Attacking Proximity Card Access Systems by Brad Antoniewicz at ShmooCon 2012
From the card to the backend database, proximity card access systems contain a variety of components, all which are vulnerable to attack but have been rarely targeted. This demo-driven presentation explores and attacks each of the various components (RFID tags, controllers, and backend systems) of a popular deployment configuration.
Brad Antoniewicz works in Foundstone’s security research division to uncover flaws in popular technologies. He is a contributing author to both the Hacking Exposed and Hacking Exposed: Wireless series of books and has authored various internal/external Foundstone tools, whitepapers, and methodologies.
School Bullying Outbreak
An interesting infographic by Sarah Fudin of Master of Arts in Teaching at USC (MAT@USC) discussing the bullying and cyberbullying outbreak at schools. You can learn more about Sarah here.
To create bully-free classrooms, it’s necessary that we educate teachers, students and parents about the prevalence and consequences of it. We all believe a school should be a safe place for the children, a place where they can learn without fear or apprehension.
In accordance with Bullying Awareness Week, which took place just about a month ago, and its theme — “Stand Up!” (to bullying) — we created this infographic, “School Bullying Outbreak,” with facts about the methods, consequences and preventative measures related to bullies and bullied victims in schools. It’s important to fight for bully-free school environments, so please share this infographic as part of your educational outreach and campaigns focused on bullying awareness. Help us spread this important message!
Via MAT@USC: Masters in Teaching
Shannon Morse of Hak5 Demonstrate and Talks about the new WiFi Honeypot at ShmooCon 2012
Simply put, when your computer turns on, the wireless radio sends out probe requests. These requests say “Is such-and-such wireless network around?” The WiFi Pineapple Mark IV, powered by Jasager — German for “The Yes Man” — replies to these requests to say “Sure, I’m such-and-such wireless access point – let’s get you online!”
And with the newly improved Pineapple Mark IV web interface, gathering interesting packets, spoofing DNS, watching web traffic and more is just a click away.
Learn more about Hak5 and their products here.
Dave Porcello, CEO and Technical Lead of Pwnie Express Talks about the Pwn Plug at ShmooCon 2012
Information security leaders need powerful, nimble, and cost-effective solutions to defend against today’s continually evolving cyber security landscape.
Pwnie Express delivers the bleeding-edge cyber security platforms and solutions required to meet this challenge.
Our initial hardware offering, the Pwn Plug, is the first-to-market commercial penetration testing drop box platform. This low-cost plug-and-play device is designed for remote security testing of corporate facilities, including branch offices and retail locations. A security professional or service provider can ship this device to a corporate facility and conduct a security test over the Internet without travel expenses. The Pwn Plug includes a full security auditing software suite and provides covert remote access over Ethernet, wireless, and 3G/GSM cell networks. In the mobile space, Pwnie Express has also developed the most comprehensive commercial security suite for the Nokia N900 mobile platform.
Learn more at PwnieExpress.com
HackersforCharity.org’s Johnny Long Interviewed at ShmooCon 2012
We had the opportunity to interview Johnny Long of HackersforCharity.org on the final day of ShmooCon 2012.
Hackers for Charity is a non-profit organization that leverages the skills of technologists. They solve technology challenges for various non-profits and provide food, equipment, job training and computer education to the world’s poorest citizens.
Learn more at www.hackersforcharity.org
White House Presses For New Cybersecurity Laws
White House Presses For New Cybersecurity Laws
The White House is urging Congress to pass President Obama’s cybersecurity legislation in 2012 to give officials the authority they need to combat “growing and increasingly sophisticated cyberthreats,” according to the leading U.S. cybersecurity official.
White House Cybersecurity Coordinator Howard Schmidt called for legislators to “modernize” outdated laws surrounding cybersecurity by supporting the broad legislative proposal President Obama sent to Congress in May, according to a White House blog post.
http://www.informationweek.com/news/government/security/232500639
Push on for Comprehensive Infosec Bill
The White House wants Congress to enact comprehensive cybersecurity legislation this year, favoring an approach taken by the Democratic-led Senate than a more piecemeal path backed by the Republican-controlled House of Representatives.
In a blog posted as a follow up to President Obama’s State of the Union address on Wednesday, in which the chief executive spoke of the need for legislative action to battle cyberthreats (see The State of the Union’s Cybersecurity), White House Cybersecurity Coordinator Howard Schmidt wrote that the administration’s legislative proposals would move the nation toward accomplishing its cybersecurity goals.
http://www.govinfosecurity.com/blogs.php?postID=1178
Cybersecurity Disaster Seen in U.S. Survey Detecting Insufficient Spending
Companies including utilities, banks and phone carriers would have to spend almost nine times more on cybersecurity to prevent a digital Pearl Harbor from plunging millions into darkness, paralyzing the financial system or cutting communications, a Bloomberg Government study found.
Spies, criminals and hacker-activists are stepping up assaults on U.S. government and corporate systems, spurring efforts by Congress and President Barack Obama to shield infrastructure essential to U.S. national and economic security, such as power grids and water-treatment plants.
Rockefeller presses Congress to pass cybersecurity legislation
Rockefeller has worked with Senate Homeland Security chairman Joe Lieberman (I-Conn.) and ranking member Susan Collins (R-Maine) to craft a bipartisan compromise that would task the Department of Homeland Security with ensuring critical infrastructure firms take measures to safeguard their networks.
“The threat posed by cyber-attacks is greater than ever, and it’s a threat not just to companies like Sony or Google but also to the nation’s infrastructure and the government itself,” Rockefeller said at a Senate Intelligence Committee hearing.
