stream-movies-from-inside-your-leg/

I plan on attending DEF CON 28.  Follow along real-time on Twitter @technewsradio.


DEF CON 26 Notes & References

ComboHere are my DEF CON notes from the sessions that I attended in 2018 for DEF CON 26:

Please fell free to do what you want with these notes.  I go to sessions so you don't have to.

Here some quick links to notes from previous years: 25 (2017)24 (2016)23 (2015)22 (2014), 21 (2013), 20 (2012), 19 (2011), & 18 (2010)

I plan on attending DEF CON 27.  Follow along real-time on Twitter @technewsradio.

 


DEF CON 25 Notes & References

Defcon2017Here are my DEF CON notes from the sessions that I attended in 2017 for DEF CON 25:

Please fell free to do what you want with these notes.  I go to sessions so you don't have to.

Here some quick links to notes from previous years: 24 (2016)23 (2015)22 (2014), 21 (2013), 20 (2012), 19 (2011), & 18 (2010)

I plan on attending DEF CON 26.  Follow along real-time on Twitter @technewsradio.

 


DEF CON 24 Notes & References

Defcon2016Here are my DEF CON notes from the sessions that I attended in 2016 for DEF CON 24:

Please feel free to do what you want with these notes.  I go to sessions so you don't have to.

Here some quick links to notes from previous years: 23 (2015)22 (2014), 21 (2013), 20 (2012), 19 (2011), & 18 (2010)

I plan on attending DEF CON 25.  Follow along real-time on Twitter @technewsradio.

 


DEF CON 23 Notes & References

DEFCON-23Here are my DEF CON notes from the sessions that I attended and the presentation material that was shared:

In addition my previous notes (all in PDF) are available for 22 (2014), 21 (2013), 20 (2012), 19 (2011), & 18 (2010).  I wish I started going to DEF CON sooner but it is what it is.

Feel free to do what you want with the report - "I attend sessions so you don't have to." ;-)

I plan on attending DEF CON 24.  Follow along real-time on Twitter @technewsradio.

UPDATE (8/3/2016): If you are a Chvrches fan and want to be interviewed in person at DEF CON 24 then message me on Twitter @chvrchespodcast.


Review Of The Acer C720-3605 Chromebook

Acer-cromebook3picts
Last summer (2014) I picked up a Asus C720-2802 Chromebook and posted a review on TechNewsRadio.com.

I recently updated to a newer version (same form factor) -- the Acer C720-3605.  I had originally ordered the Acer C720-3404  (which is the Canadian version), but ended up with the U.S. version: C720-3605.  They appear at least on the specification pages on Acer to be exactly the same other than model number (PDF spec analysis). I might have missed something so if there is a difference then please let me know.

The main reasons for upgrading:

  1. Improved Performance (faster processor with dual-core)
  2. Additional RAM (4-GB vs. 2-GBs)
  3. Better HDMI output (for hooking up to a large monitor @ my home desk).
  4. More Local Storage (32-GBs vs. 16-GBs -- excellent for watching more digital content)
  5. Needed a another computer @home for my daughter to use

Here are some stats using Octane 2.0 test:

OctaneTestBetween2AcerModels

While I wasn't having any real performance issues with the 2802-series, I've found that I can experience the difference in browsing and streaming media with the 3605-series.  The hardware updates are definitely an improvement in real world usage from my perspective.

All-in-all I have been very happy with Chrome OS and these two Chromebooks (the old one is now my daughter's main system).  For me the key selling points: great battery (more than 8 hours); excellent small form factor; responsive & comfortable keyboard; integration with Google services; and the simple OS updates & patches.

I look forward to using it again as my main note taking system for DEFCON 23.

 You can order your own via this Amazon Acer C720-3605 link or this Amazon Acer C720-3404 link.  Prices seem to be all over the board so make sure you are comfortable with ordering the right model number at the right price.


Review - Logitech Wireless Combo Mk520 With Keyboard and Mouse

Keyboard

I recently picked up a Logitech Wireless Combo Mk520 With Keyboard and Mouse to use full time with my Acer Chromebook when I'm using it in desktop computer mode.  

When I am in this mode I usually use the setup with a SAMSUNG T24C550 monitor as the primary monitor and the Acer's laptop monitor as my 2nd monitor off to the right-hand side.

I like this setup because it enables wireless access to both the keyboard and the mouse using one USB port.  Previously I had a dedicated wireless mouse and then a bluetooth keyboard. However the bluetooth keyboard wasn't completely full-size, would periodically drop off connectivity, and was better suited to short-term typing like like periodic emails responses on my Nexus 7.

The only draw back with the Mk520 is that the Function (F) keys are not ideally setup to match the icons on them.

The keyboard uses the basic standard keyboard layout on most Chromebooks. So ESC is ESC (Escape) and:

  • F1: Go to the previous page in your browser history
  • F2: Go to the next page in your browser history
  • F3: Reload your current page.
  • F4: Open your page in full-screen mode
  • F5: Switch to your next window
  • F6: Decrease screen brightness
  • F7: Increase screen brightness
  • F8: Mute
  • F9: Decrease system volume
  • F10: Increase system volume

At the very top of the keyboard is a media control area (3 keys): back, play/stop, forward. Those don't seem to work with videos.  But the sound control area (3 keys): mute, decrease sound, and increase sound do work.  And the WINDOWS button is a dedicated SEARCH button; the STAR button brings up the BOOKMARKS page list; and the CALCULATOR button goes into FULL SCREEN MODE.

Over all the keyboard feel when typing is very good, and I like the pressure the keys have. In addition, I like the ability to tilt up the keyboard and to have it stand-up at 90-degrees for using your desk area for writing if needed.  I would recommend the keyboard if someone is looking for the same feature set.

 

 


Updated CISSP Domains

Security-info-graphic

The CISSP Domains (Effective April 15, 2015) will be changing:

  1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
  2. Asset Security (Protecting Security of Assets)
  3. Security Engineering (Engineering and Management of Security)
  4. Communications and Network Security (Designing and Protecting Network Security)
  5. Identity and Access Management (Controlling Access and Managing Identity)
  6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
  8. Software Development Security (Understanding, Applying, and Enforcing Software Security) 

DEFCON 22 2014 Conference Report

DEFCON22

A detailed conference report of the sessions attended has been posted: DEFCON22 (PDF).

In addition, here is a summary of DEFCON 22 related news articles of potential interest:

Here are pointers to previous reports: DEFCON 18, DEFCON 19, DEFCON 20, and DEFCON 21.