DEF CON 2019 – WindowsTechs.com

Voting Village brings equipment to lawmakers to boost urgency on election security

Posted on October 29, 2019 by Sean Lyngaas

A year from the 2020 election and with a new round of election security funding stalled in Congress, the DEF CON Voting Village organizers have again taken to Capitol Hill to raise awareness about software vulnerabilities in voting equipment. This time, they brought the equipment with them to drive home their point. “If we’re going to meaningfully introduce funding or introduce new technologies for 2020, time is rapidly running out to be able to do that,” Matt Blaze, a professor at Georgetown University and co-organizer of the Voting Village, told CyberScoop. “We need to act pretty fast.” A handful of House Democrats and their staffers sauntered up to equipment on display, including a ballot-marking device and an electronic voting machine, to ask the researchers about the software bugs they found. “This is really helpful in understanding that these aren’t just abstract problems, that these are real things,” Blaze, an expert […]

The post Voting Village brings equipment to lawmakers to boost urgency on election security appeared first on CyberScoop.

Continue reading Voting Village brings equipment to lawmakers to boost urgency on election security→

DEF CON Voting Village report explores vulnerabilities in ballot-marking devices, calls for paper-based audits

Posted on September 26, 2019 by Sean Lyngaas

After finding security weaknesses in two ballot-marking devices at this year’s DEF CON Voting Village, researchers are calling for “more comprehensive studies” of equipment that is increasingly a part of the voter experience. The findings come as states consider the security advantages of election systems that create a paper trail. Ballot-marking devices, or BMDs for short, allow voters to mark their choices on a screen and then print them out. The paper ballots are then counted by hand or scanned by a separate machine. “The security implications of ballot marking devices should be studied more,” researchers said in the 2019 Voting Village report, which sums up more than two days of hacking and tinkering at a Las Vegas casino in August. “Current and proposed next-generation ballot marking devices have not been designed with security considerations in mind,” they argued. The researchers say that data stored by the two BMDs they studied could […]

The post DEF CON Voting Village report explores vulnerabilities in ballot-marking devices, calls for paper-based audits appeared first on CyberScoop.

Continue reading DEF CON Voting Village report explores vulnerabilities in ballot-marking devices, calls for paper-based audits→

Hacked devices can be turned into acoustic weapons

Posted on August 13, 2019 by Lisa Vaas

Security researcher Matt Wixey found that many gadgets aren’t protected from being turned into hearing-damaging weapons. Or melting. Continue reading Hacked devices can be turned into acoustic weapons→

DEF CON Voting Village matures as industry keeps its distance

Posted on August 12, 2019 by Sean Lyngaas

The third annual Voting Village at the DEF CON hacking conference was a little different than years past. There were more machines to play with and more election personnel wandering around. And nobody publicly cursed out state officials or vendors. Attendees seemed buoyed by the fact that they were helping secure the 2020 election, which U.S. officials warn will again draw foreign interference attempts. “We have more people who are comfortable, immediately wanting to rip things apart and see how they work,” cryptologist Matt Blaze said with satisfaction. He was taking a rest in the corner of the village — a room in Las Vegas’ Planet Hollywood hotel littered with voting equipment — from the exertions of helping organize the gathering. “We don’t care if you break anything, as long as you’re doing it in an interesting way,” Blaze, a professor at Georgetown University, told CyberScoop. Across the room was Stephen Crane, […]

The post DEF CON Voting Village matures as industry keeps its distance appeared first on CyberScoop.

Continue reading DEF CON Voting Village matures as industry keeps its distance→

DEF CON 2019: New Class of SQLite Exploits Open Door to iPhone Hack

Posted on August 10, 2019 by Tom Spring

Researchers exploit a SQLite memory corruption issue outside of a browser. Continue reading DEF CON 2019: New Class of SQLite Exploits Open Door to iPhone Hack→

DEF CON 2019: MacOS Gets a Malware Beatdown in Attack Demo

Posted on August 10, 2019 by Tom Spring

Patrick Wardle proves that signature-based anti-malware protection on Macs is woefully inadequate when fending off modern attacks. Continue reading DEF CON 2019: MacOS Gets a Malware Beatdown in Attack Demo→

Feds plan to use SecureDrop as a vulnerability reporting portal

Posted on August 9, 2019 by Sean Lyngaas

The U.S. government is experimenting with a secure and anonymous portal for reporting software vulnerabilities to encourage closer collaboration with ethical hackers. The initiative is a recognition of the lingering reluctance that some security researchers have felt in flagging bugs for federal officials, despite a longstanding program run by the Department of Homeland Security. The project would use SecureDrop, the open-source software that some news organizations rely on for anonymous tips, to submit vulnerability information. It is aimed at the tinkerers and hackers who, out of fear – whether founded or not – of legal repercussions, do not report the bugs they find. “We don’t know how many people are withholding [vulnerabilities]….or monetizing because they have no other avenue” to report them, said Jeff Moss, a backer of the project and the founder of the DEF CON hacking conference, where the initiative was announced Friday. The plan is for DEF […]

The post Feds plan to use SecureDrop as a vulnerability reporting portal appeared first on CyberScoop.

Continue reading Feds plan to use SecureDrop as a vulnerability reporting portal→

DEF CON 2019: Delta ICS Flaw Allows Total Industrial Takeover

Posted on August 9, 2019 by Tara Seals

The bug exists in a controller that oversees HVAC, lighting, sensor and alarm systems, to name a few. Continue reading DEF CON 2019: Delta ICS Flaw Allows Total Industrial Takeover→

At DEF CON’s aviation village, the military is interested in more than just the hacks

Posted on August 9, 2019 by Shannon Vavra

The first-ever aviation “village” at the DEF CON security conference has an F-35 fighter jet simulator among its hacking targets, but that’s not the only reason the Defense Digital Service’s newly minted chief, Brett Goldstein, is hanging around this corner of the convention hall in Las Vegas. The agency sees it as a recruiting opportunity, too. “In this room and throughout the convention is some of the best security talent in the world,” Goldstein tells CyberScoop. “This is a win for me if I can spark the imagination of this community, get them to understand we want to collaborate with them, that the problem space is fascinating, and this is something they should think about.” Right now the DDS, which ran its first bug bounty program in 2016, has approximately 70 employees, some of which are civilians and some of which are active-duty military. But they rotate in and out approximately […]

The post At DEF CON’s aviation village, the military is interested in more than just the hacks appeared first on CyberScoop.

Continue reading At DEF CON’s aviation village, the military is interested in more than just the hacks→

DEF CON 2019: 35 Bugs in Office Printers Offer Hackers an Open Door

Posted on August 8, 2019 by Tara Seals

A raft of bugs in six popular models can allow a hacker to wreak havoc on a corporate network. Continue reading DEF CON 2019: 35 Bugs in Office Printers Offer Hackers an Open Door→