IoT-enabled botnets are all over the news, but the suspect devices are generally consumer-grade. In today's #internetoftriviallycompromisablethings update, 80 different industrial-tier IP cameras shipped with hard-coded creds, opening them up to all kinds of botnet mischief.
Sony has addressed the issue in the latest firmware updates for these devices, and updating is enthusiastically recommended.
Probably a good reminder that the higher prices for corporate-level gear do not imply better security practices.
If you want to devote some time to educating yourself on the current state of the Internet of Things, we suggest starting with the DEF CON 24 IoT Playlist.
Enjoy, share widely and run the latest firmware.
From now until DEF CON 25, we're offering monthly packages of exclusive, limited-edition DEF CON 25 swag.
The December pack is a crisp, fresh DEF CON 25 tee and a high-quality DC25 sticker. The design is courtesy of DEF CON staff artist Mar Williams, created especially for this package. Look sharp, gift like a boss and hide your laptop's shiny metal shame. Rock DEF CON 25 swag like you come from the future.
Watch this space: December 1, DEF CON has something nice for your holiday season. Even if you've been a little naughty.
Music lovers, rejoice! The live music selections from DEF CON 24 are here! Thanks to the generosity of the artists and the miracle of BitTorrent, you can help yourself to a curated selection of the tunes that rocked DC24. Enjoy the (metaphorical) stacks of (figurative) molten wax, in both standard formats and lossless FLACs.
As always, share widely and give the artists you dig some love.
The new Raspberry Pi hotness is Samy Kamkar's PoisonTap. It's a cheap (like dinner at Arby's cheap) device that pops locked machines fast (like the onset of Arby's regret fast). Samy posted a video demo on YouTube, and you should watch it.
If you dig Samy's style and want to see another of his low-fi, hi-yield hacks, we've got a #defconflashbackfriday video for you - Samy demoing inexpensive car/garage door exploiter 'RollJam' at DC23 in supremely informative and entertaining fashion.
Check it out, pass it on.
DEF CON 24 Speaker Patrick Wardle is back in the news with a warning about Shazam's macOS app. Apparently, turning off the app doesn't stop it from recording.
Which is weird, right?
If reading the article has you looking for a little more of Patrick's insights into macOS security, you can check out his talk 'I've Got 99 Problems, Little Snitch Ain't One.' from DC24.
Limber up your hard drives, my friends. If you seek the motherlode of DEF CON 24 content, look no further than our Torrents page. All the talks in multiple formats? Check. DARPA Cyber Grand Challenge content? Music? CTF files? Check, check, super check. Fire up your preferred netguzzler and get to guzzling. Enjoy, seed and share widely.
More hot playlist action - Internet of Troublingly Hackable Things edition! It's a gourmet selection of talks from the main track and the IoT Village. We recommend pairing it with an overcaffeinated beverage and wired headphones. Learn all you like, then make sure to pass it on.
Today's playlist is the DEF CON 24 Wireless Village Talks. Software Defined Radio, evil access point tricks, BLE hacking - it's all in there. If the wireless ecosystem and the hacking thereof floats your boat, it's time to make an appointment with our YouTube channel and get caught up.
As always, share the love and pass on the knowledge..
Today's DEF CON 24 playlist is called 'AFK'; it focuses on talks that deal with policy and ideas rather than hardware and code. Hacker Law superhero Jennifer Granick's talk on the state of the applicable law is in here, as are the 'Meet the Feds' and 'Ask the EFF' panels. There's a little something for every interest, from the venerable Richard Thieme's talk on the psychological toll of working with secrets to the Bob Ross Fan Club's talk on recognizing and neutralizing propaganda.
Thirteen talks in all, with lots of variety. Block off some time (or just put in headphones) and get yourself some. As always, share the love.
More playlists on the way!
The rollout of DEF CON 24 videos continues with 10 videos with a focus on car hacking. There’s a couple of presentations that deal with the CAN BUS, a deep dive into autonomous cars and even a couple specifically about big rigs. Seven of the ten talks come straight out of the Car Hacking Village!
There’s a weekend coming - maybe it’s time to curl up with a laptop and get up to speed on the rapidly expanding world of automotive hacking. As always, enjoy and pass it on.
Big playlist coming Monday!
Today we begin the rollout of the DEF CON 24 talks with a very diverse playlist of crypto and privacy focused presentations.
From the main tracks we have Ladar Levison on compulsory decryption and Nate Cardozo on the State of Crypto in 2016. We also have six talks from the Crypto and Privacy Village!
As ever, we want you to enjoy the presentations, get inspired and pass the knowledge along.
More talks tomorrow!
Today's #defconflashbackfriday is from DEF CON 24, and it's a fun one. Evan Booth's talk this year was on building a bionic hand out of a Keurig coffee maker, but it's also about imagination, creativity and finding potential in the commonplace and unremarkable tech that's all around us. As always, please enjoy, be inspired and pass it on.
DEF CON is on Instagram! We're posting a steady stream of pictures from the vaults, pictures of the preparations we're making for DEF CON 25 and various image-based shareables to amuse and edify all hackerkind. Follow us at wearedefcon and share your memories, your projects, or maybe all the exciting places you're wearing your DEF CON hat. We can't wait to see what you're up to.
DEF CON in the news: To kick off your week with a heaping helping of hope for the future, here's an article from Sara Sorcher and Ann Hermes at the Christian Science Monitor calling out 15 kids killing it in the cybersecurity space.
To our great joy, a bunch of those kids have in common the DEF CON kids' track, R00tz Asylum. CyFi, Kryptina, Evan, Miller and Emmitt - you make us prouder than you know.
The US Presidential election is a few weeks away. Whatever the outcome it’s safe to say this election is an inflection point. Hacked communications, data dumps and claims of state actors using media to influence the vote have dominated the news cycle. These factors and the anxiety and outrage fatigue that acccompany them are likely to be around a while, so it seemed like an opportune moment to repost Chris Rock’s talk on overthrowing governments. It’s a thought-provoking investigation into what it might take to use the modern landscape for toppling a regime, and it’s a good practical alternative to the generalized hysteria promoted by cable news.