"The email this morning wasn an abuse of functionality by a volunteer who has been spoken to."Īnd in a first, Apple is hosting a talk at Black Hat to discuss security for its iOS mobile operating system. "We have reviewed the server logs, we know the user, host, and have spoken with the volunteer who has emailed each of you this morning," Trey Ford, general manager of Black Hat, wrote in a blog post, without saying exactly why it happened. The message asked recipients to confirm a new password that supposedly had been requested and directed them to a dicey-looking URL. One of their volunteers sent 7,500 attendees a suspicious e-mail that appeared to be a phishing scam. Oh, and there's some stuff for us big kids too.ĭefcon, which turns 20 this year, runs Friday through Sunday, following the more corporate Black Hat conference, the newsy parts of which are tomorrow and Thursday.īlack Hat organizers had a rocky start to their week with a security issue of their own. But if you want them to learn some skills, know their digital rights and have some fun, I can't think of any place better. Contestants are banned from contacting their target directly via email or phone, and they get points for information gathered.LAS VEGAS - You might not think that a hacker conference in Sin City in the summer is the best place to take the kids. Participants will be permitted to gather preliminary information about the company from the Web, using Google searches and other passive techniques. Prior to the conference, participants will receive an email with the name and URL of a target company. The social engineering contest will borrow elements from the convention's traditional computer-based CTF tournaments, but with a few variations. They're raw tests of caffeine-induced brilliance against formidable foes, and they take days to complete and win. Witness: is partnering with Defcon to present spotlight social-engineering techniques in the form a new capture-the-flag (CTF)-style contest.ĬTF hacking tournaments have long been a staple at Defcon, with teams working against each other both to protect their systems from attack and to penetrate the systems of opposing teams. The potency of social engineering has garnered new respect in the hacker world. However, social engineering was a critical - but overlooked - component in those attacks: Attackers targeted high-level employees with malicious Web links that provided an entry for the attackers' malware and remote administration tools. Much of the press coverage of the Aurora attack focused on the IE vulnerability used to gain access to systems in Google, Adobe, and other companies, as well as the Hydraq Trojan that siphoned data from them. These days, we hear lots about the centrality of social engineering in advanced attacks by what we at The 451 Group calls "adaptive persistent adversaries." These were the kinds of attacks leveraged at more than 100 Western firms in the so-called Aurora attacks. The term itself is a big one, encompassing targeted surveillance and information-gathering techniques that early hacking stars such as Kevin Mitnick mastered (and went on to write about), down to the ubiquitous phishing and spam email message. Social engineering has enjoying an increasingly effective and prominent role in effective online attacks. Social engineering has evidently earned a new level of respect from hacker community: For the first time, this year's Defcon gathering in Las Vegas will feature a contest in which participants will compete to gather nuggets of information from unsuspecting target companies - over the telephone instead of the Internet.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |