Category Archives: Jeff moss

Feds plan to use SecureDrop as a vulnerability reporting portal

Posted on by

The U.S. government is experimenting with a secure and anonymous portal for reporting software vulnerabilities to encourage closer collaboration with ethical hackers. The initiative is a recognition of the lingering reluctance that some security researchers have felt in flagging bugs for federal officials, despite a longstanding program run by the Department of Homeland Security. The project would use SecureDrop, the open-source software that some news organizations rely on for anonymous tips, to submit vulnerability information. It is aimed at the tinkerers and hackers who, out of fear – whether founded or not – of legal repercussions, do not report the bugs they find. “We don’t know how many people are withholding [vulnerabilities]….or monetizing because they have no other avenue” to report them, said Jeff Moss, a backer of the project and the founder of the DEF CON hacking conference, where the initiative was announced Friday. The plan is for DEF […]

The post Feds plan to use SecureDrop as a vulnerability reporting portal appeared first on CyberScoop.

Continue reading Feds plan to use SecureDrop as a vulnerability reporting portal

DEF CON founder says there’s a ‘civil war’ at voting vendors over security

Posted on by

There is a “civil war’ going on at big U.S. voting-equipment vendors between employees who want to proactively address security vulnerabilities and those who stubbornly oppose doing that, according to DEF CON founder Jeff Moss. “Half the company wants to deny that there’s any problem and to do things on their own timescale and basically soldier on,” Moss said Thursday, while the other half typically includes “younger engineers who think this is a great opportunity to make a change” in how the company approaches cybersecurity. He spoke on Capitol Hill at the rollout of the DEF CON Voting Village report, which highlighted a decade-old vulnerability in a ballot-counting machine used in more than half the states. Moss, a cybersecurity expert and outside adviser to the Department of Homeland Security, told CyberScoop that the opposing impulses at voting-equipment vendors could force some engineers to leave the companies. Engineers who have reached […]

The post DEF CON founder says there’s a ‘civil war’ at voting vendors over security appeared first on Cyberscoop.

Continue reading DEF CON founder says there’s a ‘civil war’ at voting vendors over security

Krebs Given ISSA’s ‘President’s Award’

Posted on by

KrebsOnSecurity was honored this month with the 2017 President’s Award for Public Service from the Information Systems Security Association, a nonprofit organization for cybersecurity professionals. The award recognizes an individual’s contribution to the information security profession in the area of public service. Continue reading Krebs Given ISSA’s ‘President’s Award’

U.S. voting machines are easily hackable, DEF CON report says

Posted on by

A number of voting machines used in U.S. elections are easily hackable, a report from DEF CON, one of the world’s largest hacker conventions, found. The report is based on the Voting Village experiment at July’s DEF CON conference in Las Vegas. Over the course of four days, hackers were invited to explore and tinker with voting machines to expose their vulnerabilities. Hackers with physical access to the systems were able to compromise some of the machines within minutes. Over the course of the experiment, each of the two dozen machines was breached in some way, the report notes. The findings were presented by a panel of hackers and cybersecurity experts on an Atlantic Council panel on Tuesday, which included DEF CON founder Jeff Moss. “These machines were pretty easy to hack,” Moss said. “This flies in the face of the narrative that’s been spun by the manufacturers, which is […]

The post U.S. voting machines are easily hackable, DEF CON report says appeared first on Cyberscoop.

Continue reading U.S. voting machines are easily hackable, DEF CON report says