SecuraBit

Before It Bytes!

Press Release: The BSides Las Vegas Innovation Challenge

Aka “The Science Fair”

Produced by: A.P. Delchi

OVERVIEW: 

Remember the heady days of the science fair? Demo parties? People coming together to show off the amazing bits of awesome that they had made in their basement? It’s time to revive this tradition and bring it to the modern day security conference. From an open call to the world, twelve teams representing hackerspaces and maker groups will be selected to come to Las Vegas to compete in four categories in front of a panel of  judges to demonstrate what they have accomplished. Awards will be based on cash and hardware provided by sponsors and donations from across the industry. 

THE CHALLENGE: 

Get your hackerspace, maker group, or team of friends who tinker in your basement and prepare your best projects and innovations to be presented to the BSides Las Vegas conference. This is an open call to groups that have established themselves, or are up and coming and ready to amaze the world. Submission methods are up to the group, but videos, pictures and live demonstrations are suggested. The call for submissions will be seeking entries for the following categories: 

Category One: Things that make things.

Did your group build a 3D printer, laser cutter, CNC device or some other piece of awesome that helps you make other things? What did you do with it after you built it? For example some folks have built 3D printers and used them to fabricate parts from skateboard wheels to carrying cases. Show us what you built, and what you built with it!

Category Two: Biohacking

Has your group experimented in gene splicing, implants, aeroponics, automated hydroponics, biofuels or other such biologically inspired projects? Bring your beakers and your Jacobs ladders to the people who rarely hear about such things. Innovations such as a kit to test food to see if it contains GMOs, Innovative home farming methods using automation and chemistry are what we are after.

Category Three: Vehicles

Get out of the garage and in front of the people! Have you turned your ordinary car into a hackmobile? Converted an old school bus into a rolling data center? Does your car have more storage space than your home computer? We are talking more than just thumpy bumpy sound systems – we want to see your home made Batmobile. Atomic engines to power! Nessus scanners active, rolling Wi-Fi hotspots activated! Make it so!

Category Four: Demos

From the good ‘ol days of demo parties, show us what you’ve got! You will have your moment on stage to display your awesome. Remember the talent show scene from Revenge of the Nerds? We now have EL wire and wearable MIDI. Take us on a magic carpet ride of awesome that shows what your team can do. Unlike the other categories, you will perform at the awards party and no one will know until it’s over who will win this category. Clap your hands everybody, and everybody clap your hands!
 
Open submissions start NOW. Submissions can be anything from photographs, videos, live streaming or wherever your imagination takes you. send your YouTube links or other submissions to: [email protected]
 
Six months out from the event a panel of judges will select three submissions from each category for a total of twelve groups who will be invited to come to BSides Las Vegas and make their presentations. From there a second panel of judges hand-picked from the old , new, and weird school will judge the submissions with the winners being announced at an open party during the conference. 

THE PRIZES: 

Prize packages will be determined based on sponsor and donor contributions. At this time hundreds of trained squirrels are working to contact potential sponsors and contributors to make the rewards the best we can muster. As this develops we will keep you updated. 
 
In each of the four categories, the prizes will be : 
  • 1st place : Amazing package of stuff and things, to further your awesome and make your innovations come true. 
  • 2nd place : A not as amazing as first place but still enough to give you toys to take back and build, innovate and make things happen.
  • 3rd place: Guaranteed entry into the competition next year without having to go through preliminary judging. 
Prizes for the first three categories will be awarded at an awards party to be held after judging. The demo competition and awards will happen as part of that party. Plans for live bands, DJ’s and sponsor demonstrations are in the works!

SPONSORS & DONORS: 

Does the idea of a show of awesome and supporting hackerspaces & maker group innovation make you feel warm and fuzzy inside? Do you want to donate hardware from your company, or sponsor the event in other ways?  Let us know! We will be reaching out in every way we can to ensure that the sponsors and donors as well as the participants are recognized in the forward march of human driven innovation. Security BSides Las Vegas, Inc. is a registered Nevada non-profit educational and charitable organization and the contest organizers are ready to work with you to help make this an amazing competition. 

NOW GET OUT THERE AND START BUILDING!

Black Hat USA 2012 Google Calendar

You asked, and we delivered. We’ve created a Google Calendar for the events at Black Hat USA 2012 – The Briefings, Arsenal, and Executive Briefings.

Each calendar entry contains the full talk description if available.

Here are the links:

HTML Calendar (Opens in Browser)

iCal Version (For importing to devices/iCal/GCal)

XML Version (If That’s Your Thing)

Source document:

Black Hat USA 2012 Schedules

And don’t forget to check out the BSidesLV and DEFCON calendar.

-ChrisAM / @TheChrisAM

ChrisAM’s Picks for BSidesLV and DEFCON Talks 2012

On tonight’s show we will be talking about our choices for talks this year at BSidesLV and DEFCON.

It was very difficult to pick only one talk per time slot. My picks below are of interest to me personally. I do not mean to imply that one topic or speaker is better than any other, but we all have to make a decision for each hour of the conferences. You’ll notice that I am more interested in security policy, incident response, and network defense rather than reverse engineering, and exploitation.

(I will update this post later for continuity and with direct links to each talk description)

BSidesLV:

Wednesday
1100: Ambush – Catching Intruders at Any PointMatt Weeks
1200: When Devices Rat Us OutKen Westin
1400: Big Data’s Fourth V: Or Why We’ll Never Find The Loch Ness MonsterDavi Ottenheimer
1500: Why have we not fixed the ID problemDallas
1600: Shot with your own gun – how appliances are used against youChristopher Campbell
1700: Mirror Mirror – Reflected PDF Attacks using SQL injectionShawn Asmus
1800: Sexy DefenseIan Amit

Thursday
1000: Mainframed – The forgotten FortressPhil Young
1100: Metrics that suck even lessWalt Williams
1200: The leverage of language, or, How I realized Information Theory could save information securityConrad Constantine
1400: The Magic of Symbiotic Security – Creating an ecosystem of security systemsJosh Sokol & Dan Cornell
1500: Lightning Talks
1600: Lightning Talks
1700: Lightning Talks
1800: IPv6 Panel / Drinking Game

Defcon:
Friday
1000: The Christopher Columbus Rule and DHS – Mark Weatherford
1100: Socialized Data: Using social media as a cyber mule – Thor
1200: Not so super notes: How well does US dollar prevent counterfeiting? AND The open cyber challenge platform project
1300: How to Channel Your Inner Henry Rollins – Jayson E. Street AND Bad (and sometimes Good) Tech Policy: It’s not just a DC thing
1400: Changing the security paradigm: taking back your network and bringing pain to the adversary – Shawn Henry
1500: An Inside Look into Defense Industrial Base (DIB) technical security controls: How Private Industry protects our Country’s Secrets – James Kirk
1600: Bypassing Endpoint Security for $20 or Less – Phil Polstra
1700: Anti-Forensics and Anti-Anti-Forensics: Mitigating Techniques for Digital-Forensic Investigations – Michael Perklin

Saturday:
1000: World War 3.0: Chaos, Control & the Battle for the Net – Corman, Kaminsky, Moss, Beckstrom, Gross
1100: Hacking Humanity: Human Augmentation and You – Christian Dameff, Jeff Tully
1200: Botnets Die Hard – Owned and Operated – Aditya Sood, Richard Enbody
1300: The End of the PSTN As You Know It – Jason Ostrom, Karl Feinauer, William Borskey
1400: <ghz or bust: DEF CON – ATLAS
1500: Exchanging Demands – Peter Hannay
1600: Connected Chaos: Evolving the DCG/Hackspace Communication Landscape – Blackdayz, Anarchy Angel, Anch, Dave Marcus, Nick Farr
1700: The DCWG Debriefing – How the FBI Grabbed a Bot and Saved the Internet – Paul Vixie, Andrew Fried

Sunday:
1000: OPFOR 4Ever – Tim Maletic, Christopher Pogue
1100: KinectasploitV2: Kinect Meets 20 Security Tools – Jeff Bryner
1200: Looking Into The Eye Of The Meter – Cutaway
1300: DC RECOGNIZE Awards – Jeff Moss, Jericho, Russ Rogers
1400: Can Twitter Really Help Expose Psychopath Killers’ Traits? – Chris Sumner, Randal Wald
1500: Sploitego – Maltego’s (Local) Partner in Crime – Nadeeom Douba
1600: How to Hack All the Transport Networks of a Country – Alberto Garcia Illera

DEFCON 20 and BSidesLV Google Calendar

I made a Google Calendar with the DEFCON Talks, BSides Talks, as well as the entertainment lineup for DEFCON. I hope you find it useful. I wanted to get the calendar easily on my phone and set reminders for talks I want to see. Please let me know of any corrections that are needed.

Each calendar entry includes the full talk description if available.

Here are the links:

HTML Calendar (Opens in browser)

iCal Version (For importing to devices/iCal/GCal)

XML Version (If that’s your thing)

And the source documents:

DEFCON Schedule

DEFCON Speakers

BSidesLV Schedule

UPDATE (7/19): We’ve created a Google Calendar for the Black Hat USA 2012 schedule.

-ChrisAM / @TheChrisAM

We Dont Suck! (As Much Anymore)

Allow me to direct your attention over to Geordy Rostad’s blog for just a minute. His recent post over at notanon.com gives in my opinion, a very fair & accurate review of Episode 67 and SecuraBit as a whole. Geordy notes how we’ve evolved from our earlier “SecuraBeer”-type shows to deliver topics & guests that add value to the listening experience.

This progression is evident when listening to past shows in contrast to our latest releases. The podcast has grown & changed as we the hosts have grown and changed ourselves. When we released our first episode on May 3, 2008, we were fresh out of the Navy serving together at the same location. We thought we could do anything and say anything. This was evident in our content. Fast-forward about 2 and a half years and now you have a podcast hosted by still edgy, yet tempered hosts.

Going out on our own to Corporate America, civilian government, and government/military contracting has rounded us out. Nine-to-five life in a professional setting expanded our horizons as to what an audience expects and wants to hear. Who would have thought that anyone would want to listen to this podcast in an office environment?

All that being said, thank you, Geordy for the review.

Geordy Rostad’s site is http://www.notanon.com/ and his Twitter account is http://twitter.com/grostad

Show Notice: KrebsOnSecuraBit – Interviewing @briankrebs 10 Mar

On March 10th around 8PM EST, Brian Krebs (http://www.krebsonsecurity.com) will be joining us on the podcast to talk about online crime, threats, security and other topics.

Join us on the 10th to hear and participate in this interview.

Live Stream: http://radio.packetsense.net:8000/listen.m3u

IRC Chat: irc://irc.freenode.net/securabit

About Brian Krebs: http://www.krebsonsecurity.com/about/

SecuraBit Episode 35: Content, what content? Oh, THAT content!!!

Facebook privacy settings are getting simplified.
Michal Jackson causes google to trip thinking they had a DOS attack in progress, followed by spam assaults, and all the joke emails.
Slowloris DOS the show stream.
We discuss OSSEC with Andrew Hay.

Join us in IRC at irc.freenode.net #securabit

Next live recording is July 15, 2009 at 8pm EDT.

Hosts:

Andrew Borel – @andrew_secbit
Anthony Gartner ñ http://www.anthonygartner.com ñ @anthonygartner
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Christopher Mills – http://www.packetsense.net – @thechrisam
Rob Fuller – Mubix – http://room362.com – @Mubix

Guest(s):

Wesley McGrew – http://www.mcgrewsecurity.com/ – @mcgrewsecurity
Andrew Hay – http://www.andrewhay.ca/ – @andrewsmhay

Links:

http://serverfault.com/questions/32361/how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-server
http://www.ossec.net/
OSSEC – http://www.ossec.net/
Andrew Hay’s Book – http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X

SecuraBit Episode 35 – Content, what content? Oh, THAT content!!! NSFW well some anyway!!!

Facebook privacy settings are getting simplified.

Michal Jackson causes google to trip thinking they had a DOS attack in progress, followed by spam assaults, and all the joke emails.

Slowloris DOS the show stream.

We discuss OSSEC with Andrew Hay.

Join us in IRC at irc.freenode.net #securabit and you can find our past episodes at http://www.securabit.com.

Next live recording is July 15, 2009 at 8pm EDT.

Hosts:

Chris Gerling – http://www.chrisgerling.com – @hak5chris

Christopher Mills – http://www.packetsense.net – @thechrisam

Anthony Gartner ñ http://www.anthonygartner.com ñ @anthonygartner

Andrew Borel – @andrew_secbit

Rob Fuller – Mubix – http://room362.com – @Mubix

Guest(s):

Wesley McGrew – http://www.mcgrewsecurity.com/ – @mcgrewsecurity

Andrew Hay – http://www.andrewhay.ca/ – @andrewsmhay

Links:

http://serverfault.com/questions/32361/how-to-best-defend-against-a-slowloris-dos-attack-against-an-apache-web-server

http://www.ossec.net/

OSSEC – http://www.ossec.net/

Andrew Hay’s Book – http://www.amazon.com/OSSEC-Host-Based-Intrusion-Detection-Guide/dp/159749240X

SecuraBit Episode 34: RoundTable Well Virtually anyway!!!

This week we welcome Scott Fitzpatrick of Symantec to join our roundtable on the news items of the day.

News Items:
StrongWebMail Fail – http://www.pcworld.com/businesscenter/article/166314/web_mail_company_to_pay_prize_after_ceo_hacked.html

TweetDeck still passes authentication in the clear

Google Apps criticized about their security

iPhone 3.0 Teathering Hack – http://www.jellysms.com/blog/enable-internet-tethering-with-your-iphone-in-2-minutes-on-o2-ireland-with-30-gm/

RSnake’s SlowLoris (low bandwidth, greedy, poisonus HTTP client) – http://ha.ckers.org/slowloris/

Mubix presenting a six hour work shop “From Shell to Owning the Company” at ToorCamp

DefCon and the Podcasters Meetup
– In Sky box 207 and 208 8pm or after the last talk on Saturday night.
– Exotic Liability (http://www.exoticliability.com/) and Germaina Newbs (http://grmn00bs.blogspot.com/) will be join the line up.

PaulDot Com with Securabity Thursday July 2, 2009 at 7pm.

Join us in IRC at irc.freenode.net #securabit

Our Next live recording is July 1, 2009 at 8pm EDT.

Hosts:
Chris Gerling – http://www.chrisgerling.com – @hak5chris
Jason Mueller – @securabit_jay
Christopher Mills – http://www.packetsense.net – @thechrisam
Rob Fuller – Mubix – http://room362.com – @Mubix
Andrew Borel – @andrew_secbit

Guests:
Scott Fitzpatrick

Links:
Symantec – http://www.symantec.com/
Mubix – Couch to Career – http://www.room362.com/archives/564-couch-to-career-follow-up.html

SecuraBit Episode 33: Bursting Clouds with Kostya Kortchinsky

In this episode we talk to Kostya about the process that is behind
Cloud Burst.  He speaks about breaking out of the existing Virtual
Machine and into the host.  Once you own the host you have the ability
to own other Virtual Machines.

Quick Topics:

OS X Security Update

Palm Pre

North Korea Cyberware

Air France Flight 447

Hosts:

Anthony Gartner – http://www.anthonygartner.com – @anthonygartner

Chris Gerling – http://www.chrisgerling.com – @hak5chris

Christopher Mills – http://www.packetsense.net – @thechrisam

Jason Mueller – @securabit_jay

Guests:

Kostya Kortchinsky – http://www.linkedin.com/pub/kostya-kortchinsky/4/211/a71

Tim Krabec – http://www.SMBMinute.com – @tkrabec

Links:

Immunity Inc – http://www.immunitysec.com/

CLOUDBURST exploit video -  http://www.immunityinc.com/documentation/cloudburst-vista.html

CVE-2009-1244 – http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1244

53634 : VMware Multiple Products Display Function Host OS Arbitrary Code Execution – http://osvdb.org/53634

Microsoft Security Bulletin MS08-067 – http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

SyScan ’09 Singapore July 2-3 – http://www.syscan.org/Sg/program.html

The Cassandra Tool – https://cassandra.cerias.purdue.edu/main/index.html

Apple Security Update 2009-002 / Mac OS X v10.5.7 – http://support.apple.com/kb/HT3549

Palm̠ Pre̫ Рhttp://www.palm.com/us/products/phones/pre/

North Korea Builds Up Cyber Warfare Unit – http://news.yahoo.com/s/afp/20090505/ts_afp/nkoreaitmilitary

Air France Flight 447 – http://en.wikipedia.org/wiki/Air_France_Flight_447

DEFCON̠ Hacking Conference Рhttp://www.defcon.org/

Immunity CANVAS – http://www.immunitysec.com/products-canvas.shtml

SecuraBit Episode 32: PDF Love!

Didier talks about how the ifilter will actually allow you to use a
pdf to exploit the system because ifilter uses the windows indexing
service. He also discusses some of the various methods of prevention
including his tool called PDFiD.

Penetration Document Format

http://www.flickr.com/photos/packetsense/3549486353/

Hosts:

Anthony Gartner – http://www.anthonygartner.com – @anthonygartner

Chris Gerling – http://www.chrisgerling.com – @hak5chris

Christopher Mills – http://www.packetsense.net – @thechrisam

Guests:

Didier Stevens – http://blog.didierstevens.com/

Links:

PDFiD – http://blog.didierstevens.com/2009/03/31/pdfid/

PDF Tools – http://blog.didierstevens.com/programs/pdf-tools/

Security Justice – http://securityjustice.com/

Exotic Liability – http://exoticliability.ning.com/