Top 10 Stories

After the 2013 Def Con event saw blatant  anger directed at the feds, the 2014 conference saw the relationship between organisers and the feds enter a cooling off period. Speaking to Venture Beat, the feds were in attendance according to Def Con founder Jeff Moss, but panels led by NSA and FBI  representatives with nametags trumpeting their organizations and eager to hire those wanting to change the world are gone. He said that feds failed...

Advice was given on how to spot and reject surveillance methods at the Def Con conference. Phil Polstra, associate professor of digital forensics at Bloomsburg University of Pennsylvania, said that many of the small, hidden cameras on the market these days have infrared lights around their lenses,  Polstra said. That light, invisible to the human eye, allows the cameras to keep up the surveillance even in the dark, without getting noticed. However that light can...

Russians will be required to hand over their passport-validated phone numbers to access public wireless networks under new laws. According to The Register, laws banning the use of public wireless networks will require citizens to provide their mobile phone numbers to receive log in details for all public wireless networks. Some Russian pollies attempted to hose down the impact of the law issuing contradictory statements that public wifi operators would be required to sign up...

The privacy-focused Blackphone was rooted in just five minutes in a challenge at the weekend's conference Def Con.   According to Crackberry, one user managed to gain  root access  and enable ADB on the device without the need to even  unlock the bootloader. The exploit was partially patched after, and was not exploitable without user intent, that's going to be a problem for the company who has been selling Blackphone as a 'secure' Android offering ...

A security talent pool has been overly focused on protecting “highly replaceable credit card data”, while little is done to address threats to life and limb from the connected devices being placed in homes, hospitals and human bodies, often with no security at all.   “We’re trying to get to a point where the people designing, building and deploying digital infrastructure are more conscientious about the impact on human life,” says Joshua Corman, and reported...

The US Department of Defense approved BlackBerry's Secure Work Space for iOS and Android.   According to IT Pro Portal, BlackBerry’s Secure Work Space acts as an encrypted container for mobile devices and inside this there are a number of native applications that include email, calendar, tasks, secure browsing, memos, and document editing. Every one of these can be locked down at the drop of a hat without having an affect on the other applications...

Despite being nominated for four gongs, Heartbleed only won one Pwnie award for being the Best Server-Side Bug.   Neil Mehta, the Google security researcher who is credited with discovering the flaw, was in the audience and came up to receive his award. Security firm Codenomicon is also credited with independently discovering Heartbleed at the same time.   The other big award at the Pwnies is for Epic Ownage. It's a category won by National Security Agency...

Scanners used by many airports in the United States are riddled with security flaws.   According to security researcher Billy Rios from Qualys, both are used by the Transportation and Security Agency, and TSA accepted the Itemiser 3 was accepted into its testing lab, but it was never qualified for use in the field, according to Infosecurity.   Rios found about 6000 Kronos time clock systems on the internet, but only two belonged to airports....

Google will boost the search rankings of websites that always use secure encrypted connections to transmit pages and exchange data.   According to The Register, the change is designed to promote improved online security in particular by encouraging developers to implement SSL/TLS (Transport Layer Security) to encrypt website traffic.   Google webmaster trends analysts Zineb Ait Bahajji and Gary Illyes explained in a blog post that whether or not a site is secure by default will only...

Hold Security is cashing in on the 1.2 billion collection of stolen credentials, by charging users $200 a month to be off the list.   According to Graham Cluley, while Hold Security did well to secure such a high profile piece in the New York Times, it transpired that Hold Security was blatantly using its discovery of a mountain of stolen credentials as a brazen sales pitch for its new breach notification service. For as...