Black Hat and Def Con Debrief – August 9th & 10th, 2018

Black Hat News from August 9th:

IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships
Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network – and other findings – at Black Hat USA today. Continue reading on DarkReading.com.

Black Hat Researcher Shows Why Air Gaps Won’t Protect Your Data
Got a secret? Put it behind an air gap by disconnecting your computer from the internet. That works, right? At Black Hat, a researcher showed off years of work proving that concept wrong. Continue reading on PCMag.com.

Black Hat: Google Chief Says Stop Playing Security Whack-A-Mole
During the 2018 Black Hat keynote, Google’s ‘Security Princess’ and Director of Engineering Parisa Tabriz urged attendees to toss out the status quo and focus on real problems. Continue reading on PCMag.com.

F5 Details Cellular Gateway IoT Flaws at Black Hat
LAS VEGAS—Cellular gateways are leaking information that could be exposing critical infrastructure to risk. That’s the conclusion of Justin Shattuck, principal threat researcher for F5 Labs, who talked about the issue of cellular gateway flaws for internet of things (IoT) in a session at Black Hat USA here on Aug .9. Continue reading on eweek.com.

Plaintiff Lawyer in Jeep Cyber-Vulnerability Case Predicts ‘Explosion’ in IoT Litigation
LAS VEGAS. The lead attorney in the Internet of Things-based lawsuit against Jeep had a stark warning for device makers and others gathered here, saying the conditions are right for an “explosion” in IoT-related litigation and that companies need to quickly re-evaluate the cybersecurity of their web-connected products. Continue reading on InsideCybersecurity.com.  [Subscription Required]

Panel: Still No Sense of Consequence for Violating Cyber ‘Norms’ of Behavior
LAS VEGAS. A leading scholar and former senior government officials agreed on the value and utility of international cybersecurity norms of behavior during a panel here – and also that the United States has failed to demonstrate that cyber aggressors will pay a serious price for violating such standards. Continue reading on InsideCybersecurity.com.  [Subscription Required]

Def Con News for August 10th:

Friday & Weekend Schedule: https://www.defcon.org/html/defcon-26/dc-26-schedule.html#Friday

IoT Village Schedule: https://iotvillage.org/#dc26_schedule

First in MC: New Election Security Bill Arrives in House
DEF CON 1 VS. DEF CON 5 TODAY — Conditions are ripe for DEF CON’s Voting Village — which kicks off today — to be a friendly event, or the opposite. One day in advance, the National Association of Secretaries of State launched a broadside against what it considered to be “unrealistic” aspects of DEF CON’s simulated election, set up for hackers to probe. DEF CON mounted a defense that the event was more realistic than the association suggested, and that the organizers were happy to make it more realistic still with the association’s help. One Hill source said the association has become a problem. “NASS has in recent months really shifted to doing the bidding of the vendors. It’s really unhelpful,” the source told MC. The association “keeps advocating for watering down any legislative response.” At least one voting machine vendor fired shots at DEF CON. Continue reading on Politico.com.

First Look at Def Con 26 Official Badge
To the delight of everyone, this year’s official DEF CON badge is an electronic badge chock full of entertainment. Of course there is blinky, the board is artistic, and everyone hopefully maybe gets one (it’s rumored 27,000+ were manufactured) if they don’t run out. But the badge contest at DEF CON is legendary — solve all the puzzles you are awarded the coveted black badge. Continue reading on Hackaday.com.