blog trackingRealtime Web Statistics SXSW Archives | Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘SXSW’

Edward Snowden speaks at SXSW festival about surveillance

Fugitive NSA secrets leaker Edward Snowden urges audience members at the South by Southwest Interactive Festival in Austin, Texas, to take action against gov…

________________________ – – –

Julian Assange – SXSW – March 8 2014

Julian Assange SXSW Interactive – March 8th 2014 And Snowden 10 March 2014 https://www.yout…

________________________ – – –

Edward Snowden SXSW Speech Thoughts – Daily Blob – March 11, 2014

Today’s Topic: We talk about Edward Snowden’s appearance at SXSW on March 10th and discuss the lessons that can be taken away from it: T…

________________________ – – –

FULL: Edward Snowden and ACLU at SXSW

Edward Snowden speaks about privacy and technology with the ACLU’s Ben Wizner and Christopher Soghoian at SXSW Interactive. -Links are below- http://washingt…

________________________ – – –

The Hacker Wars @ SXSW Panel featuring Hacker Wars director…

The Hacker Wars @ SXSW Panel featuring Hacker Wars director Vivien Lesnik Weisman, Northwestern University Philosophy Professor Peter Ludlow, and renowned criminal lawyers and hacktivist advocates Tor Ekeland and Jay Leiderman. Saturday, March 8 9:30 — 10:30AM Radisson Town LakeRiverside Ballroom111 E Cesar Chavez, View full post on

View full post on The Cyber Wars

A$AP Rocky & Mob jump into crowd & start BRAWL @ 2012 SXSW after beer was thrown AT THEM!!

TheEndIsDeep was at the A$AP Rocky’s show where we were able to capture the A$AP Mob jump into the crowd after beer cans were thrown at them mulitple times…. Read More….

View full post on Hip Hop Security

SXSW: ‘Hot-spot honeypot’ hacker’s heaven

Darren Kitchen, 29, founder of Hak5 and creator of the WiFi Pineapple Mark IV honeypot.

Declan McCullagh/CNET)

AUSTIN, Texas–Some funny things were happening at the South by Southwest conference here today. My virtual private network connection kept getting disabled, and even stranger, on a friend’s laptop a window popped up showing an animated cartoon cat flying through the air with a rainbow in its wake.

The image, known as Nyan Cat after a popular 2011 Internet meme, immediately alarmed me because it was used by the hacker group LulzSec on at least one occasion. I joked about being hacked, and my friend quickly turned off his laptop. (See CNET’s related story about how to protect your Wi-Fi links, and a slideshow.)

A few minutes later we found the culprit around the corner standing in a Starbucks line: Darren Kitchen, founder of the Hak5 show, who had just given a talk about security at the conference. In his session he demonstrated for the audience how easy it can be to intercept unsecured Wi-Fi connections with a special router and custom software he wrote that he calls the WiFi Pineapple. His talk was appropriately titled “Securing Your Information in a Target Rich Environment.” During the demo, audience members who were surfing the Web were surprised when the silly music that plays during the Nyan Cat video blared out of their laptops.

Hacking Wi-Fi networks with the Pineapple Mark IV honeypot (photos)

Thousands of SXSW attendees with lots of social-media moxie but little to no security savvy were easy prey for a hacker like Kitchen. The interface he was using on his Galaxy Note smartphone showed a long list of BlackBerrys, iPhones, Androids, and laptops that thought they were connecting to the hotel or Starbucks Wi-Fi (which uses the name “attwifi”), but were actually being tricked by Kitchen’s WiFi Pineapple. “Nobody has any sense of security here,” he said, scrolling through the list of devices connected to his Wi-Fi router.

If he wanted to, Kitchen could do something malicious, like a man-in-the-middle attack, and steal passwords and other data from unwitting victims. But his mission is to educate people by demonstrating what the risks are and not attack them. So his device was programmed to replace every Web page on the Internet with a Nyan Cat.

“When the device is kicked off it tries to get back on the network, and since I’m in closer proximity than the Wi-Fi router, it picks up my signal instead,” Kitchen said. “In the demo I had half the audience connected to my Wi-Fi router.”

Basically, his WiFi Pineapple is what is known as a “Hot-spot Honeypot” that attracts the devices looking to connect to Wi-Fi. The devices send out probe requests when the user turns the Wi-Fi on or turns on the device, and then Wi-Fi is automatically enabled. The messages are asking for a connection from a list of Wi-Fi networks that the device has remembered. Kitchen’s router pretends to be the Wi-Fi network the user’s device is seeking. This only works with an open Wi-Fi network, not one that’s protected with the WPA encryption standard, which requires users to type in a password to connect. “It’s an inherent flaw in the trust model of open Wi-Fi,” he said.

Prototype software on his laptop was doing something similar with Wi-Fi connections, only the messages it was sending were de-authorization packets to interfere with the current Wi-Fi connection by saying the security equivalent of “this is not the Wi-Fi router you are looking for.”

The problem is that the devices are set to automatically remember networks they’ve connected to in the past and it reconnects automatically when in range. “The security is in the way vendors implement it and all they care about is network name,” Kitchen said. The solution would be requiring a challenge and response protocol for authentication and encryption, he said. But the mobile device makers haven’t implemented that, probably because users would need to make a few more clicks to get on the network, he added.

Kitchen has a more ominous version of his WiFi Pineapple that resides in a simple aluminum box with a rechargeable lithium battery and magnets on the back so he can attach it to many surfaces in public spaces. He attached one on an ATM and an escalator. The box also could easily be designed to plug into a hidden wall outlet under a hotel hallway bench, for instance. “You could plug it into an outlet and remote-in over a 3G network and it can stay there forever,” he said.

Kitchen sells his WiFi Pineapple for $90, mostly to governments and security professionals that are hired by corporations to do penetration testing of their own networks as part of security audits.

Article source:

View full post on National Cyber Security » Computer Hacking

SXSW panel sparks over Big Data privacy concerns even without Google, Facebook

A Sunday afternoon panel designed to address head-on privacy concerns stemming from so-called “big data” collection sparked passions even though both Facebook and Google, whose privacy practices draw most consternation from critics, declined to participate, leaving no one to take the side of industry.

Moderator Molly Wood, the executive director of CBS Interactive, said Facebook didn’t feel it had any staff at SXSW who could speak on the issue. Google’s privacy counsel Will DeVries was scheduled to participate but bowed out, citing ongoing litigation with the privacy advocacy group Electronic Privacy Information Center, whose representative Lillie Coney was also on the panel.

Coney said that EPIC was not in litigation with Google, nor does it ever sue corporations. EPIC did recently sue the US Federal Trade Commission, pushing it to take action to block implementation of the company’s controversial consolidated privacy policy that took effect 1 March. EPIC lost that suit, although it could appeal to the Supreme Court.

Coney called Google’s apparent understanding of the action as legal action against the company as “a very strange way to take the regulatory process and the mechanisms that are available to civil society, or even individuals”.

Google did not respond to requests for comment.

Even without Google and Facebook in attendance, the panel was hard-fought as Coney and Jay Stanley, a senior policy analyst with the American Civil Liberties Union, battled Berin Szoka, president of the libertarian-leaning nonprofit TechFreedom, over whether the collection and increasingly sophisticated analysis of large amounts of user data for use in corporate marketing constitutes a real harm to consumers and whether government regulators should step in.

Szoka cited an “assumption in the privacy debate that it’s unusual that the doing of things precedes the figuring out what we should do about it, but that’s how the Internet works”. His approach is “sometimes derided as a patchwork approach”, he said, “But to me that’s a good approach. Government should get involved when there’s actual harm.”

Privacy advocates Coney and Stanley pointed to other industries, like the auto industry, to make the case that government should regulate practices that pose a clear risk. Coney said that if and when demonstrable harms to consumers come from big data, they, too, will be outsized, affecting thousands of people.

Stanley pointed to Gmail as an example. Calling it “the first step toward the application of artificial intelligence monitoring us,” he said, “It’s not that smart yet, so it’s not that scary. But as it gets smarter it will get scarier, when you get to artificial intelligence levels that approach humans and they’re still reading your mail.”

The audience appeared to side with privacy advocates. One questioner who identified himself as building social networking applications for the Apple platform said he feared harming his own customers. “If we can’t as an industry even defend passwords, how can we protect privacy?” he asked.

Article source:

View full post on National Cyber Security » Computer Hacking

SXSW: Hotspot Honeypot Hacker’s heaven

For a hacker, the thousands of Smartphone junkies Tweeting and checking in on Foursquare at South by Southwest are like a herd of lambs.

View full post on bank security hacker — Yahoo! News Search Results

View full post on National Cyber Security By Gregory D. Evans

Hacker For Hire By Gregory Evans

Gregory D. Evans On Facebook

Parent Securty By Gregory D. Evans

National Cyber Security By Gregory D. Evans

Dating Scams By Gregory Evans