HackDig : Dig high-quality web security articles for hackers

Black Hat Survey: Hackers Are After Contractors & IT Admins

Results of a survey conducted at this year’s Black Hat 2014 hacking conference in Las Vegas recently revealed the main drivers behind attackers and who they primarily target in attempts to compromise valuable data.The results showed the greatest risk is bared by contractors and IT administrators, with about 40 percent of respondents claiming they would likel
Publish At:2014-09-18 00:00 | Read:2914 | Comments:0 | Tags:Top Security Stories Black Hat 2014 hacker survey Thyotic

Security Slice: Internet Security in Five “Easy” Steps

During his speech at Black Hat, Dan Geer, CIO of the CIA’s investment arm In-Q-Tel, laid out a five-point plan to fix online security. Steps in this plan included:holding software vendors accountable for bad productsgiving IOT devices a remote management interface or a fixed lifetime andhaving the governments buy every new software bugHow feasible is this pl
Publish At:2014-09-02 11:30 | Read:4316 | Comments:0 | Tags:Security Slice Black Hat 2014 Cyber Security Dan Geer

How To Ruin Your Day But Save Your Year

I had the pleasure of attending the Black Hat conference earlier this month in Las Vegas, where we were excited to host a few of our customers to share their experience with Tripwire and how they utilize or solutions in their environments. If you didn’t get a chance to stop by our booth, here is a brief recap of their insightful presentations. We also had gr
Publish At:2014-08-20 13:40 | Read:4454 | Comments:0 | Tags:Connecting Security to the Business Black Hat 2014 CSC DSW T

Easy Pickings at DEF CON Router Hacking Contest

It’s becoming cliché to say it’s trivial to pop a small office or home router. Vendors are making it easy, since most are interested in cramming features such as print, file and media servers into these boxes and less so on basic security measures. Therefore, it sometimes helps to illustrate the triviality of popping a home router.Take Tripwire security rese
Publish At:2014-08-14 19:00 | Read:3550 | Comments:0 | Tags:Hacks Vulnerabilities Black Hat 2014 DEF CON 2014 Home route

Is EMET Dead?

Exploit mitigation techniques have come a long way. In the 90s, any stack overflow was trivial to exploit for arbitrary code execution but over time, the protections have expanded.We now have DEP to prevent execution of user-writable data and ASLR to randomize the addresses space, making it harder to predict where a payload or a library would exist in memory
Publish At:2014-08-14 16:40 | Read:4233 | Comments:0 | Tags:Featured Articles Vulnerability Management Black Hat 2014 CF

Cybersecurity as Realpolitik – Lessons from BlackHat 2014

Realpolitik (rāˈälˌpōliˌtēk): a system of politics or principles based on practical rather than moral or ideological considerations.Vegas in July. The only attraction to that proposition is the fact that I got to see old friends, meet new acquaintances and put my brain to work early in the morning during the keynote at Black Hat. I had never met Dan Geer bef
Publish At:2014-08-13 06:20 | Read:3745 | Comments:0 | Tags:Cyber Security Black Hat 2014 cybersecurity Dan Geer

Black Hat and DEF CON Wrap Up

Dennis Fisher and Mike Mimoso look back on the news from the last week in Las Vegas at Black Hat and DEF CON, including the Blackphone rooting, the Computrace research and the more upbeat mood at the conferences this year.http://threatpost.com/files/2014/08/digital_underground_162.mp3Download: digital_underground_162.mp3Music by Chris GonsalvesImage via Blac
Publish At:2014-08-12 16:10 | Read:3597 | Comments:0 | Tags:Hacks Podcasts Vulnerabilities Black Hat Black Hat 2014 Blac

DEFCON 22: Hacking Airports, Airplanes and Airwaves

After a hack-filled week at Black Hat and DEFCON, I realize Las Vegas has always been the appropriate place for these events because much like the virtual world, it shouldn’t exist. Like the Internet, the city sprung up where there was nothing, created through a combination of human ingenuity, tenacity and of course, a bit of greed.Much like Las Vegas, we ar
Publish At:2014-08-11 23:30 | Read:3737 | Comments:0 | Tags:Vulnerability Management Black Hat 2014 DEFCON 2014 hacking

Move Over Web Security, Embedded Devices Are Darling of Black Hat

At the risk of diving headfirst into the Internet of Things fray, embedded device security emerged as a shiny new penny during last week’s Black Hat and DEF CON festivities. Firmware is the new hacker black, and everything from USB sticks, to home routers, to automobiles is in play for exploits, data theft and privacy erosion.While it may take a bit more ing
Publish At:2014-08-11 15:20 | Read:4872 | Comments:0 | Tags:Government Hacks Malware Privacy Vulnerabilities Web Securit

Black Hat 2014: Nest Hack or Hardware Fail?

At Black Hat, I attended “Smart Nest Thermostat: A Smart Spy In Your Home,” presented by researchers from the the University of Central Florida. From the title, you would think that all Nest users were doomed, but this was far from the case.In fact, in the first part of the talk the researchers discussed the steps that Nest has taken in securing
Publish At:2014-08-10 14:07 | Read:4759 | Comments:0 | Tags:Vulnerability Management Black Hat 2014 hack Nest

Yahoo! Mail to Offer Users End-to-End Encryption Next Year

Yahoo!’s Chief Information Security Officer Alex Stamos announced at the Black Hat 2014 conference this week the company’s plans to release an end-to-end PGP encryption option in its mail service next year.Only a few months ago Google introduced a PGP-based encryption plugin for Gmail. Now, Yahoo! plans to use a modified version of the same end-to-end browse
Publish At:2014-08-10 14:07 | Read:5792 | Comments:0 | Tags:Top Security Stories Alex Stamos Black Hat 2014 encryption E

Expert Warns of Chip-and-PIN Pitfalls

LAS VEGAS – The inevitable changeover from magnetic strip-based payment cards to EMV, or chip-and-PIN, is coming for consumers and merchants in the United States. And coming along with it are a raft of weaknesses and real-world attacks that shoot holes in the presumption that EMV will remedy credit card fraud.Cambridge University professor Ross Anderson, a c
Publish At:2014-08-09 22:39 | Read:4118 | Comments:0 | Tags:Cryptography Vulnerabilities Black Hat 2014 Cambridge Univer