Hackers and cybersecurity researchers who attended this year's annual conference Black hat Information security conference in Las Vegas has been found on receipt of the wrong type of security notification. On Thursday, the Southern Nevada Health District issued a warning that people living in Vegas during the conference may have been exposed to measles.
Yes, literally measles.
"The Southern Nevada Health District informs individuals and the public who were at one of the locations listed below that they may have been exposed to a person in whom a case of measles has been reported. confirmed," read the statement.
These locations include Lupo and Aureole – two restaurants in Mandalay Bay – August 3 and 5, respectively.
Black Hat was held from August 3rd to 8th and was held in Mandalay Bay.
The CDC Notes that measles can be deadly for children.
"People who may have been exposed should also contact their health care provider if they develop a rash with fever or other measles-compatible symptoms within 21 days of visiting them." places, "advises the Southern Nevada Health District. "It is recommended that any person with symptoms contact the health care provider's office prior to entering a health care facility to enable the health care provider to arrange for the illness to occur. not spread. "
It is not known if the Las Vegas visitor who had the measles case confirmed was in town for Black Hat or if, by chance, he discovered the gorgeous sites of Vegas in early August. Anyway, security professionals who worry about the security of your data now have a more immediate concern about their plates (hopefully not ordered at Lupo or Aureole).
Fingers crossed, they have an anti-virus installed.
. (tagsToTranslate) measles (t) cybersecurity black-hat (t) tech (t)</pre></pre>
It would be Droogie (his handle, if it is not obvious), a presenter at DEF WITH hacking conference in Las Vegas and man with a very specific problem: he receives thousands of dollars of tickets that are not his own. But do not say that to the DMV.
Of course, it was not supposed to end that way. In fact, it's exactly the opposite. Droogie has registered a California license plate vanity composed solely of the word "NULL" – which, in programming, is a term with no specific value – for pleasure. And, he admitted, was laughing, it could confuse the automatic license plate readers and the DMV ticketing system.
"I thought," I'm shit, "I joked to the crowd. "I'm going to be invisible." Instead, I have all the tickets. "
Things did not go south immediately. As Droogie explained, he is a careful driver and has not received any tickets for the first year when he was the owner of the vanity plaque. Then he went to re-register his labels online and, when he was asked to enter his registration plate, he broke the DMV webpage.
It seemed that the DMV site had not recognized the "NULL" plate as a real entry.
It was the first sign that something was wrong.
The next sign was, finally, a little more serious: after receiving a legitimate parking ticket, thousands of dollars of random tickets began to arrive by mail at his home address.
It appeared that a privately run citation processing center had a database of outstanding tickets and, for whatever reason – perhaps due to incomplete data on their end – number of these tickets were attributed to the registration plate "NULL". In other words, the treatment center was likely trying to tell his systems that he did not know the plates of the offending cars. Instead, with Droogie's vanity plate now in play, he indexed all those outstanding notes on him.
More specifically, more than $ 12,000 of exceptional tickets.
"Basically," Droogie observed, "it's bullshit"
After contacting the DMV and the LAPD, and painfully explained his situation, they both told him the same thing: change your plates.
"I said:" No, I did not do anything wrong. "
But tickets still piled up. Fortunately, the DMV contacted the private quote processing company, which then wiped out the $ 12,000 on the weekends. However, and this part is the key, they do not really solve the problem with their system.
Droogie explained that, for the moment, tickets are still associated with his license plate and the system thinks he owes more than $ 6,000.
Basically, Droogie's joke went back against him. Hard Whatever it is, I've insisted to the laughing crowd, it does not pay those damn tickets.
. (tagsToTranslate) hackers (t) def-con (t) dmv (t) tech (t) cybersecurity</pre></pre>
As she explained to a crowd at the annual DEF WITH computer hacker conference in Las Vegas, Naval War College Associate Professor has not set himself the goal of becoming an ill-intentioned mule who accidentally helps defraud the elderly, but hey, everything does not happen like planned.
Kollars, fan of coffee pods Nespresso, had found what appeared to be a bargain on eBay: 200 pods at half price. So she placed her order and, soon after paying via PayPal, her order arrived – with a brand new Nespresso espresso machine worth $ 280 that she had ordered or paid for.
Looking at other eBay listings for Nespresso pods, she realized that there were tons of new vendor accounts with zero reviews, all offering Nespresso pods at very low prices. Something was off.
"I guess it's still a fraud, but I do not really know," she said about her thinking at the time. "If it's a kind of underground underground gang (…), it should happen on a certain scale."
After contacting Nespresso and offering to return the machine (they did not want to get it back), she set out to find out exactly what was happening. As she explained, she already had a very good idea.
The scam is this: the fraudsters are stolen somebody personally identifiable information and open a credit card account. They then create an eBay account and list a very inexpensive luxury product. Once the property is ordered by an unsuspecting customer, the criminals in question place the order – with the card obtained fraudulently – from the legitimate site and have it shipped.
Fraudsters have successfully turned a stolen credit card into cash, all with the help of an unsuspecting eBay buyer.
But why the free espresso machine? Kollars may have guessed that the criminals were trying to retain their clients, or were they simply unable to keep track of the money ordered by what?
In any case, she tried to try again.
After identifying other eBay accounts, Kollars thought that they were related to the original seller in question, she spent more orders for discounted pods. She received them, as well as hundreds of extras and a milk frother.
In total, she received Nespresso products worth approximately $ 939 for a price as low as $ 391.90.
But that's not all she's got. Kollars has also managed to contact a person lying behind one of the eBay accounts after canceling an order.
"I always want everything to suit you best," wrote the person. "My mother is sick in the hospital, so I can send you any other item in perfect condition and I have to go to the hospital with her, so I hope you understand for me and allow me to cancel.
Kollars is amazed at how polite this person was. "I really hope his mother is fine."
Importantly, however, it was not a victimless crime. Kollars investigated and discovered that people actually billed for these products had reached the retirement age or thereafter. In other words, it was possible for older people to be targeted intentionally.
She contacted the FBI and eBay and reported her findings. Although she had no news, this type of Nespresso fraud disappeared from the site about 30 days after her report. You can still find interesting offers on luxury goods on eBay, however, suggesting that this type of system is going on.
So, next time, think twice before clicking "buy" a great eBay seller without notice. It may be cheap, but you can also act as an unwilling mule in the strange world of online fraud.
. (tagsToTranslate) ebay (t) def-con (t) nespresso (t) tech (t) cybersecurity</pre></pre>
No, you did not just dream about a dream landscape of David Lynch, but rather CTF 20 (construction) year-round DEF WITH hacking conference in Las Vegas. The competition, which pits a group of hackers and researchers in random challenges related to security and cryptography, presents a very defensive turn: the participants are subjected to the throw of a dice to 20 faces, and the number obtained corresponds to physical damage inflicted on their computer. Then they must complete the next challenge.
The possible results of each roll are: drops, hammer crushing, being placed in a trash bag filled with iron filings and shaken, random deletion of data, having a box of inverted unloaded feather duster. in the interior your computer (so by freezing it), and, yeah, watching your device fried with a Tesla coil gun.
There is even a 7 year old who will blacken your screen and your keys with a sharpie for good measure. Or, if she feels naughty, she could write "you're stupid" on a participant's monitor. Spoiler: She felt bad.
"Do you have what it takes to build a computer that can withstand all kinds of damage," asks the page of the event. "Otherwise, do you have a computer so close to your heart that you are willing to risk destroying it in front of a crowd of enthusiastic pirates?"
It's wonderfully ugly, but the worst is yet to come.
Volunteers can apply to join the Church of Wi-Fi, which involves taking a picture of Malort and being paddled on stage by a man wearing a Pope hat.
"Forgive me, lord," announces a voluntary convert, "because I used WEP and I wish to repent".
The two-hour event is a pleasure for the crowd. Once every form of destruction has been visited on computers, the public – safely separated from flying debris by plastic sheets – is anxiously waiting to see if it will restart.
"Oh shitShouted an organizer of the scene after seeing a computer come back on, "It works!
Although perhaps not as serious as DEF CON Vote Hacking Village, or by fixing the main cybersecurity vulnerabilities in office printers, the d (struction) 20 The FCT offers hackers and security researchers an opportunity to have fun and showcase their unique skills.
In addition, see a Tesla-coil frying gun frying a computer is simply amusing.
The competition also has another purpose: to remind the common man that even a hammer can not prevent these hackers from splitting your mouth.
. (tagsToTranslate) hackers (t) def-con (t) tech (t) cybersecurity</pre></pre>
Will Caruana is on stage at the annual party DEF WITH hacking convention in Las Vegas, and with a quick warning and a mischievous smile, he implored the crowd to behave. Of course, the behavior is not the reason why there was a discussion about hacking phones in the elevators.
According to Caruana's speech, lifts, emergency phones in elevators around the world are hurting, if at all, protected from potential abuse. Why is it important? What problem can you get with an elevator phone, anyway? Remove a lot, it turns out.
For starters, anyone who is so inclined can call the phone – all you need is the number (which you can sometimes find online) – thus giving an attacker the opportunity to listen to any conversation that takes place at the # 39; inside.
Imagine all the fun things you could hear about in the elevators of a Fortune 500 company.
But that's not all. As Caruana explains, it is quite easy to take remote control of elevator phones.
"No one has ever changed the password," he explained by displaying a slide of the elevator's default passwords. "Nobody."
And once you have control of the phones? Well, if you are malicious, Caruana says that you can prevent the phones from working – making them unusable in the event of a real emergency.
Or, if you are right after the money, you can force the phones to call specific numbers. To realize the seriousness of this move, Caruana presented a less hypothetical scenario with a real university with 60 lifts.
"Each of these elevators has its own phone line," reads one slide. By forcing these phones to call a predetermined 900 number that you control, 24 hours a day, you make millions.
But the crowd of hackers who attended Caruana's interview should absolutely not try this in hotels and casinos hosting DEF CON. As for where should they try it? Caruana did not say, even though he included a photo of the Trump International Hotel in his presentation.
So next time you're in an elevator, do not forget to watch what you say. You never know who is listening – or using the simple emergency phone to get rich while you turn your thumbs up and fix the ceiling.
. (tagsToTranslate) hacking (t) def-con (t) technology (t) cybersecurity</pre></pre>
Soft know all your secrets. Your dd talk, your business plans with the boss, the company's many unspeakable meditations – they fill all the servers of the San Francisco-based company, waiting to be viewed by a Curious CEO, skillful hackerwhere the whole world.
The communication platform on which many rely to work and keep in touch with their friends is, for example, most things online, a potential disaster for privacy is about to happen And even if you have no choice whether to use the tool or not, you have the option to lock its settings confidentiality in order to mitigate the fallout before it is too late.
So let's lock it up.
If you use Slack for work, chances are it's a paid plan. This differs from the free version – which your D & D team could use to coordinate campaigns and meetings – in several important ways.
The first is that with the paid version, your boss might be able to read your direct messages. Determining if this setting is enabled is the first step to keep your DM secret. Fortunately, there is a way to do it.
When you are connected to Slack in a web browser, go to slack.com/account/team and click "Save and Export". Scroll to "What data can my administrators access?" And you will get your answer.
If only the page says that public the data can be exported, your DM is safe for your boss. However, it is stated that "Workspace owners can also export messages and files from private channels and direct messaging," the lords of your company have the opportunity to do so. extract your direct messages.
OK, so now you know that your boss has the ability to read your direct messages. It's bad, but not everything is lost. There are still many ways to protect yourself, or at least reduce the damage that will inevitably result.
To begin, you need to change the retention settings on the of your direct messages. Slack gives owners of workspaces (ie the person who manages your company's Slack account) the ability to determine how long messages will be kept, both on public channels and on the direct messages. It could be for 90 days, for example, or forever.
You can and should adjust this setting in your own direct messages. Think about it this way: when your boss records a deputy minister's file, would it be better for him to receive years of direct messages or only the last 24 hours? Yes exactly.
In a live message conversation, click the gear icon in the upper right corner and select "edit message retention." Then select "Use custom retention settings for this conversation", choose a day (the shortest period possible), and select Save.
Your messages will now be automatically deleted after 24 hours. Notably, this does not necessarily mean that they are no longer on slack servers once they have a day (they probably are not), but messages should no longer be within the owner's reach of the aforementioned workspace once a day has elapsed.
Unfortunately, you have to do it for every direct message conversation, but it's a quick change that is well worth it.
Slack does not give you the ability to individually encrypt your messages.
There is however a way around this problem in the form of a free browser extension called Shhlack. The extension, available for Chromium, allows you and your colleagues to encrypt all your messages. Its use is quite simple and means that your private messages will not be visible in clear text when your boss, or hackers, will take a look.
But above all, as GitHub page warns, "This is an experimental and ongoing project" that you must use "with a grain of salt". In other words, if something serious, such as your job or your business secrets, depends on the confidentiality of your messages, you will have to take stricter privacy measures.
This one is less of a parameter than a live tip, but it could save your life, so listen well: Any message that, if it was made public, could get you into trouble should not at all to be sent via Slack.
Instead, try creating a private Slack channel (with a short retention setting!), By getting the phone numbers of the people you want to chat with, and then sending them to the encrypted email application. Signal. You can make encrypted phone calls on the free app, create very large newsgroups, send files, conduct video chats and set messages to be automatically deleted afterwards. a predetermined time.
There is even a desktop app if you do not like to type with the thumbs.
Modifying slack messages afterwards may seem like a surefire way to remove potentially problematic content. But guess what, some Slack accounts track changes and keep records of messages before they change.
Knowing if this setting is enabled will prevent you from making the mistake of thinking that you are in the clear whereas in reality, the only thing you have succeeded in is showing that it is obvious that you try to cover your tracks.
Once logged in to your inactive account, go to https://my.slack.com/account/workspace-settings and click on "Retention and Exports".
You will find the answers you need.
Keeping your account private means keeping it safe. Protect your account with two-factor authentication is a great way to keep hackers and snoopers.
AT put in placeOnce logged in, visit my.slack.com/account/settings. Then click on "Two-factor authentication" and follow the instructions. You will need an authenticator application downloaded to your smartphone for it to work, but it exists tons safe choice it works with Slack.
Believe me: you really want this security feature to be enabled.
Suppose you want to leave Slack or leave a business and do not use this Slack account anymore. You may assume that the deletion of your account supports all your remaining personal data, but this is certainly not the case.
Instead, you must actually ask the "main owner" workspace to ask for release delete your profile information.
"When members leave a workspace or organization, they may have the right to request that their profile information be deleted by the primary owner," explains the company. "As a data controller, the primary owner is responsible for determining whether the profile information should be deleted."
This primary owner must then send an email to Slack at email@example.com with a specific delete request, noting "the member's email address and the URL of your workspace".
Once you have taken this step, you are finally free to enjoy your privacy.
. (tagsToTranslate) privacy (t) slack (t) tech (t) cybersecurity</pre></pre>