Black Hat – Jupiter Broadcasting https://www.jupiterbroadcasting.com Open Source Entertainment, on Demand. Mon, 09 Mar 2020 23:52:42 +0000 en-US hourly 1 https://wordpress.org/?v=5.5.3 https://original.jupiterbroadcasting.net/wp-content/uploads/2019/04/cropped-favicon-32x32.png Black Hat – Jupiter Broadcasting https://www.jupiterbroadcasting.com 32 32 Building an Open Source Community: Wirefall | Jupiter Extras 62 https://original.jupiterbroadcasting.net/140122/building-an-open-source-community-wirefall-jupiter-extras-62/ Tue, 10 Mar 2020 04:00:00 +0000 https://original.jupiterbroadcasting.net/?p=140122 Show Notes: extras.show/62

The post Building an Open Source Community: Wirefall | Jupiter Extras 62 first appeared on Jupiter Broadcasting.

]]>

Show Notes: extras.show/62

The post Building an Open Source Community: Wirefall | Jupiter Extras 62 first appeared on Jupiter Broadcasting.

]]> Pentesting Problems: Bryson Bort | Jupiter Extras 60 https://original.jupiterbroadcasting.net/139917/pentesting-problems-bryson-bort-jupiter-extras-60/ Tue, 03 Mar 2020 04:00:00 +0000 https://original.jupiterbroadcasting.net/?p=139917 Show Notes: extras.show/60

The post Pentesting Problems: Bryson Bort | Jupiter Extras 60 first appeared on Jupiter Broadcasting.

]]>

Show Notes: extras.show/60

The post Pentesting Problems: Bryson Bort | Jupiter Extras 60 first appeared on Jupiter Broadcasting.

]]> Cost of Encryption | TechSNAP 122 https://original.jupiterbroadcasting.net/41332/cost-of-encryption-techsnap-122/ Thu, 08 Aug 2013 11:53:41 +0000 https://original.jupiterbroadcasting.net/?p=41332 We’ll have a frank discussion about the encryption Arms race underway, the side channel attack against gpg research have found, headlines from Back Hat...

The post Cost of Encryption | TechSNAP 122 first appeared on Jupiter Broadcasting.

]]>

post thumbnail

We\’ll have a frank discussion about the encryption Arms race underway, the side channel attack against gpg research have found, headlines from Back Hat…

And then an epic batch of your questions, our answers!

— Show Notes —

Thanks to:

Use our code tech249 to score .COM for $2.49!

Get private registration FOR FREE with a .COM! code: free5

  

Visit dirwiz.com/unitysync use code tech for an extended trial and a year of maintenance.

 

Direct Download:

HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

Researchers have found a side-channel attack which could possibly be used to steal your gnupg keys

  • Researchers Yuval Yarom and Katrina Falkner from The University of Adelaide presented their paper at Blackhat
  • The Flush+Reload attack is a cache side-channel attack that can extract up to 98% of the private key
  • The attack is based on the L3 cache, so it works across all cores, unlike previous attacks where the attacker had to be on the same CPU core as the victim
  • This attack works across VMs, so an attacker in one VM could extract the GnuPG from another VM, even if it is executing on a different CPU
  • Research Paper

More Encryption Is Not the Solution

  • Poul-Henning Kamp (PHK) wrote an article for ACM Queue about how Encryption is not the answer to the spying problems
  • Inconvenient Facts about Privacy
  • Politics Trumps Cryptography – Nation-states have police forces with guns. Cryptographers and the IETF (Internet Engineering Task Force) do not.
  • Not Everybody Has a Right to Privacy – Prisoners are allowed private communication only with their designated lawyers
  • Encryption Will Be Broken, If Need Be – Microsoft refactors Skype to allow wiretapping
  • Politics, Not Encryption, Is the Answer
  • “There will also always be a role for encryption, for human-rights activists, diplomats, spies, and other professionals. But for Mr. and Mrs. Smith, the solution can only come from politics that respect a basic human right to privacy—an encryption arms race will not work”
  • PHK postulates that a government could approach a cloud service as say “on all HTTPS connections out of the country, the symmetric key cannot be random; it must come from a dictionary of 100 million random-looking keys that I provide” and then hide it in the Cookie header

Interview with Brendan Gregg

Feedback:

Correction Section

Echos from the Hall of Shame

Round Up:

The post Cost of Encryption | TechSNAP 122 first appeared on Jupiter Broadcasting.

]]> Hacker Con Round-Up | Jupiter@Nite | 8.02.10 https://original.jupiterbroadcasting.net/2514/hacker-con-round-up-jupiternite-80210/ Mon, 02 Aug 2010 21:33:35 +0000 https://original.jupiterbroadcasting.net/?p=2514 We go BLACK (hat) and review the latest news to surface from Hacker Cons around the world! We’ll show you the latest antics from Black Hat and DEFCON.

The post Hacker Con Round-Up | Jupiter@Nite | 8.02.10 first appeared on Jupiter Broadcasting.

]]>

post thumbnail

Tonight on Jupiter@Nite, the boys go BLACK (hat) and review the latest news to surface from Hacker Cons around the world! We’ll show you the latest antics from Black Hat and DEFCON, where security protocols are run through the wringers. Are your cell phone call safe? Did your wallpaper app steal your Android information?

Tune in to find the glorious details!

Tonight’s Show Notes:

Black Hat Conference background:

     A computer security conference that has a unique blend of gov’t officials, corporate IT leaders and hackers in attendance.

     Black Hat was founded in 1997

     Ran in Las Vegas from Jul 24th to the 29th

     Made famous by the antics of their hacker attendees.

     Past conquests:  Local wireless services, hotel billing services, and even the lobby ATM.

     Also famous for exposing faults in popular software.  Sometimes without the prior knowledge of the software’s developers.  Most commonly browsers and operating systems.

 

TOP STORY

Mozilla finds security flaw in Black Hat’s pay-per-view Video Stream

     The stream cost $395 per head for viewing. Ouch.

     Ironic, since Mozilla has been a frequent target of Black Hat’s many ‘whistle blowing’ presentations re: browser security flaws.

     Sources indicate that the Mozilla foundation immediately notified Black Hat about the error, rather than holding onto the information to announce at a later date, as a deliberate “we’re more respectful than you” type of gesture.

 

Some other Black Hat demos:

 

Hacked ATM spews cash, sings a jaunty tune, and displays “Jackpot” on the screen.

     All hacked remotely, and demonstrated live.

 

This $1,500 system can hack into your cell phone calls

     Pretends to be a cell tower, so can even receive encrypted calls.

     Only 2G GSM calls

     “Encrypted calls are not protected from interception because the rogue tower can simply turn it off. Although the GSM specifications say that a phone should pop up a warning when it connects to a station that does not have encryption, SIM cards disable that setting so that alerts are not displayed.”

 

Hacking pre-paid parking meters

 

Android wallpaper app steals millions of subscriber’s personal info

     Watch for apps by “jackeey,wallpaper” and “IceskYsl@1sters!”

     Watch for apps that request access to “android.permission.READ_PHONE_STATE” which grants the application access to APIs to access the device’s phone #, subscriber ID, and more.

     UPDATE:  Details of which data was potentially stolen.

 

Help Crowd Source Jupiter@Nite (and other JB shows) News:

 

              Sign up for Google Reader

              Sign up for Google Buzz (Optional.. But the best way for everyone to discuss topics)

              Subscribe to the Jupiter”@”Nite Google Reader Bundle

              The Linux Action Show Bundle

              LOTSO Bundle

 

Download:

The post Hacker Con Round-Up | Jupiter@Nite | 8.02.10 first appeared on Jupiter Broadcasting.

]]>