Events Related
- The Security Summer Camp Talks I Want To See… – jerrygamblin.com
I took some time tonight and read through the Security Summer Camp (BSidesLV, Blackhat and Defcon) schedules and picked the talks from this year that I think will be the best and that I do not want to miss.
- BlackHat/Def Con/BSides Talk Picks for 2016 – room362.com
Each year I make up a list the week before Blackhat and Def Con of talks that I “can’t miss” and some that I want to see (and use it for video watching afterwards for those I missed). This year I thought I would share that list here. I will be breaking them down by each day of the events by time slot.
Resources
- NIST SP 800-183: Network of Things – firmwaresecurity.com
System primitives allow formalisms, reasoning, simulations, and reliability and security risk-tradeoffs to be formulated and argued. In this work, five core primitives belonging to most distributed systems are presented. These primitives apply well to systems with large amounts of data, scalability concerns, heterogeneity concerns, temporal concerns, and elements of unknown pedigree with possible nefarious intent.
Techniques
- Reverse Engineering the TP-Link HS110 – www.softscheck.com
The TP-Link HS110 Wi-Fi is a cloud-enabled power plug that can be turned on and off remotely via app and offers energy monitoring and scheduling capabilities. As part of ongoing research into Internet of Things security, we performed a security analysis by reverse engineering the device firmware and Android app, sniffing app-to-device and device-to-app communications and fuzzing the proprietary protocols being used.
Vulnerabilities
- Wireless Keyboard Vulnerability
KeySniffer is a set of security vulnerabilities affecting non-Bluetooth wireless keyboards from eight vendors. The wireless keyboards susceptible to KeySniffer use unencrypted radio communication protocols, enabling an attacker to eavesdrop on all the keystrokes typed by the victim from several hundred feet away using less than $100 of equipment.- Wireless Keyboard Sniffing and Injection – www.keysniffer.net
- ‘MouseJack’ Researchers Uncover Major Wireless Keyboard Vulnerability – www.darkreading.com
Other News
- NIST declares the age of SMS-based 2-factor authentication over – techcrunch.com
2-factor authentication is a great thing to have, and more and more services are making it a standard feature. But one of the go-to methods for sending 2FA notifications, SMS, is being left in the dust by the National Institute of Standards and Technology.
[…] post Week 31 In Review – 2016 appeared first on Infosec […]