Reboot It! Episode 70 with Bill Gardner, David Vaughn, Mark Boltz-Robinson, Evan Booth, Scott Lyons, and Joshua Marpet

 

Upcoming Conferences

 

InfoSec World 2017

April 3-5 Omni Orlando Resort at Champion’s Gate

http://infosecworld.misti.com/

 

AIDE 2017 (Mark Boltz-Robinson keynote speaker)

April 3-7, Information Security Program will be on the Thursday, April 6 and and Friday, April 7

Marshall University Forensic Science Center

1401 Forensic Science Dr

Huntington, WV

http://appyide.org

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

April 22, 2017

SOLDOUT

There's a waitlist

 

BSidesCharm

http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

SOLDOUT

There's a waitlist

 

Th0tcon 0x8 (Chicagoland con)

May 4-5, 2017

http://thotcon.org

SOLDOUT

 

HackMiami

May 19-21, 2017

https://www.hackmiami.com

 

CarolinaCon (Raleigh)

May 19-21, 2017

http://carolinacon.org

 

BSides London

June 7

London

 

https://www.securitybsides.org.uk/

What did he say? Don’t screw with the show notes?!!!?!!!!?!!!!

I dont know….re you doing that?!!?!?!?!?!?!

Scott, why a

 

Cyber Security World

June 28-29, 2017

Magnolia Hotel Denver

Denver, CO

http://cybersecurityworld.misti.com/

 

BSidesLV – Get ready for the Next Big Thing

End of July in Las Vegas, NV, United States, North America, Planet Earth, Milky way galaxy, sort of the thin area out towards the end of that spiral arm over there.

https://www.bsideslv.org


 

DEFCON 25

End of July in Las Vegas

CANCELLED - bring your towel. No, bring deoderant, please. And use it.

27-30 JUL 2017

Defcon.org

 

DerbyCon 7.0  “Legacy”

Call for Trainers will open March 6th, 2017 and close on April 14th, 2017.

Sponsorships open to public March 7th, 2017 (contact info [at] derbycon.com if interested).

Training Tickets will go on sale May 1st, 2017.

Tickets will go on sale for general admission May 6th (Derby Day) 2017.

Call for Papers will open April 1st 2017 and close July 1st, 2017.

DerbyCon training is on September 20th and 21st, 2017.

DerbyCon the conference runs from September 22nd to the 24th, 2017.

https://www.derbycon.com

 

Hack3rCon 8

The “Ocho”

Nov. 17 – 19, 2017

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/



 

Interview with David

 

5 lightning questions:

  1. If you were a Star Trek® or Star Wars® character, which one would it be?

  2. What's the most important part of the sandwich?

  3. If You Could Take Only Three Items With You To A Deserted Island, What Would They Be?

  4. Name 2 people, past or present, that you would like to see square off in a MMA ring.

  5. What is your favorite Linux command?



 

Stories

 

Tor and VPN users labeled as criminals will be hacked and spied by FBI under new law

https://www.techworm.net/2016/05/tor-vpn-users-labeled-criminals-hacked-spied-fbi-new-law.html

https://www.documentcloud.org/documents/1347875-fbi-proposed-amendment-rule-41-1.html

 

Related: As Congress Repeals Internet Privacy Rules, Putting Your Options In Perspective

http://www.npr.org/sections/alltechconsidered/2017/03/28/521813464/as-congress-repeals-internet-privacy-rules-putting-your-options-in-perspective

 

Phishers target World of Warcraft users with fake in-game pet offer

https://www.grahamcluley.com/phishers-target-world-warcraft-users-fake-game-pet-offer/

 

Dishwasher has directory traversal bug

https://www.theregister.co.uk/2017/03/26/miele_joins_internetofst_hall_of_shame/

 

UW professor: The information war is real, and we’re losing it

http://www.seattletimes.com/seattle-news/politics/uw-professor-the-information-war-is-real-and-were-losing-it/

 

Examining the Alternative Media Ecosystem through the Production of

Alternative Narratives of Mass Shooting Events on Twitter

http://faculty.washington.edu/kstarbi/Alt_Narratives_ICWSM17-CameraReady.pdf

 

How police unmasked suspect accused of sending seizure-inducing tweet

https://arstechnica.com/tech-policy/2017/03/how-police-unmasked-suspect-accused-of-sending-seizure-inducing-tweet/


 

Judge OKs warrant to reveal who searched a crime victim’s name on Google

https://arstechnica.com/tech-policy/2017/03/judge-oks-warrant-to-reveal-who-searched-a-fraud-victims-name-on-google/


 

Man jailed indefinitely for refusing to decrypt hard drives loses appeal

https://arstechnica.com/tech-policy/2017/03/man-jailed-indefinitely-for-refusing-to-decrypt-hard-drives-loses-appeal/

 

How I Let Disney Track My Every Move

https://gizmodo.com/how-i-let-disney-track-my-every-move-1792875386

 

Alabama House bill would require Internet porn filters

http://abc3340.com/news/local/house-bill-would-put-porn-filters-on-cellphones

 

Facebook launches Stories in the main Facebook app

https://techcrunch.com/2017/03/28/facebook-launches-stories-in-the-main-facebook-app/

 

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

https://github.com/edwardz246003/IIS_exploit

 

Venezuelans Using ‘Rare Pepes’ and Bitcoin As Currency

http://www.breitbart.com/tech/2017/03/27/venezuelans-using-rare-pepes-bitcoin-currency/

 

https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=pepe+venezuela&*

 

Reboot It! Episode 69 with Bill Gardner, Mike Baker, Dale Luke, Benny Karnes, Mark Boltz-Robinson, Scott Lyons, and Joshua Marpet


 

Upcoming Conferences

 

InfoSec World 2017

April 3-5 Omni Orlando Resort at Champion’s Gate

http://infosecworld.misti.com/

 

AIDE 2017 (Mark Boltz-Robinson keynote speaker)

April 3-7, Information Security Program will be on the Thursday, April 6 and and Friday, April 7

Marshall University Forensic Science Center

1401 Forensic Science Dr

Huntington, WV

http://appyide.org

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

April 22, 2017

SOLDOUT

There's a waitlist

 

BSidesCharm

http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

SOLDOUT

There's a waitlist

 

Th0tcon 0x8 (Chicagoland con)

May 4-5, 2017

http://thotcon.org

SOLDOUT

 

HackMiami

May 19-21, 2017

https://www.hackmiami.com

 

BSides London

June 7

London

CFP is open

Call for Workshops is open

CFP and Call for Workshops closes on 3/27

https://www.securitybsides.org.uk/

 

DerbyCon 7.0  “Legacy”

Call for Trainers will open March 6th, 2017 and close on April 14th, 2017.

Sponsorships open to public March 7th, 2017 (contact info [at] derbycon.com if interested).

Training Tickets will go on sale May 1st, 2017.

Tickets will go on sale for general admission May 6th (Derby Day) 2017.

Call for Papers will open April 1st 2017 and close July 1st, 2017.

DerbyCon training is on September 20th and 21st, 2017.

DerbyCon the conference runs from September 22nd to the 24th, 2017.

https://www.derbycon.com

 

Hack3rCon 8

The “Ocho”

Nov. 17 – 19, 2017

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/


 

Stories

 

Russian bank claims effort to frame it for connections to Trump Organization

http://www.cnn.com/2017/03/17/politics/alfa-bank-trump-dns-hack/index.html

 

THE CYBERSECURITY INDUSTRY HAS FAILED CONSUMERS: TIME TO GET SMART ABOUT 'DUMB' HOMES

http://www.newsweek.com/cybersecurity-industry-failed-threat-572949

 

SHUT THE BACKDOOR! MORE IOT CYBERSECURITY PROBLEMS

http://hackaday.com/2017/03/22/shut-the-backdoor-more-iot-cybersecurity/

 

Four Men Charged With Hacking 500M Yahoo Accounts

https://krebsonsecurity.com/2017/03/four-men-charged-with-hacking-500m-yahoo-accounts/

 

Was Yahoo a sanctioned FSB operation or a rogue operation?

https://medium.com/@jeffreycarr/was-yahoo-a-sanctioned-fsb-operation-or-a-rogue-operation-b8826b7f4c92#.6hxptho1c

 

McDonald’s Says Account Was Compromised Before Anti-Trump Tweet

https://www.bloomberg.com/news/articles/2017-03-16/mcdonald-s-says-account-was-compromised-before-anti-trump-tweet

 

VM Escape Earns Hackers $105K at Pwn2Own

https://threatpost.com/vm-escape-earns-hackers-105k-at-pwn2own/124397/

 

LastPass: websiteConnector.js content script allows proxying internal RPC commands

https://bugs.chromium.org/p/project-zero/issues/detail?id=1209

 

Cisco Vault 7 Leak - 0 day with 318 Products - because, telnet

https://www.bleepingcomputer.com/news/security/ciscos-investigation-into-vault-7-leak-uncovers-0-day-affecting-318-products/

 

Hackers Threaten to Remotely Wipe 300 Million iPhones Unless Apple Pays Ransom

http://thehackernews.com/2017/03/hacking-apple-icloud-account.html

 

The Senate just voted to undo landmark rules covering your Internet privacy

https://www.washingtonpost.com/news/the-switch/wp/2017/03/23/congress-is-poised-to-undo-landmark-rules-covering-your-internet-privacy/?utm_term=.98dc3656acd9

 

Mike Baker’s Talk - How to hack all the bug bounty things automagically & reap the rewards (profit)!

https://www.irongeek.com/i.php?page=videos/securewv-hack3rcon2016/117-how-to-hack-all-the-bug-bounty-things-automagically-reap-the-rewards-profit-mike-baker

 

Windows 'DoubleAgent' Attack Turns AV Tools into Malware

http://www.darkreading.com/threat-intelligence/windows-doubleagent-attack-turns-av-tools-into-malware-/d/d-id/1328462?

 

Source Code:  https://github.com/Cybellum/DoubleAgent

 

Reboot It! Episode 68 with Bill Gardner, Amanda Berlin, Joshua Marpet, and Scott Lyons

Upcoming Conferences

 

Bsides Indy

March 11

http://www.bsidesindy.com

 

Bloomcon

March 24-25

Bloomsburg, PA

http://bloomcon.com/

 

AIDE 2017 (Mark Boltz-Robinson keynote speaker)

April 3-7, Information Security Program will be on the Thursday, April 6 and and Friday, April 7

Marshall University Forensic Science Center

1401 Forensic Science Dr

Huntington, WV

Call for Sponsors is also Open

http://appyide.org

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

April 22, 2017

SOLDOUT

There's a waitlist

 

BSidesCharm

http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

SOLDOUT

There's a waitlist

 

Th0tcon 0x8 (Chicagoland con)

May 4-5, 2017

http://thotcon.org

SOLDOUT

 

HackMiami

May 19-21, 2017

https://www.hackmiami.com

 

BSides London

June 7

London

CFP is open

Call for Workshops is open

CFP and Call for Workshops closes on 3/27

https://www.securitybsides.org.uk/

 

DerbyCon 7.0  “Legacy”

Call for Trainers will open March 6th, 2017 and close on April 14th, 2017.

Sponsorships open to public March 7th, 2017 (contact info [at] derbycon.com if interested).

Training Tickets will go on sale May 1st, 2017.

Tickets will go on sale for general admission May 6th (Derby Day) 2017.

Call for Papers will open April 1st 2017 and close July 1st, 2017.

DerbyCon training is on September 20th and 21st, 2017.

DerbyCon the conference runs from September 22nd to the 24th, 2017.

https://www.derbycon.com

 

Hack3rCon 8

The “Ocho”

Nov. 17 – 19, 2017

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/


 

Stories

 

Trump White House shopping for high-end security software to plug leaks

http://foreignpolicy.com/2017/03/03/trump-white-house-shopping-for-technology-to-plug-leaks/

 

DOJ says it would rather drop a child porn case than reveal technical details about the FBI's Tor Browser exploit, as a court had ordered.

https://twitter.com/bradheath/status/837846963471122432/photo/1

 

U.S. drops child porn case to avoid disclosing Tor exploit

http://www.computerworld.com/article/3176541/security/us-drops-child-porn-case-to-avoid-disclosing-tor-exploit.html#tk.rss_security

 

American Bar Association to offer cybersecurity insurance to law firms: After a year which saw multiple law firms end up in the headlines for data breaches, the American Bar Association expanded its insurance program last week to offer cybersecurity coverage.

https://www.cyberscoop.com/american-bar-association-cybersecurity-insurance/

 

Metasploit team released Metasploit Vulnerable Services Emulator

http://securityaffairs.co/wordpress/56886/hacking/metasploit-vulnerable-services-emulator.html

 

Uber's Secret App for Tracking Cops Sounds Creepy as Hell

http://gizmodo.com/ubers-secret-app-for-tracking-cops-sounds-creepy-as-hel-1792949962

 

Microsoft bug bounty: Now it doubles cash to put more focus on Office 365 flaws

http://www.zdnet.com/article/microsoft-bug-bounty-now-it-doubles-cash-to-put-more-focus-on-office-365-flaws/

 

Danbury trustees pick dog show date

http://www.sanduskyregister.com/story/201703080042

 

Yahoo says about 32 million accounts accessed using 'forged cookies'

http://www.reuters.com/article/us-yahoo-databreach-idUSKBN1685UY

 

Police looking for man who stole Chevy Equinox and 9 baby parrots

http://www.abcactionnews.com/news/region-pinellas/police-looking-for-man-who-stole-chevy-equinox-and-9-baby-parrots

 

WikiLeaks releases 'entire hacking capacity of the CIA' - Vault7

http://www.foxnews.com/us/2017/03/07/wikileaks-releases-entire-hacking-capacity-cia.html

 

Social-Engineer Toolkit (SET) v7.6 codename "Vault7"

https://github.com/trustedsec/social-engineer-toolkit


 

Reboot It! Episode 67 with Bill Gardner, Amanda Berlin, and Mark Boltz-Robinson



 

Upcoming Conferences

 

Bsides Indy

March 11

http://www.bsidesindy.com

 

Bloomcon

March 24-25

Bloomsburg, PA

http://bloomcon.com/

 

AIDE 2017 (Mark Boltz-Robinson keynote speaker)

April 3-7, Information Security Program will be on the Thursday, April 6 and and Friday, April 7

Marshall University Forensic Science Center

1401 Forensic Science Dr

Huntington, WV

CFP is Open

Call for Sponsors is also Open

http://appyide.org

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

April 22, 2017

 

BSidesCharm http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

CFP open

 

Th0tcon 0x8 (Chicagoland con)

May 4-5, 2017

http://thotcon.org

 

HackMiami

May 19-21, 2017

https://www.hackmiami.com

 

BSides London

June 7

London

CFP is open

Call for Workshops is open

https://www.securitybsides.org.uk/

 

DerbyCon 7.0  “Legacy”

Call for Trainers will open March 6th, 2017 and close on April 14th, 2017.

Sponsorships open to public March 7th, 2017 (contact info [at] derbycon.com if interested).

Training Tickets will go on sale May 1st, 2017.

Tickets will go on sale for general admission May 6th (Derby Day) 2017.

Call for Papers will open April 1st 2017 and close July 1st, 2017.

DerbyCon training is on September 20th and 21st, 2017.

DerbyCon the conference runs from September 22nd to the 24th, 2017.

https://www.derbycon.com

 

Hack3rCon 8

The “Ocho”

Nov. 17 – 19, 2017

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/


 

Stories

 

Data from connected CloudPets teddy bears leaked and ransomed, exposing kids' voice messages https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/

 

How a typo took down S3, the backbone of the internet

http://www.theverge.com/2017/3/2/14792442/amazon-s3-outage-cause-typo-internet-server

 

Car Hacker's Handbook Released As A Free Download

http://opengarages.org/handbook/

 

Don’t Talk Trash on Slack

https://motherboard.vice.com/en_us/article/dont-talk-trash-on-slack

 

Sex wearable is coming to track your performance and judge you

https://www.cnet.com/news/icon-smart-condom-ring/?ftag=COS-05-10aaa0b&linkId=35064659

 

Defensive Security Handbook

http://shop.oreilly.com/product/0636920051671.do

Reboot It! Episode 66 with Bill Gardner, Amanda Berlin, and Mark Boltz-Robinson

Upcoming Conferences

 

AIDE 2017 (Mark Boltz-Robinson keynote speaker)

April 3-7, Information Security Program will be on the Thursday, April 6 and and Friday, April 7

Marshall University Forensic Science Center

1401 Forensic Science Dr

Huntington, WV

CFP is Open

Call for Sponsors is also Open

http://appyide.org

 

BSides NoVA

February 25, 2017

http://www.bsidesnova.org/

 

Bsides Indy

March 11

http://www.bsidesindy.com

 

Bloomcon

March 24-25

Bloomsburg, PA

http://bloomcon.com/

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

April 22, 2017

 

BSidesCharm http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

CFP open

 

Th0tcon 0x8 (Chicagoland con)

May 4-5, 2017

http://thotcon.org

 

HackMiami

May 19-21, 2017

https://www.hackmiami.com

 

Hack3rCon 8

The “Ocho”

Nov. 17 – 19, 2017

South Charleston, WV

CFP opens on June 1, 2017

http://securewv.com/


 

Stories

 

PoliceOne, a forum used only by only verified law enforcement officials, has been hacked and data dump was offered for sale in a dark web market.

http://securityaffairs.co/wordpress/55967/data-breach/policeone-data-breach.html

 

What Vizio was doing behind the TV screen

https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen

 

Samsung warns customers not to discuss personal information in front of smart TVs

http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs

 

Amazon refusing to hand over data on whether Alexa overheard a murder

https://arstechnica.com/tech-policy/2017/02/amazon-wont-disclose-if-alexa-witnessed-a-murder/

 

Steve Bannon sunk $60M of Goldman Sachs' money into a failed World of Warcraft goldfarming scheme

https://boingboing.net/2017/02/09/steve-bannon-sunk-60m-of-gold.html

 

EFF: Border Security Overreach Continues: DHS Wants Social Media Login Information

https://www.eff.org/deeplinks/2017/02/border-security-overreach-continues-dhs-wants-social-media-login-information

 

Hack reveals data company Cellebrite works with everyone from US cops to Russia (MB-R)

https://arstechnica.com/tech-policy/2017/01/hack-reveals-data-company-cellebrite-works-with-everyone-from-us-cops-to-russia/

 

Cloudflare Hacked - CloudFlare Security Breach: The Result Of Smart Social Engineering, Flaw In Google’s Account Recovery System

https://techcrunch.com/2012/06/04/cloudflare-security-breach-the-result-of-smart-social-engineering-flaw-in-googles-account-recovery-system/

(they have an awesome top tier bug bounty of a t-shirt)

https://hackerone.com/cloudflare

Reboot It! Episode 65 with Bill Gardner and Mark Boltz-Robinson

Recorded February 2, 2017

 

Upcoming Conferences

 

AIDE 2017

April 3-7, Information Security Program will be on the Thursday, April 6 and and Friday, April 7

Marshall University Forensic Science Center

1401 Forensic Science Dr

Huntington, WV

CFP is Open

Call for Sponsors is also Open

Website is in the process of being updated

 

BSides NoVA

February 25, 2017

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

April 22, 2017

 

BSidesCharm http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

CFP open

 

Th0tcon 0x8 (Chicagoland con)

May 4-5, 2017

http://thotcon.org

 

HackMiami

May 19-21, 2017

https://www.hackmiami.com

 

Stories

 

Trump taps Giuliani as cybersecurity adviser

http://www.usatoday.com/story/news/politics/onpolitics/2017/01/12/donald-trump-rudy-giuliani-russia-cybersecurity/96482616/

 

MacBook Pro Touch Bar banned from multiple state bar exams

https://www.engadget.com/2017/01/30/macbook-pro-touch-bar-banned-from-multiple-state-bar-exams/

 

Anonymous publish a simple guide on how to hack Donald Trump’s phone on Twitter

http://www.news.com.au/technology/online/social/anonymous-publish-a-simple-guide-on-how-to-hack-donald-trumps-phone-on-twitter/news-story/af65cf8d28f9fee8f5858e858dd29745

 

Delta operations returning to normal after systems outage..again

https://webinar.darkreading.com/2587?keycode=xxxxxx&_mc=sm_twt&cid=sm_twt&wc=4&hootPostID=6f8f33f99d9d6683ca5d5ffc2630c9b5

 

United flights delayed after computer glitch grounds US planes

http://www.cnbc.com/2017/01/22/all-united-airlines-domestic-flights-grounded-by-computer-outage.html

 

Netherlands to Hand Count Ballots for Parliamentary Elections

http://www.independent.co.uk/news/world/europe/netherlands-parliamentary-election-count-vote-by-hand-stop-hackers-cyber-crime-fraud-hacking-a7558701.html

Reboot It! Episode 64 with Bill Gardner, Benny Karnes, Adrian Crenshaw, and Mark Boltz-Robinson

Upcoming Conferences

 

Shmoocon  www.shmoocon.org

January 13-15, 2017

Washington Hilton Hotel

Washington, DC

 

BSidesNash (w/Amanda Berlin as keynote!)

https://bsidesnash.org

CFP open until December 31

April 22, 2017

 

BSidesCharm http://www.bsidescharm.com

April 29-30, 2017

Baltimore Convention Center

Baltimore, MD

CFP open

 

 

Stories

 

The CNN porn scare is how fake news spreads http://www.theverge.com/2016/11/25/13748226/cnn-accidentally-airs-porn-fake-news-boston

 

Russian propaganda effort helped spread ‘fake news’ during election, experts say

https://www.washingtonpost.com/business/economy/russian-propaganda-effort-helped-spread-fake-news-during-election-experts-say/2016/11/24/793903b6-8a40-4ca9-b712-716af66098fe_story.html?utm_campaign=pubexchange&utm_medium=referral&utm_source=huffingtonpost.com

 

HDD encryption ransomware locks payment terminals at all San Francisco transit stations

http://www.sfexaminer.com/hacked-appears-muni-stations-fare-payment-system-crashes/

 

San Francisco Rail System Hacker Hacked

https://krebsonsecurity.com/2016/11/san-francisco-rail-system-hacker-hacked/

 

Hackers disable Carleton University computer system, demand bitcoins

http://globalnews.ca/news/3097388/hackers-disable-carleton-university-computer-system-demand-bitcoins/

 

Enigma codebreaking site to become elite UK cyber defense school

http://www.cnn.com/2016/11/24/europe/uk-bletchley-park-college/index.html?sr=twCNN112516uk-bletchley-park-college0335PMVODtopLink&linkId=31566354

 

Privacy eyeglasses use reflective material to avoid surveillance cameras.

https://www.kickstarter.com/projects/reflectacles/reflectacles-reflective-eyewear-and-sunglasses

 

Kaspersky “Hack-proof” operating system
http://thehackernews.com/2016/11/kaspersky-operating-system.html

https://eugene.kaspersky.com/2012/10/16/kl-developing-its-own-operating-system-we-confirm-the-rumors-and-end-the-speculation/

 

Every Windows 10 in-place Upgrade is a SEVERE Security risk - Win-Fu Official Blog

http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html?m=1

 

iPhones Secretly Send Call History to Apple, Security Firm Says - The Intercept

https://theintercept.com/2016/11/17/iphones-secretly-send-call-history-to-apple-security-firm-says/

 

More than one million Google accounts hit by malware

http://www.cbsnews.com/news/google-accounts-malicious-software-android/?ftag=CNM-00-10aab7e&linkId=31770030

Reboot It! Episode 63 with Bill Gardner and Mark Boltz-Robinson

Upcoming Conferences

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

Tickets are on sale!

http://securewv.com/registration.html

Looking for Sponsors!

http://securewv.com/sponsorship.html

CTF Page - Watch for more information!

 

BSidesCharm CFP open

http://www.bsidescharm.com

A variety of other BSides coming up soon, see securitybsides.com for info

 

Shmoocon round 2 F5 madness on 12/1. First round 600 tickets sold in 4.19 seconds
    Also CFP is open until 11/18  www.shmoocon.org

 

Stories

 

Why can't Americans vote online?

http://www.cnn.com/2011/11/08/tech/web/online-voting/

 

Indiana county government shut down by ransomware to pay up

http://arstechnica.com/security/2016/11/indiana-county-government-shut-down-by-ransomware-to-pay-up/

 

Yes, Donald Trump, the FBI Can Vet 650,000 Emails in Eight Days

https://www.wired.com/2016/11/yes-donald-trump-fbi-can-vet-650000-emails-eight-days/?mbid=social_fb

 

U.S. Govt. Hackers Ready to Hit Back If Russia Tries to Disrupt Election

http://www.nbcnews.com/news/us-news/u-s-hackers-ready-hit-back-if-russia-disrupts-election-n677936?cid=sm_tw

 

As Rule 41 deadline looms, an "expansion" of FBI hacking powers looks likely

http://www.zdnet.com/article/mass-hacking-rule-change-set-to-happen/

 

DDoS attack takes down HVAC in Finnish apartments

http://thehackernews.com/2016/11/heating-system-hacked.htm

Reboot It! Episode 62 with Bill Gardner and Benny Karnes

Upcoming Conferences

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

Tickets are on sale!

http://securewv.com/registration.html

Looking for Sponsors!

http://securewv.com/sponsorship.html

CTF Page - Watch for more information!

 

 

Stories

 

Paypal 2FA Bypass

https://henryhoggard.co.uk/blog/Paypal-2FA-Bypass

 

Mirai botnets linked to massive DDoS attacks on Dyn DNS, Flashpoint says

http://www.scmagazine.com/mirai-botnets-linked-to-massive-ddos-attacks-on-dyn-dns-flashpoint-says/article/567607/

 

Internet of Things Scanner - Check if your internet-connected devices at home are public on Shodan. If they are, this means they are accessible to the public, and hackers. http://iotscanner.bullguard.com/

 

Webcams used to attack Reddit and Twitter recalled

http://www.bbc.com/news/technology-37750798

 

New, more-powerful IoT botnet infects 3,500 devices in 5 days - Discovery of Linux/IRCTelnet suggests troubling new DDoS menace could get worse: http://arstechnica.com/security/2016/11/new-iot-botnet-that-borrows-from-notorious-mirai-infects-3500-devices/

 

Anonymous’ Most Notorious Hacker Is Back, and He’s Gone Legit

https://www.wired.com/2016/10/anonymous-notorious-hacker-back-hes-gone-legit/

 

Jester defaces Russian Foreign Affairs website

https://jesterscourt.cc/2016/10/23/soviet-russia-get-get-propagandered-guy-jingly-hat/

 

Anonymous claims it took down Ecuadorian govt webmail after embassy banned Assange from internet

https://www.rt.com/news/363851-assange-anonymous-ecuador-govt-email/

 

 

DirtyCOW:

What is it - LiveOverflow you channel: https://youtu.be/kEsshExn7aE

 

Wikipedia article: https://en.m.wikipedia.org/wiki/Dirty_COW

 

RedHat security notices: https://access.redhat.com/security/vulnerabilities/2706661

 

Reboot It! Episode 59 with Bill Gardner and Benny Karnes

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com


 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

http://securewv.com/cfp.html

Tickets are on sale!

http://securewv.com/registration.html

Looking for Sponsors!

http://securewv.com/sponsorship.html

CTF Page - Watch for more information!

 

Announcements

Book Give-Away - “Masters of Deception: The Gang That Ruled Cyberspace”


 

Stories

 

The Dropbox hack is real

https://www.troyhunt.com/the-dropbox-hack-is-real/

 

How to I enable two-step verification for Dropbox

https://www.dropbox.com/en/help/363

 

FTC Releases Alert on Securing Personal Information When Using Rental Vehicles

https://www.us-cert.gov/ncas/current-activity/2016/08/30/FTC-Releases-Alert-Securing-Personal-Information-When-Using-Rental

 

Revamped L0phtCrack 7 Audits Windows and Unix Passwords Up to 500 Times Faster

http://www.l0phtcrack.com/2016/08/646/

 

Feds warn first responders of dangerous hacking tool: Google Search

http://arstechnica.com/security/2014/08/feds-warn-first-responders-of-dangerous-hacking-tool-google-search/

 

FBI says foreign hackers penetrated state election systems

https://www.yahoo.com/news/fbi-says-foreign-hackers-penetrated-000000175.html?soc_src=social-sh&soc_trk=tw

 

Homeland eyes special declaration to take charge of elections

http://www.washingtonexaminer.com/homeland-eyes-special-declaration-to-take-charge-of-elections/article/2600592

 

Stealing login credentials from a locked PC or Mac just got easier

http://arstechnica.com/security/2016/09/stealing-login-credentials-from-a-locked-pc-or-mac-just-got-easier/

Mubix’s (Rob Fuller) Blog post:

https://room362.com/post/2016/snagging-creds-from-locked-machines/

Reboot It! Episode 58 with Bill Gardner, Amanda Berlin, and Blair Gardner - Back to School

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com


 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

http://securewv.com/cfp.html

Tickets are on sale!

http://securewv.com/registration.html

Looking for Sponsors!

http://securewv.com/sponsorship.html

CTF Page - Watch for more information!

 

Announcements

Book Give-Away - “Masters of Deception: The Gang That Ruled Cyberspace”


 

Stories

 

Proof-of-concept exploit code for CVE-2016-5696

https://github.com/jduck/challack

 

The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender

https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/

 

Bake your own EXTRABACON

https://blog.silentsignal.eu/2016/08/25/bake-your-own-extrabacon/

 

Ashley Madison Blasted Over Fake Security Award as Lawsuit Moves Forward

http://fortune.com/2016/08/25/ashley-madison-report/

United Airlines Sets Minimum Bar on Security

https://krebsonsecurity.com/2016/08/united-airlines-sets-minimum-bar-on-security/

 

Mylan Reacts to EpiPen Backlash

http://www.wsj.com/articles/mylans-epipen-price-increases-highlight-its-grip-on-the-market-1472154769

 

Reboot It! Episode 57 with Bill Gardner and Rick Hayes - Shadow Brokers

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com


 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

http://securewv.com/cfp.html

Tickets are on sale!

http://securewv.com/registration.html

Looking for Sponsors!

http://securewv.com/sponsorship.html

CTF Page - Watch for more information!

 

Announcements

Book Give-Away - “Masters of Deception: The Gang That Ruled Cyberspace”


 

Stories

 

The Long Journey to the US!

http://www.hackersforcharity.org/long-journey/the-long-journey-to-the-us/

 

Katana 4.0

https://sourceforge.net/projects/katana-usb/files/v4.0/

http://www.hackfromacave.net/katana/install.html

 

The Shadow Brokers hack is starting to look like Russia vs. NSA

http://www.theverge.com/2016/8/17/12519804/shadow-brokers-russia-nsa-hack-equation-group

 

Cisco and Fortinet say vulnerabilities disclosed in ‘NSA hack’ are legit

https://techcrunch.com/2016/08/17/cisco-and-fortinet-say-vulnerabilities-disclosed-in-nsa-hack-are-legit/

Edward Snowden Points to Russia on Alleged NSA Hack

http://fortune.com/2016/08/16/edward-snowden-nsa-hack-russia/?xid=soc_socialflow_facebook_FORTUNE

 

Former NSA Staffers: Rogue Insider Could Be Behind NSA Data Dump

http://motherboard.vice.com/read/former-nsa-staffers-rogue-insider-shadow-brokers-theory

 

Cisco Shares Fall After CRN Report of as Many as 14,000 Job Cuts

http://www.bloomberg.com/news/articles/2016-08-17/cisco-plans-to-cut-up-to-14-000-jobs-in-coming-weeks-crn-says

 

NIST’s new password rules – what you need to know

https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/

 

Microsoft PowerShell goes open source, lands on Linux and Mac

http://www.pcworld.com/article/3109176/open-source-tools/microsoft-powershell-goes-open-source-and-lands-on-linux-and-mac.html

 

Uber’s First Self-Driving Fleet Arrives in Pittsburgh This Month

http://www.bloomberg.com/news/features/2016-08-18/uber-s-first-self-driving-fleet-arrives-in-pittsburgh-this-month-is06r7on

 

PayPal patches 2FA portal bug

http://www.theregister.co.uk/2016/08/18/paypal_patches_2fa_portal_bug/

 

Reboot It! Episode 56 with Bill Gardner and Benny Karnes - Hacker Summer Camp

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com


 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

http://securewv.com/cfp.html

Tickets are on sale!

http://securewv.com/registration.html

Looking for Sponsors!

http://securewv.com/sponsorship.html

CTF Page - Watch for more information!

 

Announcements

Book Give-Away - “Masters of Deception: The Gang That Ruled Cyberspace” - Submit a talk to SecureWV/Hack3rcon and be entered to win.

Stories

Delta Warns of Chaos After Power Outage, Worldwide System Failure

http://www.nbcnews.com/news/us-news/delta-system-outage-triggers-delays-worldwide-n625141

 

Hackers Make the First-Ever Ransomware for Smart Thermostats

http://motherboard.vice.com/read/internet-of-things-ransomware-smart-thermostat?utm_source=mbtwitter

 

Data Breach At Oracle’s MICROS Point-of-Sale Division

http://krebsonsecurity.com/2016/08/data-breach-at-oracles-micros-point-of-sale-division/

 

Breach Forces Password Change on Oracle MICROS PoS Customers

https://threatpost.com/breach-forces-password-change-on-oracle-micros-pos-customers/119754/

 

Why Hackers Are Getting 'All Political' This Election Year

http://www.darkreading.com/why-hackers-are-getting-all-political-this-election-year/d/d-id/1326551?_mc=RSS_DR_EDT

 

A New Wireless Hack Can Unlock 100 Million Volkswagens

https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/

 

Reboot It! Episode 55- with Bill Gardner, @0bikao, and Kyle Stone (@essobi) - Russia Did it … Maybe

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com

CFP is Open!

 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

Tickets are on sale!

Looking for Sponsors!

CTF Page - Watch for more information!

 

 

Stories

Police get dead man's finger 3D-printed to unlock his phone

https://www.engadget.com/2016/07/21/police-get-dead-man-s-finger-3d-printed-to-unlock-his-phone/?sr_source=Facebook

 

Feds shut down tech support scammers, freeze assets

http://www.computerworld.com/article/3097576/malware-vulnerabilities/feds-shut-down-tech-support-scammers-freeze-assets.html

 

GUCCIFER 2.0 DNC’S SERVERS HACKED BY A LONE HACKER

https://guccifer2.wordpress.com/2016/06/15/dnc/

 

Exploring Russian ties to the men lurking behind Trump

http://thehill.com/blogs/pundits-blog/presidential-campaign/289047-exploring-russian-ties-to-the-men-lurking-behind#.V5YcgRotBKs.facebook

 

In a major cyber-hack, whom do you call? The White House spells it out.

https://www.washingtonpost.com/world/national-security/in-a-major-cyber-hack-who-do-you-call-the-white-house-spells-it-out/2016/07/26/08b3287e-52db-11e6-bbf5-957ad17b4385_story.html

 

If Russian Intelligence Did Hack the DNC, the NSA Would Know, Snowden Says

https://theintercept.com/2016/07/26/russian-intelligence-hack-dnc-nsa-know-snowden-says/

 

New evidence suggests DNC hackers penetrated deeper than previously thought

http://arstechnica.com/security/2016/07/new-evidence-suggests-dnc-hackers-penetrated-deeper-than-previously-thought/

 

Presidential Policy Directive -- United States Cyber Incident Coordination

https://www.whitehouse.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident

 

What's next for Flickr after Yahoo's sale?

https://www.theguardian.com/technology/2016/jul/25/yahoo-moves-next-for-flickr

 

NIST declares the age of SMS-based 2-factor authentication over

https://techcrunch.com/2016/07/25/nist-declares-the-age-of-sms-based-2-factor-authentication-over/

 

New attack bypasses HTTPS protection on Macs, Windows, and Linux

http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/

 

Zero-day hole can pwn millions of LastPass users, all that's needed is a malicious site

http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/



 

Reboot It! Episode 54 - with Bill Gardner, Benny Karnes, and Mark Boltz-Robinson - Defcon is canceled...again

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com

CFP is Open!

 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

Tickets are on sale!

Looking for Sponsors!

CTF Page - Watch for more information!

 

 

Stories

 

Pokemon Go down: Hacking group claims responsibility for bringing down game's servers 'with DDOS attack'

http://www.independent.co.uk/life-style/gadgets-and-tech/gaming/pokemon-go-down-servers-ddos-attack-hackers-poodlecorp-game-unavailable-a7140811.html

 

Hacker faces longer sentence than rapist

http://www.techworm.net/2016/07/hacker-faces-longer-sentence-rapist-exposing-via-web-hack.html

 

How the Real Hackers Behind Mr. Robot Get It So Right

https://www.wired.com/2016/07/real-hackers-behind-mr-robot-get-right

 

Ubuntu Linux Forum Hacked...Again

http://thehackernews.com/2016/07/ubuntu-hacked.html

 

Two Million Passwords Breached in Ubuntu Hack

https://threatpost.com/two-million-passwords-breached-in-ubuntu-hack/119335/


 

HIPAA Guidance on Reporting Ransomware

http://www.scmagazine.com/hhs-healthcare-groups-must-report-all-ransomware-attacks/article/509630/

 

FIAT Chrysler Launches Detroit's First 'Bug Bounty' for Hackers

https://www.wired.com/2016/07/chrysler-launches-detroits-first-bug-bounty-hackers/

 

Inside the diabolical Ukrainian hack that put the U.S. grid on high alert

http://www.eenews.net/stories/1060040399

 

ATM broken into with just a smartphone

http://securityphresh.com/security-news-display.php?newsid=71416&utm_source=dlvr.it&utm_medium=twitter

 

OpenSSH has user enumeration bug

http://www.theregister.co.uk/2016/07/17/openssh_has_user_enumeration_bug/?mt=1468849929557

 

Cici’s Pizza: Card Breach at 130+ Locations

http://krebsonsecurity.com/2016/07/cicis-pizza-card-breach-at-130-locations/

 

Reboot It! Episode 53 - with Bill Gardner and Benny Karnes - Go Pokémon Go

Upcoming Conferences

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com

CFP is Open!

 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

http://www.bsidesdc.org/

 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

Tickets are on sale!

Looking for Sponsors!

 

Announcements:

304 Geeks Flood Disaster Free Data Recovery Service

For more information Email us at wvfloodrecovery@securewv.org

Or call us and leave a message at 304-389-3828

 

Computers and successfully recovered data can be picked up from 9 a.m. to 4 p.m. July 23.


 

Stories

Pokémon Go poses a huge privacy and security threat

http://adamreeve.tumblr.com/post/147120922009/pokemon-go-is-a-huge-security-risk


 

DroidJack Uses Side-Load…It's Super Effective! Backdoored Pokemon GO Android App Found

https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdoored-pokemon-go-android-app

 

Armed muggers use Pokémon Go to find victims

http://arstechnica.com/gaming/2016/07/armed-muggers-use-pokemon-go-to-find-victims/

 

Niantic’s Statement on Permissions

http://support.pokemongo.nianticlabs.com/hc/en-us/articles/222648408-Permissions-update

 

First Business Associate HIPAA Penalty Announced

http://www.databreachtoday.com/first-business-associate-hipaa-penalty-announced-a-9238?rf=2016-07-09-edbt&mkt_tok=eyJpIjoiTWpneU9XUmxOV05rT0dZNCIsInQiOiJqOTI5MnZzZitodEgwN1pkcVBGSjgyZm0zeEI5M1MxQlRmT3Q2RVd1V3laQ1Nuamd0NXp6WTJqTEpnSFlWRVMyb2VLdFpnQ1JmU05aZ1RXWUlNRkRcL2Npd0xlc3BiSXBWR0pRV0RFT3N6T3M9In0%3D

 

Symantec - the popular computer protector - may actually help hackers, feds warn

http://money.cnn.com/2016/07/07/technology/symantec-unsafe/

 

Amazon Kindle Servers Breached, 80,000 Amazon Users’ Passwords and Personal Information Leaked

http://www.techworm.net/2016/07/amazon-kindle-servers-breached-80000-amazon-users-passwords-personal-information-leaked.html

 

Oklahoma DPS and Bank Security Exposure

https://mackeeper.com/blog/post/245-oklahoma-dps-and-bank-security-exposure

 

China hacked the FDIC - and US officials covered it up, report says

http://money.cnn.com/2016/07/13/technology/china-fdic-hack/index.html