Capture the Flag: A DEFCON tradition, the annual Capture the Flag (CTF) competition pits some of the world’s best teams of hackers against each other in an epic struggle for supremacy (and bragging rights). This shot is from the Open CTF tournament – an “all comers welcome” alternative to the official CTF, which teams must qualify for through a series of elimination rounds.
NSS researcher Dillon Beresford continued his research into the security of SCADA and industrial control systems with a talk on vulnerabilities in Siemens Step 7 programmable logic controllers.
Carnegie Mellon University researcher Alessandro Acquisti spoke at Black Hat on the “Faces of Facebook,” in which he discussed research showing how facial recognition software can be used to unite disparate silos of public and private data online, creating a comprehensive, Minority Report-style identity profile that’s linked to an individual’s appearance.
Google’s new Chrome OS might not be running many devices out there on the ‘net, but that doesn’t mean it’s not fair game for hackers. How vulnerable is it to attack? That was the subject of Matt Johansen and Kyle Osborn’s “Hacking Google Chrome OS” at Black Hat on Wednesday.Read more: Researchers: Square Card Reader Provides Straight Line to Illicit Cash?
Richard Thieme, the Obi-Wan Kenobi of the security community holds forth during his Black Hat talk:
“Staring into the Abyss: The Dark Side of Security and Professional
Intelligence.” Thieme, an IT security consultant and published author, had a
tough message, telling them that the world is “grey. Nothing is as binary as
our code, which is hackable.”
It just keeps getting bigger – with all the news about stealthy cyber attacks on U.S. corporations and the government, it should be no surprise that both Black Hat and DEFCON had record attendance again this year. Among the notables: organizers at DEFCON running through their allotment of 10,000 coveted “human” attendee badges in a matter of hours on Friday, the first day of the show.
If you access Google+ using your Android phone, photos and videos you take are automatically uploaded to Google’s cloud via a new tool called Instant Upload. Don’t worry – photos aren’t shared by default, but are stored on a private Picasa Web folder for future sharing. Instant Upload is a fine idea – for a minority of users – but its enabled by default and may take a lot of new G+ users unaware.
If you are affiliated with other websites — if you have a blog, are on Facebook, tweet on Twitter, or have a Tumblr account — then the Google+ “Links” feature is a great way to consolidate your life online that can also impact (or impair) your online privacy. When adding sites to your “Links,” you can elect to make the link “public,” associating it with your Google+ profile, or keeping the link private. You can also use the Circles feature to limit access to your Links. For example, allowing only your friends to see your Links, but not your colleagues.
If you want to hide behind a fake name, don’t count on Google+ to be your “phony me” social network. As Threatpost has reported, the new social network doesn’t truck with fake identities – a position that’s quite similar to the one taken by Facebook. The company has also taken a hard stand on groups, like the hacking collective Anonymous, that hoped to use Google+ to reach people.
The +1 feature is Google’s answer to Facebook’s “Like” button. As with the Facebook “Like” feature, if you click the “+1” button for an article you like from another website, Google+ will post that link to your stream. Unlike Facebook, Google+ makes it easy to control who will see that link depending. As with many security and privacy issues, it all comes back to your circles – who’s in them and which circles you decide to share +1 links with. Pay attention to how your “+1” votes are being published and think twice before allowing one to go to all your followers (Google+’s default).
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
