DEF CON 30 Notes & References

Defcon_30_graphicHere are my DEF CON notes from the sessions that I attended in 2022 for DEF CON 30:

Please feel free to do what you want with these notes.  I go to sessions, so you don't have to.

Here are some quick links to notes from previous years: 29 (2021), 28 (2020)*, 27 (2019), 26 (2018), 25 (2017)24 (2016)23 (2015)22 (2014)21 (2013)20 (2012)19 (2011), & 18 (2010)

*I do have notes for 28 (2020), but they still need work.

You can find some videos from DEF CON 30 (2022) here.

I plan on attending DEF CON 31 (2023).  Follow along near real-time on Twitter @technewsradio, Instagram @otto_locke


DEF CON 27 Notes & References

Defcon27-2019-collageHere are my DEF CON notes from the sessions that I attended in 2019 for DEF CON 27:

Please fell free to do what you want with these notes.  I go to sessions so you don't have to.

Screenshot 2019-08-12 at 11.25.43

Here some quick links to notes from previous years: 26 (2018), 25 (2017)24 (2016)23 (2015)22 (2014)21 (2013)20 (2012)19 (2011), & 18 (2010)

Some podcasts that covered news from Black Hat and Def Con (there are probably more -- send me links!):

Here are some more recent news links published since the conference:

  1. https://www.irishtimes.com/life-and-style/motors/10-700-in-speeding-tickets-after-invisibility-test-goes-wrong-1.3985905
  2. https://www.cisomag.com/smart-speakers-can-be-turned-into-cyber-weapons-to-make-aural-attacks-researcher/
  3. http://www.securitysystemsnews.com/blog/discovered-defcon-27-automated-license-plate-readers-alprs-being-hoodwinked-clothing
  4. https://www.csoonline.com/article/3432158/thoughts-from-defcon-27.html
  5. https://securityboulevard.com/2019/08/black-hat-2019-recap-transformation-the-new-cybersecurity-culture/
  6. https://timesofindia.indiatimes.com/gadgets-news/this-next-gen-weapon-is-sitting-in-your-room-and-you-dont-even-know/articleshow/70645696.cms
  7. https://edition.cnn.com/2019/08/12/politics/defcon-voting-village-darpa-dominion/
  8. https://www.bleepingcomputer.com/news/software/nmap-780-def-con-release-first-stable-version-in-over-a-year/
  9. https://www.infosecurity-magazine.com/news/defcon-cisa-improve-election/
  10. https://www.infosecurity-magazine.com/news/defcon-american-flaws-school/
  11. https://www.c4isrnet.com/battlefield-tech/2019/08/12/the-air-force-is-all-in-on-software/
  12. https://www.infosecurity-magazine.com/news/defcon-hackers-netflix-bank-acount/
  13. https://www.prnewswire.com/news-releases/carnegie-mellon-team-flexes-hacking-prowess-with-fifth-defcon-title-in-seven-years-300899772.html
  14. https://techspective.net/2019/08/14/qualys-has-a-prescription-for-better-cybersecurity/
  15. https://hub.packtpub.com/nmap-7-80-releases-with-a-new-npcap-windows-packet-capture-driver-and-other-80-improvements/
  16. https://futurism.com/the-byte/tesla-surveillance-hack
  17. https://www.cnet.com/news/anti-surveillance-clothes-foil-cameras-by-making-you-look-like-a-car/
  18. https://www.krdo.com/news/hacker-makes-iphone-cable-that-can-tap-into-computer/1109318553
  19. https://www.kare11.com/article/news/minnesota-team-places-2nd-in-national-hacking-competition/89-77305e34-dadd-4b55-afcb-c8d1af6165f9
  20. https://www.cmu.edu/news/stories/archives/2019/august/hacking-champs.html
  21. https://www.forbes.com/sites/jeanbaptiste/2019/08/14/defcon-27-how-hackers-used-a-netflix-account-to-steal-banking-information/#1f0f14a33710
  22. https://www.wired.com/story/null-license-plate-landed-one-hacker-ticket-hell/
  23. https://www.idgconnect.com/interviews/1502595/secret-cso-rick-howard-palo-alto-networks
  24. https://www.technologyreview.com/f/614175/a-new-clothing-line-confuses-automated-license-plate-readers/
  25. https://news.gcu.edu/2019/08/gcu-students-log-in-to-hacker-summer-camp/
  26. https://www.newsweek.com/cybersecurity-vulnerability-fighter-jet-f15-defcon-hacking-tads-flight-system-hack-pentagon-1454491
  27. https://www.thenewamerican.com/tech/item/33162-clothing-line-fools-big-brother-surveillance-by-making-you-look-like-a-car
  28. https://www.military.com/daily-news/2019/08/16/hackers-find-serious-vulnerabilities-f-15-fighter-jet-system.html
  29. https://www.timeslive.co.za/motoring/news/2019-08-16-go-for-it-try-to-hack-my-car/
  30. https://gizmodo.com/buttplug-hacker-talks-security-consent-and-why-he-hac-1837252628
  31. http://industrynewsreport24.com/congressmen-intelligence-members-rush-to-hackers-conference/412/
  32. https://www.soyacincau.com/2019/08/17/defcon-omg-apple-lightning-cable-hackers-hijack-computer/
  33. https://mashable.com/article/black-hat-conference-virus-measles/
  34. https://techxplore.com/news/2019-08-paris-sartorial-hacking-le-dernier.html
  35. https://arstechnica.com/information-technology/2019/08/badge-life-the-story-behind-defcons-hackable-crystal-electronic-badge/
  36. https://insideevs.com/news/366333/tesla-hack-mod-surveillance-detection-scout/
  37. https://www.dailymail.co.uk/news/article-7394157/Bluetooth-left-leaves-devices-vulnerable-hackers-attacks-cause-hearing-loss.html
  38. https://technical.ly/baltimore/2019/08/29/cybersecurity-annapolis-sixgen-grabbed-the-win-at-defcon-27s-capture-the-flag/
  39. https://www.wired.com/story/this-diy-implant-lets-you-stream-movies-from-inside-your-leg/

I plan on attending DEF CON 28.  Follow along real-time on Twitter @technewsradio.


DEF CON 25 Notes & References

Defcon2017Here are my DEF CON notes from the sessions that I attended in 2017 for DEF CON 25:

Please fell free to do what you want with these notes.  I go to sessions so you don't have to.

Here some quick links to notes from previous years: 24 (2016)23 (2015)22 (2014), 21 (2013), 20 (2012), 19 (2011), & 18 (2010)

I plan on attending DEF CON 26.  Follow along real-time on Twitter @technewsradio.

 


DEF CON 23 Notes & References

DEFCON-23Here are my DEF CON notes from the sessions that I attended and the presentation material that was shared:

In addition my previous notes (all in PDF) are available for 22 (2014), 21 (2013), 20 (2012), 19 (2011), & 18 (2010).  I wish I started going to DEF CON sooner but it is what it is.

Feel free to do what you want with the report - "I attend sessions so you don't have to." ;-)

I plan on attending DEF CON 24.  Follow along real-time on Twitter @technewsradio.

UPDATE (8/3/2016): If you are a Chvrches fan and want to be interviewed in person at DEF CON 24 then message me on Twitter @chvrchespodcast.


Updated CISSP Domains

Security-info-graphic

The CISSP Domains (Effective April 15, 2015) will be changing:

  1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)
  2. Asset Security (Protecting Security of Assets)
  3. Security Engineering (Engineering and Management of Security)
  4. Communications and Network Security (Designing and Protecting Network Security)
  5. Identity and Access Management (Controlling Access and Managing Identity)
  6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
  8. Software Development Security (Understanding, Applying, and Enforcing Software Security) 

Tracking News Related To TrueCrypt

Here are some links to stories about TrueCrypt shutting down:

TrueCrypt is a key tool in our toolkit for protecting data and we use it everyday.  If it is actually going to go away then it will leave a big whole in end-user security options for data encryption.

 


DEFCON 21 (and 20 oops!)

Defcon-21-badge+stuffDEFCON 21 was in Las Vegas, NV from August 02-04, 2013 and we were there.  Our real-time posts, references, and links are available over on @Technewsradio on Twitter.  

We have a detailed report (PDF) from the sessions attended if you are interested.  Just drop us an email to get the full report or a request via message on Twitter.  A podcast summary is planned but not promised at this time.

Things that we are "worried about" from an Enterprise computing perspective:

  • Social Engineering against users is like a hot knife cutting butter. Only defense seems to be training and awareness. Traditional information assurance (IA) protections: virus scanning, IDS, firewall, etc are not effective.
  • You can't secure what you don't manage.
  • Basic system administration tools and infrastructure services in the Microsoft Windows world can be used for evil: PowerShell, .NET, DNS, browsers, PKI, and SCOM.
  • USB is not your friend.
  • Mobile computing and Bring Your Own Device (BYOD) are really not your friend.
  • Cloud computing could be your friend but probably won't.
  • Developers writing code for an organization without a security focus is just asking for trouble.
  • If you think your stuff is secure just because you have it behind a lock and a key you are in denial.
  • In a year or less, penetration testing is going to include inexpensive mobile assault options via semi-autonomous very-small drones and robots.

P.S. x 1: We were also at DEFCON 20 and have that report available if you are interested. Just drop us an email or message on Twitter for a link.

P.S. x 2: There are also DEFCON 18 and DEFCON 19 reports.  They are surprisingly still relevant IMHO -- same bat channel.


This Week's Tech Podcasts Worth A Listen

Tech-podcasts-01 Here is a pointer to some recent technology related podcasts that might be of interest:

If you have a suggestion or a link to a good technology podcast to let others know about then drop us an email, message @technewsradio, or leave a comment below.


Twitter Updates - ePub, TurboCash, iPad, Windows, Box.net, Evernote, etc

The following is a summary of tweets posted to TechNewsRadio@Twitter over the last week:

  • OpenBook Specification for ePub (xhtml, css, etc) - some tools: Calibre & Adobe InDesign http://bit.ly/bGryk8
  • TurboCASH has released the 4301 Update (5/5/2010) - this is an interesting open source financial mgmt application http://bit.ly/cwBVEP
  • Just posted on my personal blog "An Apple iPad ~2 Month Later Review & Update" http://bit.ly/dAl3ml
  • MacWorld has good references on on ePub & iPad http://bit.ly/ckDgSy
  • Celina Jacobson has an interesting post examining "100 Excellent Lifehacks for Your Long Commute" http://bit.ly/bjsLuS
  • Mark Minasi's TechNewsletter#89 Secrets of Creating Default User in Windows 7, Cleaning Up Setup's Little Security Hole http://bit.ly/cQBbEV
  • Box.net is now beta testing drag-n-drop functions to the cloud using HTML5, Firefox 3.6, and Google Chrome
  • Possible Evernote User Group Meeting in San Diego being discussed http://bit.ly/ble1sk


Friends In Tech - Original Geek Christmas Story Released

AlbumArt-AGCS Members of FriendsInTech.com have created an "Original Geek Christmas Story" audio program for this holiday season:

“Mattie Stevens, a young boy of the early 80’s, dreams of owning a Commodore 64. He sets out to convince everyone this is the perfect gift. But, along the way runs into opposition from his parents and everyone around him including old Santa Claus.”

Listen! (Size 43.3 MBs, Running Time 31m23s)