«
Expand/Collapse
33 items tagged "risk"
Related tags:
hacker [+],
whitepaper [+],
warns [+],
type [+],
tls [+],
ssl [+],
security event [+],
security [+],
risk management [+],
real security [+],
paul graham tags [+],
management [+],
laws [+],
joe [+],
jean philippe aumasson [+],
inequality [+],
hacker ethic [+],
facebook [+],
cryptography [+],
cryptanalysis [+],
comms [+],
chaos communication congress [+],
bridge theory [+],
autonomous machines [+],
attack [+],
abu dhabi [+],
warplane [+],
voice prints [+],
voice [+],
view [+],
video [+],
usa [+],
uk roads [+],
u.s. [+],
theft [+],
spies [+],
social [+],
snitches [+],
smartphone [+],
skimming [+],
sheriff [+],
scada systems [+],
scada [+],
related security [+],
rebellos [+],
read [+],
prints [+],
posts [+],
poses [+],
plant [+],
pickpockets [+],
nuclear plant [+],
nuclear [+],
networkers [+],
nasa space shuttle [+],
nasa [+],
multiple [+],
mod [+],
mobile devices [+],
mobile device [+],
mobile [+],
mitsubishi [+],
londoners [+],
leak [+],
laurie martin [+],
jira [+],
jamming [+],
interceptor [+],
integration [+],
impunity [+],
htb [+],
hacks [+],
hacking [+],
hackers [+],
gps [+],
gitmo [+],
geotagged [+],
flaw [+],
enterprise [+],
dos [+],
disrupting [+],
digital [+],
department database [+],
denial of service [+],
denial [+],
darknet [+],
cyber attack [+],
critical systems [+],
computing [+],
computer systems [+],
computer [+],
company [+],
cloud [+],
cellphones [+],
card skimming [+],
card [+],
bugtraq [+],
breach [+],
bod [+],
bluesnarfing [+],
audio [+],
android [+],
adam outler [+],
adam laurie martin herfurt [+],
adam laurie [+],
Skype [+],
ExploitsVulnerabilities [+]
-
-
![Permalink for '[Video] Inequality and Risk'](/themes/lilina/web//media/mark_off.gif)
21:40
»
SecDocs
-
-
21:39
»
SecDocs
-
-
15:47
»
SecDocs
Authors:
Jean-Philippe Aumasson Tags:
cryptography Event:
Black Hat Abu Dhabi 2011 Abstract: It is commonplace to argue that academic cryptanalysis---whose "attacks" literally take billions of years to complete---has no relevance whatsoever to actual security, for real-world failures of crypto are most often due to: Side-channel leakage (padding oracle attacks, etc.) Attacks on the implementation (key extraction through fault attacks, etc.) Complete bypass (after theft of keys à la DigiNotar, etc.) Nevertheless, a number of new cryptanalytic attacks have appeared these last years with various degrees of sophistication and of objectives, from complex key-recovery attacks to efficient-yet-cryptical "distinguishingers". To better understand the risk (or absence thereof), this talk will go through technical subtleties of state-of-the-art cryptanalysis research, which we'll illustrate with concrete field examples. The topics discussed include related-key attacks, cube attacks, the real security of AES, the case of pay-TV encryption, or the risk of using SHA-1, SHA-2, or the future SHA-3. Finally, we will present a recent attempt to bridge theory and practice, with an introduction to leakage-resilient cryptography.
-
15:46
»
SecDocs
Authors:
Jean-Philippe Aumasson Tags:
cryptography Event:
Black Hat Abu Dhabi 2011 Abstract: It is commonplace to argue that academic cryptanalysis---whose "attacks" literally take billions of years to complete---has no relevance whatsoever to actual security, for real-world failures of crypto are most often due to: Side-channel leakage (padding oracle attacks, etc.) Attacks on the implementation (key extraction through fault attacks, etc.) Complete bypass (after theft of keys à la DigiNotar, etc.) Nevertheless, a number of new cryptanalytic attacks have appeared these last years with various degrees of sophistication and of objectives, from complex key-recovery attacks to efficient-yet-cryptical "distinguishingers". To better understand the risk (or absence thereof), this talk will go through technical subtleties of state-of-the-art cryptanalysis research, which we'll illustrate with concrete field examples. The topics discussed include related-key attacks, cube attacks, the real security of AES, the case of pay-TV encryption, or the risk of using SHA-1, SHA-2, or the future SHA-3. Finally, we will present a recent attempt to bridge theory and practice, with an introduction to leakage-resilient cryptography.
-
-
21:28
»
SecDocs
-
10:19
»
Hack a Day
[Adam Outler] and [Rebellos] have been working feverishly to advance the world of mobile device hacking. They’re attacking on two fronts, making it easier for the common hacker to monkey with the phone’s firmware and OS with impunity, and by finding ways to make regular handsets into dev-hardware for low-level hacking. The Hummingbird Interceptor Bootloader (HIBL) circumvents [...]
-
-
21:03
»
SecDocs
Tags:
robotics Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: Unnoticed by average Joe we are currently experiencing the advent of autonomous machines. This development will undoubtedly result in epochal change of our way of live. Naturally this has the potential to cause enormous problems. Two key issues will be how to tame the risks these autonomous machines pose and how to deal with the impact their wide proliferation will have on societies. A few years ago these questions were only important in science fiction. Today “killer” applications are no longer an academic topic. Now it is on us to start thinking about this questions and to preemptively develop new practices. Curiously, what might be a large part of the solution has already been central to the hacker community for decades: hacker ethic. This talk will address the following topics: Emancipation of Machines 3 distinct types of machine: (1) directly augments human capabilities (2) machines that augment other machines (3) autonomous machines Type 3 machines do not need constant human supervision and do not directly improve human capabilities Type 3 machines can be as simple as a clock A crossbow attached to a clockwork on a busy marketplace demonstrates the resulting problems Over the past years type 3 machines have become more numerous and will soon be commonplace Risk mitigation is only in its infancy: dangerous machines are separated from humans No convincing solutions for autonomous machines. Asimov’s Laws outdated by “killer” applications. A Social Contract for Machines Autonomous machines are technologically feasible but held back by other factors How risk can be moderated by a system approach implementing developer ethics in a new Archimedes oath How financial instruments can be created to price residual risk and create a social contract for machines From Protestant to Hacker Ethic How to mitigate one of the biggest consequences of type 3 machine proliferation: work Current situation Protestant work ethic Changed situation: unemployment the norm/mechanic slaves Solution: hacker ethic?
-
-
21:02
»
SecDocs
Tags:
robotics Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: Unnoticed by average Joe we are currently experiencing the advent of autonomous machines. This development will undoubtedly result in epochal change of our way of live. Naturally this has the potential to cause enormous problems. Two key issues will be how to tame the risks these autonomous machines pose and how to deal with the impact their wide proliferation will have on societies. A few years ago these questions were only important in science fiction. Today “killer” applications are no longer an academic topic. Now it is on us to start thinking about this questions and to preemptively develop new practices. Curiously, what might be a large part of the solution has already been central to the hacker community for decades: hacker ethic. This talk will address the following topics: Emancipation of Machines 3 distinct types of machine: (1) directly augments human capabilities (2) machines that augment other machines (3) autonomous machines Type 3 machines do not need constant human supervision and do not directly improve human capabilities Type 3 machines can be as simple as a clock A crossbow attached to a clockwork on a busy marketplace demonstrates the resulting problems Over the past years type 3 machines have become more numerous and will soon be commonplace Risk mitigation is only in its infancy: dangerous machines are separated from humans No convincing solutions for autonomous machines. Asimov’s Laws outdated by “killer” applications. A Social Contract for Machines Autonomous machines are technologically feasible but held back by other factors How risk can be moderated by a system approach implementing developer ethics in a new Archimedes oath How financial instruments can be created to price residual risk and create a social contract for machines From Protestant to Hacker Ethic How to mitigate one of the biggest consequences of type 3 machine proliferation: work Current situation Protestant work ethic Changed situation: unemployment the norm/mechanic slaves Solution: hacker ethic?
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Packet Storm Security Headlines
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution