conferences
$2.7 million await successful Pwnium 4 contestants
Google has, once again, called security researchers to participate in its annual Pwnium contest scheduled to be held at the CanSecWest security conference in Vancouver in …
Speakers boycotting RSA Conference will speak at TrustyCon
Security consulting firm iSEC Partners, the Electronic Frontier Foundation (EFF) and DEF CON have announce that they will be kicking off a brand-new security technology …
An introduction to firmware analysis
This talk by Stefan Widmann gives an introduction to firmware analysis: It starts with how to retrieve the binary, e.g. get a plain file from manufacturer, extract it from an …
The basics of digital wireless communication
The aim of this talk by Clemens Hopfer from the 30th Chaos Communication Congress is to give an understandable insight into wireless communication, using existing systems as …
Triggering deep vulnerabilities using symbolic execution
Symbolic Execution (SE) is a powerful way to analyze programs. Instead of using concrete data values SE uses symbolic values to evaluate a large set of parallel program paths …
Researchers demonstrate SD memory card hacking
Security researchers Andrew “bunnie” Huang and Sean “xobs” Cross have demonstrated that the only way to be absolutely sure that no one will be able to …
Useful password hashing: How to waste computing cycles with style
Password-based authentication is widely used today, despite problems with security and usability. To control the negative effects of some of these problems, best practice …
Authentication using visual codes: what can go wrong
Several password replacement schemes have been suggested that use a visual code to log in. However the visual code can often be relayed, which opens up a major vulnerability. …
Building an OATH-compliant authentication server for less than $100
Using a Raspberry Pi nanocomputer and the multiOTP open source library, André Liechti showcases how to how to create an OATH-compliant authentication server at PasswordsCon …
Tales of passwords, cyber-criminals and daily used devices
Specific embedded devices are targeted by criminals in order to gain access or utilize for further attacks. Modems are attacked to change DNS-servers for advertising or …
Tracking botnets using automatically generated domains
Stefano Zanero is an Assistant Professor at Politechnico di Milano, where he focuses on systems security. Modern botnets rely on domain-generation algorithms (DGAs) to build …
Bypassing security scanners by changing the system language
A substantial security oversight is present in a variety of penetration testing tools, and it has to do with the different languages that a computer system can be set up to …
Featured news
Sponsored
Don't miss
- Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)
- Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)
- Is an open-source AI vulnerability next?
- OWASP dep-scan: Open-source security and risk audit tool
- Ebury botnet compromises 400,000+ Linux servers