Tech News Radio

A detailed conference report of the sessions attended has been posted: DEFCON22 (PDF).

In addition, here is a summary of DEFCON 22 related news articles of potential interest:

• Founder of America’s Biggest Hacker Conference: ‘We Understand the Threat Now’ [Time]
• Black Hat, Defcon Conferences: From Hackers to Pwnie Awards [eweek]
• DEFCON's Latest challenge: Hacking altruism [itworld]
• DEFCON 22: HACKING AIRPORTS, AIRPLANES AND AIRWAVES [tripwire, scmagazine#1, scmagazine#2]
• Blackphone isn’t insurmountable, hackers prove at Defcon [technewsnow, itporportal]
• Taiwan hackers win 2nd prize in Las Vegas [taiwantoday]
• McAfee sideshow eclipses Defcon's real security breakthroughs [infoworld]
• The clash of cultures between Black Hat and Defcon hacker events [venturebeat]
• At Defcon, hacker coalition calls for safer computer systems in vehicles [computerworld]
• DefCon: Bug bounty programs continue to evolve [scmagazine]
• Hacker Couture At Defcon [forbes]
• DefCon: Stolen data markets are as organized as legitimate online businesses [scmagazine]
• Propeller 1 on the DEFCON 22 Badges in Las Vegas! [parallax]
• Hackers Were Busy at Black Hat [PC Magazine]
• With Black Hat and DefCon comes spike in Vegas-based attacks [SC Magazine]
• Cyber Attacks From Las Vegas Spiked During Black Hat, Defcon [SecurityWeek.Com, site.co.uk, itsecurityguru.org]
• SensePost demos WiFi attacks at DefCon [ITWeb]
• DefCon 22: Home Automation Security, Personal Wrist Computer Badge and How To Buy Online Anonymously [Revision3 Part 3, Part 1]
• Inside Defcon: What Happens At The Annual Hacker Convention [nbc-chicago]
• EFF's T-Shirt Puzzle
• More info on OpenDNS's DEFCON presentation

Here are pointers to previous reports: DEFCON 18, DEFCON 19, DEFCON 20, and DEFCON 21.

Here are some links to stories about TrueCrypt shutting down:

• ThreatPost.com
• KrebsOnSecurity.com
• Reddit's SysAdmin
• Reddit's NetSec
• EtcWiki.org
• TheHackerNews.com
• TheRegister.co.uk

TrueCrypt is a key tool in our toolkit for protecting data and we use it everyday.  If it is actually going to go away then it will leave a big whole in end-user security options for data encryption.

DEFCON 21 was in Las Vegas, NV from August 02-04, 2013 and we were there.  Our real-time posts, references, and links are available over on @Technewsradio on Twitter.  

We have a detailed report (PDF) from the sessions attended if you are interested.  Just drop us an email to get the full report or a request via message on Twitter.  A podcast summary is planned but not promised at this time.

Things that we are "worried about" from an Enterprise computing perspective:

• Social Engineering against users is like a hot knife cutting butter. Only defense seems to be training and awareness. Traditional information assurance (IA) protections: virus scanning, IDS, firewall, etc are not effective.
• You can't secure what you don't manage.
• Basic system administration tools and infrastructure services in the Microsoft Windows world can be used for evil: PowerShell, .NET, DNS, browsers, PKI, and SCOM.
• USB is not your friend.
• Mobile computing and Bring Your Own Device (BYOD) are really not your friend.
• Cloud computing could be your friend but probably won't.
• Developers writing code for an organization without a security focus is just asking for trouble.
• If you think your stuff is secure just because you have it behind a lock and a key you are in denial.
• In a year or less, penetration testing is going to include inexpensive mobile assault options via semi-autonomous very-small drones and robots.

P.S. x 1: We were also at DEFCON 20 and have that report available if you are interested. Just drop us an email or message on Twitter for a link.

P.S. x 2: There are also DEFCON 18 and DEFCON 19 reports.  They are surprisingly still relevant IMHO -- same bat channel.

The following items were recently posted on @technewsradio:

• USB hub allows simultaneous syncing of 49 iPads http://t.co/OO9H7HW
• DEFCON 19 Podcast Review #security #news #research #hacker #conference http://t.co/rbCr7hK
• SpokenWord.org gets about 1000 new programs every day & they are looking for curators of categories to make the content more organized
• BigBlueButton is a open source collaboration and training system that integrates a bunch of open source projects http://t.co/mEL5dDS  
• PC World has more details on the recent news from Qualcomm about their planned updated Snapdragon mobile processor http://t.co/lQQO8y4  
• YouTube has a great overview presentation on how "Prezi for iPad" works http://t.co/sHFJBSo  
• Amazon EC2 is now supporting Virtual Machine (VM) Import to Amazon EC2 instances http://t.co/35n2UtJ  
• IObit has announced a freeware version of Game Booster v2 for Windows that is geared for improving game performance http://t.co/Q0lWB4D  
• Via Box.net ... you can get e-signatures features via DocuSign services integrated with documents stored on Box.net  
• Getting started with project management? - "scope, time & "cost" - a good reference at Wikipedia http://t.co/oVIzQIX  
• "Heroes of the Computer Revolution" original book looked at hackers & nerds from the late 1950s to the early 1980s http://t.co/H4Vz2kM   
• arborjs.org - a graph visualization library using web workers and jQuery http://t.co/Zao0gyv

DEFCON 19 was in Las Vegas, NV from August 4-5, 2011.  This yearly computer network security and hacker conference is full of cutting-edge research, detailed demos, awesome presentations, and a lot of partying. The podcast coverage was pretty good also. Here are my recommendations:

• Network Security Podcast
• Southern Fried Security Podcast: #59 Defcon Review
• Social-Engineer.Org: Live at Defcon 19
• PaulDotCom Security Weekly - Episode 254 Part 2 (08-11-2011) [wiki]
• Exotic Liability: #78 Con-dom
• Eruo-Trash Information Security Podcast
• InfoSecDaily 

If you are interested in hearing my thoughts about DEFCON 19 then check out the PaulDotCom.com podcast (08-11-2011).  I am the boring "IT Guy" trying to avoid the topic of "hot" women visiting the PaulDotCom.com booth.  If you'd like to see a copy of my notes (13+ pages) then drop me a personal email to: "s h o l d e n @pobox.com."

Here is a Picasa collage from the Network Security Podcast meet-up at DEFCON 19 that was "infected" by Paul & Larry @ Pauldotcom.com's little red balls from one of thier sponsors:

Looking through my listened to podcast list for this past week, I'm going to recommend the following as potentially interesting:

• MacCast 2011-07-26: Review of Apple Mac OS X Lion Release (News, Tips & Tricks)
• Author Debriefing (August 16, 2011) - The Triple Agent: The al-Qaeda Mole Who Infiltrated the CIA
• Southern Fried Security Podcast: Interview with Andy Ellis @CSOAndy [#58] & Interview with Rich Mogull [#57]
• IT Pro Show by Same3Guys: Detailed look at OpenStack
• KPBS Midday Edition: Social Media - Can It Keep You From Getting A Job? 
• This Week In Google (TWIG) #108: Excellent coverage of the Google & Motorola News

Today's podcast examines three stories about computer network security:

• New browser tab and window phishing attack threats. 
• Barry Rosenber at Federal Computer Week examines DARPA's National Cyber Range plans.
• Tim Wilson at DarkReading.com has coverage of new microphone hijacking attack options. 

Feel free to follow along with Steve Holden at: Twitter and/or Google+.  For technology news only updates follow TechNewsRadio @ Twitter.

The following is a summary of @technewsradio posts to Twitter:

1. ASIS Bookstore (security pro organization) has announced over 26 new books via their online store
2. SWFTools is a collection of open source utilities for working with Adobe Flash files (SWF files)
3. Amazon online cloud services has a bunch of demos available - including Travel Log (Sample Java Web Application)
4. Google has fixed a SketchUp 8 "dreaded shadow bug"
5. Franklin Covey's PlanPlus for Outlook (version 7) is now on sale for $80 (vice $100) 
6. Looking for a open source mind mapping tool?  Then check out Free Mind
7. Microsoft Press has announced 3 more books in their Step By Step series: Microsoft Word 2010, Excel 2010 & Project 2010 
8. Wired.com has an interesting article "Wired—Geek Power: Steven Levy Revisits Tech Titans, Hackers, Idealists"
9. Listening to "A Witness to a the Egyptian Revolution" by Doug Kaye (Executive Director, The Conversations Network) via http://bit.ly/i35GC7Delete
10. Per Kevin Devin at FriendsInTech.com - A good tool for finding Creative Commons (CC) images on Flickr is here http://bit.ly/gOtgMPDelete
11. the Microsoft & Nokia deal seems to leave HP WebOS, BlackBerry, and Intel out of the loop with Apple (#2) & Android (#1) being top dogsDelete
12. red5 is an open source audio/video (FLV & MP3) server that also supports H.264 
13. Steven Levy's classic "Heroes of the Computer Revolution" has a new 25th Anniversary Edition

 Listen! (Size 3.0 MBs, Running Time 2m58s)

Today's podcast examines some recent news from OpenOffice.org that Petroleo Brasileiro SA is rolling out a big BrOffice.org deployment to over 90,000 systems; and that v3.21 of Open Office has been release with v3.3 expected this Fall 2010.  Two additional links mentioned in this podcast include: Open Document Format (ODF) and Oracle.

Feel free to follow along with Steve Holden at: Twitter, FriendFeed, and/or Delicious.  For tech news only updates follow TechNewsRadio on Twitter.

This podcast is sponsored by SCOTTEVEST and Amazon.