This year's Defcon was chock full of events with many physical securities shown to be vulnerable, favorite sites such as Gmail being unsecure, critical infrastrure flaws, and even undercover reporters.
First up was some physical security news. A team of security specialists has announced that they have been able to bump and pick high-security locks used by the likes of the White House and Pentagon.
While many security devices such as RFID and biometric readers are in place in many places, nothing has managed to replace the good, old fashioned lock when trying to secure a room or area from unwanted intruders. Even high security areas such as the White House still rely on locks and many use a lock that is said to be unbumpable and unpickable.
As much as Medeco would like to deny that its locks are beatable, researcher Marc Weber Tobias proved to the world that they are at Defcon 15.
Wired has the full write up so go ahead and check it out.
Other security measures aren't any better at keeping people out, as Zac Franken has demonstrated.
Franken showed attendees that it was possible to splice into the wires in security card readers and copy the information from security cards that are swiped with his “gecko” device.. It is then possible to gain unauthorized access to restricted areas by telling the gecko to use the same signal copied from an earlier card.
He has plans to use a similar method to bypass retinal scans used by many companies.
In other news, Michelle Madigan, a reporter for Dateline NBC, was ousted after it was discovered that she was hiding a hidden camera in her purse.
On four separate occasions, she had refused to get a press pass in an effort to get convention goers to admit to engaging in illegal activities concerning hacking. If she had just gotten the press pass to begin with, nothing would have transpired. She was uncovered in a surprise game of “Spot the undercover reporter” that follows the premise of “Spot the federal agent” that Defcon is renown for.
The cheers and jests made by the attendees almost make you want to side with her, but you can decide for yourself after watching the
video.
Another issue on the table involved e-mail security. While this isn't really new, a security flaw was shown to have made it possible to
hack into your Gmail account if you're using WiFi. Apparently, Google only uses SSL on the login page and everything after the login process is vulnerable to being intercepted. You can do a quick fix by telling Gmail to use SSL for the entire session by going to
https://gmail.com.
Last but not least in this roundup of this year's Defcon is a
security flaw that can compromise critical infrastructures that help control you day-to-day life.
Supervisory control and data acquisition (SCADA) systems are the computer systems used to control important infrastructures such as power transmission facilities, oil and gas pipelines, and water treatment plants and are the systems that have been identified as having a major security flaw. Ganesh Devarajan demonstrated the vulnerability to attendees but would not name the maker of the software company responsible for the systems due to security concerns.
A full schedule of events from this year's Defcon can be seen over at the
convention's website.
Make sure you check out all the links so you can get the full information behind each of the stories and then let us know what you think
over in the forums. Don't forget you can always just leave a comment below if you're in a hurry.
Want to comment? Please log in.