Within this city hall meeting, sign up for activists involved with CFAA reform initiatives to discuss how you can become involved in the general public debate close to CFAA reform and strategize regarding how to have probably the most impact.
Previously 18 months We now have witnessed a remarkable increase in exploration and presentations on the security of professional medical devices. While this brought A great deal needed consideration to The difficulty, it's also uncovered a substantial amount of misinformation. This converse will deal with Those people complicated and controversial subject areas. What’s the truth of patching a professional medical device? Could it be safe to operate anti-virus protection on them? You’ll determine Within this chat. This presentation will outline a framework on how vendors, buyers, and directors of medical devices can bring substantive modifications during the security of those devices.
Cuckoo Sandbox can be a commonly utilized open up-supply task for automated dynamic malware Examination. It takes destructive documents or URLs as input and offers both of those large-stage overview studies in addition to thorough API phone traces with the actions noticed inside a virtual equipment.
As a result, smart meters counting on wireless M-Bus and supporting remote disconnects are susceptible to become subject matter to an orchestrated remote disconnect which poses a critical threat on the grid.
Even though UART has existed Without end and is in fact usually employed by vulnerability scientists from the components Area, it has not been reviewed for a dedicated subject By itself. This communicate is intended to fill that hole. We'll deliver an summary of what UART is, the resources that exist to operate with it and supply samples of why a security researcher really should care.
With this talk, We'll promptly address architecture and system overviews, then dive into exploitation eventualities with techniques to assault Harvard architecture systems and code security implementations.
Many of these statistical analyses are defective or just pure hogwash. They use the conveniently-accessible, but significantly misunderstood information to craft irrelevant concerns determined by wild assumptions, even though hardly ever working out (or maybe asking us about) the constraints of the information.
This speak will deal with the security of wireless implantable health-related devices. I will examine how these devices run and connect as well as security shortcomings of the present protocols.
We then spotlight the very best 5 vulnerability types seen in ZDI researcher submissions that influence these JRE parts and emphasize their the latest historical significance. The presentation continues using an in-depth have a look at particular weaknesses in quite a few Java sub-components, which include vulnerability details and examples of how the vulnerabilities manifest and what vulnerability researchers need to try to find when auditing the part. Eventually, we focus on how attackers commonly leverage weaknesses in Java. We give attention to certain vulnerability types attackers and exploit kits authors are working with and what They can be executing beyond the vulnerability alone to compromise machines. We conclude with information to the vulnerabilities which were made use of During this 12 months's Pwn2Own Opposition and review steps Oracle has taken to deal with modern troubles uncovered in Java.
Utilities have started to introduce new find out here discipline device engineering - smart meters. As the title indicates, smart meters do aid a lot of far more use cases than any aged common electrical energy meter did. Not only does The brand new technology of meters help high-quality granular remote details looking at, but What's more, it facilitates remote load Manage or remote software updates.
Electric power Investigation assaults current a devious means of cracking cryptographic systems. But thinking about papers released In this particular area demonstrate That always the equipment made use of is rather high priced: the typical oscilloscope utilized normally has a minimum of a one GSPS sampling charge, and after that various probes and amplifiers also add to this Expense. What is a poor researcher to perform devoid of such resources? This presentation will give an in depth description of tips on how to set up a power Examination lab for the several hundred bucks, a single that provides adequate overall performance to attack true devices.
42 MHz (Europe) and 908.42MHz (U . s .) frequencies designed for reduced-bandwidth facts communications in embedded devices for example security sensors, alarms and home automation Command panels. Not like Zigbee, no general public security investigate on Z-Wave protocol was out link there right before our operate. Z-wave protocol was only mentioned when throughout a DefCon 2011 converse in the event the presenter pointed the potential of capturing the AES essential Trade period without an indication.
Past but not least We are going to settle no matter whether BlackBerry Stability genuinely holds what it promises: are cell devices definitely wanting to securely different vital organization information from Offended Birds?
This discuss will also examine strategies to bypass what (meager) security protections exist and put forth quite a few worst situation scenarios (TV worm any one?).