Best of Black Hat | Fox invents 'cyberwalls' | Remember Ello?




Hacking cars, guns, and smartphones ...

... all in one week at Black Hat, the hacking conference that drew thousands of cybersecurity professionals to the sweltering heat of Las Vegas. It's (probably) the only time of year when seemingly everyone's out-of-office e-mails read something like, "for security reasons, it's easiest just not to use my smartphone at all, so don't even bother contacting me" – freeing everyone up to collect enough swag for a year and talk about the latest research, sometimes from cabanas, or alongside acrobats forming pyramids over outdoor swimming pools. 
Some of the most talked-about presentations included security researchers Charlie Miller and Chris Valasek's big unveil of the technical details of how they took remote control of a Jeep Cherokee. They said the shock value of their demonstration was the reason they raised enough awareness of the security weaknesses to spur Fiat Chrysler to fix the problem. "Hackers did something. Change happened," Valasek said.
Other sexy research presentations this year included a talk by Runa Sandvik and Michael Auger. They decided to blend curiosity about the gun-loving aspects of American culture with their hacking talents by proving they could change the target of a Wi-Fi-enabled rifle, which they called "just an armed computer running on Linux." There will be more, too. The fun at DEF CON starts today. We'll be there, making use of airplane mode. // Sara Sorcher  



Jeep hackers: Only a dramatic stunt could force a Chrysler recall

At this week’s Black Hat security conference, researchers Charlie Miller and Chris Valasek said hacking a reporter’s car on a highway – which some called needlessly reckless – was the only real way to effect change. // Sara Sorcher

OPM breach a shadow over Homeland Security's appeals to security pros

The Deputy Homeland Security Secretary urged attendees of the Black Hat conference not to let the massive government breach foil plans for improving information sharing about cybersecurity threats between the private sector and the government. // Sara Sorcher

Problematic protocol that directs all Web traffic finally gets attention

Security professionals have long overlooked Border Gateway Protocol, one of the most insecure parts of Internet infrastructure. But this year it was the subject of three talks at the Black Hat security conference in Las Vegas. // Joe Uchill

Ello ads pan online targeting. Here's what experts say about its privacy practices

The upstart social media site launched an ad campaign on Facebook this summer to draw attention to online targeting and promote itself as an ad-free network. Yet, experts have questions about Ello's own privacy practices and safeguards. //Malena Carollo

Fox News invents a 'cyberwall'

At last night's earlier GOP debate, Fox News moderators added to the list of cyber-jargon with "cyberwall." Asked whether she would tear down cyberwalls to help catch terrorists, Republican candidate Carly Fiorina said she supported a targeted approach to tearing down cyberwalls, as did Sen. Lindsey Graham (R) of South Carolina later in the debate. But, what's a cyberwall?

Cyberwall is just a less effective way to talk about privacy protections and information flow in relation to terrorism investigations. But the term is so unspecific, it could include a multitude of topics, such as the encryption debate between Washington and Silicon Valley, or restrictions on threat information sharing. A more productive alternative is hashing out privacy and security issues in more concrete terms – tho the exchange was bombastic – like Sen. Rand Paul (R) of Kentucky and Gov. Chris Christie (R) of New Jersey did about the National Security Agency’s data collection practices. // Vox 

SPONSORED

Security of Things Forum 2015

The second annual Security of Things Forum, to be held in Harvard Square on Sept. 10, will explore one of this generation's paramount challenges: securing the Internet of Things. Top security researchers, executives, practitioners, investors and academics will gather for a day of discussion and hands-on learning. Co-produced by The Security Ledger and Passcode, this year’s event features Chris Valasek of IOActive, one of the world’s recognized experts on the security of connected vehicles.

Click here to register.


Even more Black Hat and DEF CON coverage, as chosen by the Internet
You've seen what we've found important about Black Hat and DEF CON. Now, here's what our algorithm determined:

1) Excerpts from the keynote by Jennifer Granick, director of civil liberties at the Stanford Center for Internet and Society:

"Today, the dream of Internet Freedom that brought me to my first DEF CON is dying. The dream is dying because, for better or for worse, we’ve prioritized things like security, online civility, user interface, and intellectual property interests above freedom and openness."

2) OPM wins one of Black Hat's goofy Pwnie Awards for "Most epic FAIL" in cybersecurity. Oddly, no one from the agency showed to accept it.

3) Researchers crack SIM card's AES-128 encryption, via "side-channel" attacks. From a software standpoint, AES-128 is functionally unbreakable, but side-channel attacks that measure hardware usage attributes such as electricity usage can still steal information. Yu Yu (who assured audiences that was his actual name) of the Shanghai Jiao Tong University said, with a little luck, he could hack cards in under 10 minutes.

4) Six Tesla bugs to be presented today at DEF CON could allow crooks to hot-wire cars. The flaws have already been patched.

5) An Argentine prosecutor who died under suspicious circumstances hadspyware on his computer. // Joe Uchill

Google and Samsung will push Android patches monthly 

The updated schedule is in stark contrast to other makers of Android devices. Many of them are notorious for infrequent security updates. // TechCrunch

China sends Internet cops to chaperon Internet companies

The country's notoriously tight grip on Internet usage grows tighter. // Wall Street Journal

Federal appellant court rules cell tower data requires warrant

From the Forth Circuit Court of Appeals in Baltimore: "People cannot be deemed to have volunteered to forfeit expectations of privacy by simply seeking active participation in society through use of their cell phones." // AmLaw PDF Server

Facebook registers patent on determining credit risk based on social connections

Get a loan if you want to, but leave your friends behind. If your friends have debt, and if they have debt, well they're no friends of mine. // VentureBeat

Reviews, Tips & How Tos


How to Set Up the Windows 10 Phone Companion App - C. Stobing, HTG
Motorola Moto G: A Lot To Love for $180 - Brian Heater, Tech Times
How to Stop Windows 10 From Using Your Bandwidth - B. Chacos, PCW
Microsoft's Universal Foldable Keyboard - Lauren Goode, Re/Code
How to Stream Xbox One Games on Windows 10 - Xbox.com
Posted by at