Monday, November 24, 2014

BSidesLV & BSidesCHS 2014: "Allow myself to encrypt...myself!

Abstract

At BSides LV/CHS 2013, I shared a dream…of a day when all-the-things would be endowed with…with huge…encryption! YES!  BIG ENCRYPTION! Where NSA is spelled with F & U! Of a future where I can share my data without sacrificing ownership, confidentiality, or anything else.  Where my memes and social awkwardness will be appreciated! Um…seriously though, we played “fantasy defense-in-depth”, sacrificed an “admin dude” dressed like the black knight, and generally shocked the world that the internet isn’t a safe place.

Wait…ok…now seriously, we explored why the “escalation of weaponry” means defense is futile; why the networks of the future, pervasive ubiquity, and other unknowns won’t fit into a secure perimeter; that we need to protect data over devices; that if we can’t control how our data is transmitted, processed, or stored we need to figure out how to protect it!

Can we create data resilient to attack even when the host it resides on is compromised? How do we not lose availability or the ability to share & collaborate with others? We were on the trail last year, but now we think we have a solution & can’t wait to show you! Fast forward 1 year & we have possibly the first open source destined & patent protected comprehensive framework for data protection. It’s a big idea with big challenges destined for failure without your input and expertise so come join the conga line to crazy town!

Slides


Videos



Read more »

BSides Charleston 2014 Videos Posted

Read more »

Saturday, November 1, 2014

Hacking the EAS: Zombies on the Airwaves

Abstract

50 years of obsolescence hasn't taught us anything apparently!  Get prepared for a modern day "War of the Worlds" on a scale Orson Wells couldn't have imagined!  On a typical morning you hear the familiar "EEEERRRR" tone on the radio or television and turn it up for the latest Sever Weather Advisory but instead hear "A nuclear bomb has hit Atlanta.  The CDC is destroyed and zombies are roaming the earth!"  Pretty far fetched right?  Maybe instead you hear "A terrorist attack has destroyed…insert place."  Starting to hit home?  We'll show you the vulnerabilities in the Emergency Alert System (EAS) that will allow you to create your very own emergency.  We'll show you the tools, the technology, and the joke that is security in the EAS.  But we won't stop there!  With newly mandated updates to the EAS, you'll soon be getting unsolicited messages on your phones, the internet, and elsewhere.  But with these new mandates, surely they established security requirements right?  The discussion will continue on the future of the EAS and its replacements by the Commercial Mobile Alert Service (CMAS) and other systems.  We’ll show you how these systems could be leveraged to broadcast your plea for rescue far beyond your imagination.  Even if you don't hack the EAS (and I'm not saying you should), I'm sure you'll find the discussion eye opening and engaging in an area where RF hacking and critical infrastructure collide to create one hell of a mess!

Slides





Video

Read more »