Reboot It! Episode 50 - with Bill Gardner, Benny Karnes, Alex Hamerstone, David Lauer, Amanda Berlin, and Mark Boltz-Robinson

Upcoming Conferences

 

Bsides Cleveland

This weekend

 

Converge & Bsides Detroit

When: July 14-15 & 16

Where: Detroit, MI

http://www.convergeconference.org/main/

 

DerbyCon 6

When: September 21-25, 2016

Where: Louisville, KY
http://derbycon.com

CFP is Open!


 

SecureWV/Hack3rCon

When: November 18-20

Where: Charleston, WV

http://securewv.com/

CFP is Open!

Tickets are on sale!

Looking for Sponsors!

 

 

BSides DC

When: October 21-23, 2016

Where: Washington, DC

CFP ends June 30th!

http://www.bsidesdc.org/


 

Marshall University Digital Forensic Cyber Camp (June 28-30)

http://epay.wvsto.com/MarshallContinuingEducation/Digital-Forensic-Cyber-Camp-June-28-30-P1.aspx

Marshall University Digital Forensic Cyber Camp (July 12-14) http://epay.wvsto.com/MarshallContinuingEducation/Digital-Forensic-Cyber-Camp-July-12-14-P3.aspx

 

Python Coding Camp kicks off July 6 - The Robert C. Byrd Institute for Advanced Flexible Manufacturing (RCBI) Huntington

Learn to solve puzzles and create games!

 

The Robert C. Byrd Institute for Advanced Flexible Manufacturing (RCBI) is presenting a three-day camp for middle school and  high school students who are interested in learning computer coding. Join us July 6 – 8 from 1:30 to 4:30 p.m. daily as we introduce campers to Python (programming language). Campers will use it to create games and solve puzzles under the guidance of Bill Gardner, an Assistant Professor in the Digital Forensics and Information Assurance Program at Marshall University.

 

The cost is $60 for each camper and includes a copy of Python for Kids: A Playful Introduction to Programming.

 

Register here: http://www.rcbi.org/index.php/component/chronoforms5/?chronoform=Python%20Coding%20Camp

Or call 800.469.7224 for more information.



 

Stories

Pentagon wants more people to hack its websites and networks: And it will even pay them to do it.

https://www.engadget.com/2016/06/18/hack-the-pentagon-expansion/

The Department of Defense's Hack the Pentagon program was apparently so successful, the agency has decided to extend and develop new initiatives for it. Similar to Facebook's, Twitter's and Google's bug bounty projects, Hack the Pentagon paid white hackers for the vulnerabilities they discovered on the department's websites. It ran from April 18th until May 12th, 2016 and doled out over $70,000 in rewards. However, the initial run only covered five public-facing online properties -- defense.gov, dodlive.mil, dvidshub.net, myafn.net and dimoc.mil. The department believes that the concept will also "be successful when applied to many or all of DoD's other security challenges."

 

Starting this month, the agency will develop a new disclosure process and policy. It will anyone to report the flaws they find not only on DoD's websites, but also its systems, networks and applications without fear of repercussion. The department will expand the program to cover the services it offers and will offer incentives to contractors who open their systems for testing, as well.

 

The department's network was hacked more than once last year, with one instance leading to the temporary shutdown of its email system. All those instances might have compelled the agency to beef up its digital security in several way. Besides expanding its bug bounty program, the Pentagon has also hired Matt Cutts, the head of Google's Webspam team, to be part of its Defense Digital Service.

 

Home Depot sues Visa, MasterCard as PIN battle looms

http://www.zdnet.com/article/home-depot-sues-visa-mastercard-as-pin-battle-looms/

 

Among a bevy of grievances, the do-it-yourself retailer posits that Visa and MasterCard sought to block the adoption of chip-and-PIN on credit card transactions.

 

Home Depot filed an antitrust lawsuit in federal court this week against credit card giants Visa and MasterCard.

 

Among a bevy of grievances, the do-it-yourself retailer posits that Visa and MasterCard sought to block the adoption of chip-and-PIN on credit card transactions following the migration to EMV payment security standards last October. Additionally, the retailer argues that chip-and-signature is simply less secure than its chip-and-PIN counterpart.

 

"Visa and MasterCard know perfectly well that a signature alone, without the additional step of requiring a PIN, provides virtually no protection against many types of payment card fraud," Home Depot said in the lawsuit filed Monday in U.S. District Court for the northern district of Georgia.

 

Home Depot also contends that Visa and MasterCard chose to enforce the less-secure chip-and-signature standard because the networks collect higher merchant fees for routing signature-based card transactions as opposed to PIN.

 

Air, land, sea, cyber: NATO adds cyber to operation areas

http://bigstory.ap.org/article/b7a8330df0114498a1611257d4cb5d58/air-land-sea-cyber-nato-adds-cyber-operation-areas

 

BRUSSELS (AP) — NATO agreed Tuesday to make cyber operations part of its war domain, along with air, sea and land operations, and to beef up the defense of its computer networks.

 

NATO Secretary-General Jens Stoltenberg said the decision to formally consider cyber operations a military domain is not aimed at any one country. He says the allies need to be able to better defend themselves and respond to attacks on their computer networks.

 

The decision has been long in coming, particularly amid rising tensions with Russia, which has proven its willingness to launch computer-based attacks against other nations.

 

Russian hackers have been blamed for a breach into an unclassified Pentagon computer network and for a breach of NATO's computer network two years ago.

 

Stoltenberg was speaking at the meeting of NATO defense ministers.

 

About a year ago, U.S. Defense Secretary Ash Carter told NATO that it must improve its ability to protect itself before it builds its cyberwar capabilities. And he pledged that the U.S. would use its expertise to help allies assess their vulnerabilities and reduce the risk to their critical infrastructure.

 

In 2014, after years of debate, NATO finally agreed that a cyberattack could rise to the level of a military assault and could trigger the Article 5 protections, which allow the alliance to go to the collective defense of another member that has been attacked.

 

On Tuesday, Stoltenberg said that cyber must be a war domain, much like air, land and sea. He said the decision means that NATO will coordinate and organize efforts to protect against cyberattacks in a more efficient way.

 

And he noted that any hybrid military attack would include cyber operations as a key dimension.

 

GoToMyPC hit with hack attack; users need to reset passwords

http://www.pcworld.com/article/3085434/security/gotomypc-hit-with-hack-attack-users-need-to-reset-passwords.html

Citrix's remote access service got hit by a "sophisticated" attack over the weekend, prompting password resets for all GoToMyPC users.

If you use Citrix’s GoToMyPC remote desktop access service, you need to change your password. According to a post published to GoToMyPC’s system status page, the service experienced a hack attack this weekend, and it’s now requiring all users to reset their passwords before logging in to the service.

 

“Unfortunately, the GoToMYPC service has been targeted by a very sophisticated password attack,” the update reads. “To protect you, the security team recommended that we reset all customer passwords immediately.”

 

According to GoToMyPC, it wasn’t immediately clear that it was experiencing an attack: On Saturday, users reported being unable to log into their accounts, and were being forced to reset their password. Several hours later, GoToMyPC warned users of the attack.

 

Before you next use GoToMyPC, you’ll have to  reset your password. GoToMyPC recommends that you use a complex password that isn’t just a word straight out of the dictionary. It also suggests using two-step verification to help prevent attackers from accessing your account. For tips on how to create strong but memorable passwords…