![]() The first iPhone wouldn't come out for another three years. ![]() While modern smartphones are minicomputers that use a range of wireless protocols, including WiFi, to transfer data, 2004 was very much still the age of feature phones. Since then, Rutkowska has turned her offensive genius to play defense, and launched the high security Qubes operating system, a hardened Xen distribution for laptops. "This all happens on-the-fly (i.e., without restarting the system) and there is no performance penalty and all the devices, like graphics card, are fully accessible to the operating system, which is now executing inside virtual machine." "The idea behind Blue Pill is simple: Your operating system swallows the Blue Pill and it awakes inside the Matrix controlled by the ultra-thin Blue Pill hypervisor," Rutkowska wrote at the time. Named after the Matrix "blue pill"-a drug that makes the fake world look real- the Blue Pill exploit made quite the splash at Black Hat 2006. Joanna Rutkowska's legendary talk on subverting hypervisor security is one for the history books. ![]() One can trace a direct line from provocations like Back Orifice to the famous 2002 Bill Gates memo on trustworthy computing, when the then-CEO of Microsoft laid out security as job #1 going forward for Microsoft. Their motive? To force Microsoft to acknowledge the rampant insecurities in their operating systems. Back Orifice was a malware proof of concept designed to backdoor enterprise Windows 2000 systems. The New Zealander was living in San Francisco when he died of a drug overdose, sparking conspiracy theories among some in the hacker community.Ĭult of the Dead Cow has been much in the news of late, and their Back Orifice talk at DEF CON in 1999 was a classic-and one that's been getting renewed attention due to Joseph Menn's new book, " Cult of the Dead Cow," that traces the history of that hacking group. In the finest tradition of security research, Jack sought to provoke manufacturers to improve the security posture of their devices. The late, great hacker and showman made ATMs spit cash all over a stage in 2010 and will always be remembered for his exploits, and his untimely death just weeks before yet another blockbuster Vegas talk on medical device security. "With this talk Zoz aims to both inspire unmanned vehicle fans to think about robustness to adversarial and malicious scenarios, and to give the paranoid false hope of resisting the robot revolution," the talk description says, and the scary thing is not much has changed since he delivered his talk in 2013. While driverless vehicles hold the potential to reduce traffic fatalities-turns out humans are really bad drivers-they also introduce new, catastrophic risk that is less likely but far more severe in impact. Seems inevitable, right? But sometimes you need a proof of concept to drive the point home (pun intended), and security researcher Zoz did just that at DEF CON 21 with his talk " Hacking driverless vehicles". Who cares if your enterprise is compliant if a random dude in a janitor's uniform comes in and pulls the plug on your business? Street bluntly lays out the secure sites he's talked his way into, what he could have done, and hammers home the need for defense in depth against social engineering attacks. Street's famous DEF CON 19 talk on social engineering, and how he is able to walk into anywhere and could " steal everything, kill everybody" if he wanted to is a perennial favorite talk even all these years later. The remote, wireless attack, however, made everyone sit up and take notice. Their previous research had focused on an attack that required physical access to the targeted vehicle, results that auto manufacturers pooh-poohed. ![]() Who can forget 0xcharlie's hack of a Jeep-with WIRED reporter Andy Greenberg inside? Security researchers Charlie Miller and Chris Valasek presented their findings at Black Hat 2015, and showed how they remotely hacked a jeep and took control of the vehicle, including the transmission, accelerator and brakes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |