Presenter: @Acexor 

Will be presenting on flashing wifi routers, using DD-WRT and attacking wifi networks.

FaceBOT

Online social networking has redefined the way we communicate on the modern world. A social network allows people to exchange information in a global fashion virtually without boundaries. Businesses, media, celebrities and people of interest use it as a platform to deliver information to the masses. In addition social networks are a place where people share information with others that sometimes can be profiled as “personal identifiable information”. Malicious users can then use social networks as a vehicle to perform malicious activities such as: harvest personal identifiable information from a targeted subset of users, distribution of malware, control other bots from a botnet and online surveillance.

Usually the malicious actor starts by performing an infiltration stage using accounts created by the malicious actor. Using this accounts the malicious actor aims to connect with a large number of users in the social network that is to be targeted in order to perform malicious activities. In this talk  I will present how social network circles can be infiltrated using facebots, these are software programs that control social network accounts In order to mimic the actions of real users. 

Presenter: @PuN1sh_3r

HackmiamiCon 2013 Recap

What went great, what can be done better and suggestions for next year.

Plante Linux Caffe

1 PM

1430 Ponce De Leon Blvd

Coral Gables, FL

From NewYorker.com | May 15, 2013 | by Amy Davidson

“This morning, The New Yorker launched Strongbox, an online place where people can send documents and messages to the magazine, and we, in turn, can offer them a reasonable amount of anonymity. It was put together by Aaron Swartz, who died in January, and Kevin Poulsen. Kevin explains some of the background in his own post, including Swartz’s role and his survivors’ feelings about the project. (They approve, something that was important for us here to know.) The underlying code, given the name DeadDrop, will be open-source, and we are very glad to be the first to bring it out into the world, fully implemented.”

Read the full article Here>>

Source: NewYorker.com |  by: Amy Davidson

Surviving Miami is a free, download-only musical compilation to be hosted on Rockkulture.com, featuring 30 of South’s Florida best and under-exposed original rock bands, set to be released during the weekend of May 17 and 18, to coincide with sponsor HackMiami’s annual Hack Miami conference at the Holiday Inn Oceanfront in Miami Beach (www.HackMiami.com). The compilation will be distributed via download card at the release event, which will feature an evening nights of 30 to 45 minute sets from Surviving Miami bands and will have instruments back-lined by the local band, the Deadly Blank, to allow the large number of bands performing to change over with ease. The attendance will be boosted by free admission for HackMiami conference attendees to the event, in addition to the general and social media promotion by the compilation sponsors and performing artists.

Although the actual lineup is subject to the availability of the individual artists, here is the current Surviving Miami band list:

Bajo Tregua
By default
The deadly blank
Radio clip
Soundcircles
Space between words
The super fuzz
Yt cracker

Current Sponsors: HackMiami, Radio-active Records, Headquarters, Rockkulture.com, Graceful Sounds FM, The Shack North Studios, Leti’s Liquors and Sector 8 Productions

Pre-conference Meeting

We will be getting ready for Hackmiami Hackers Conference 2013 on May 17-18-19. More details about parties, events and talks.

Encryption Party

We are going to have an encryption party, where encryption tools  will be demoed to assistants. Bring your computer if you would like to learn how to use these tools.

Former CIA Director George Tenet was a director of the company from 2006 to 2008 and former Pentagon spy chief Stephen Cambone heads a major division. Its U.K. parent was created as a spinoff of a government weapons laboratory that inspired Q’s lab in Ian Fleming’s James Bond thrillers, a connection QinetiQ (pronounced kin-EH-tic) still touts.

Former CIA Director George Tenet was a director of the company from 2006 to 2008 and former Pentagon spy chief Stephen Cambone heads a major division. Its U.K. parent was created as a spinoff of a government weapons laboratory that inspired Q’s lab in Ian Fleming’s James Bond thrillers, a connection QinetiQ (pronounced kin-EH-tic) still touts.

QinetiQ’s espionage expertise didn’t keep Chinese cyber- spies from outwitting the company. In a three-year operation, hackers linked to China’s military infiltrated QinetiQ’s computers and compromised most if not all of the company’s research. At one point, they logged into the company’s network by taking advantage of a security flaw identified months earlier and never fixed.

Read the entire article here>>

Source: Bloomberg Online | by: Michael Riley & Ben Elgin

It’s a detailed walkthrough of the Bugtraq 2 Final linux distro

A must watch for any CTF’er -

http://www.youtube.com/watch?v=hXxYDiGHu7Q

Although CISPA as a whole saw bipartisan support, one last-minute amendement that looked to curtail a worrisome practice by employers was shot down on party lines.

Colorado Democrat Ed Perlmutter attempted to tack on a provision to CISPA that would make it illegal for employers to require prospective employees to hand over their social media passwords as a condition of acquiring or keeping a job. Read the entire article>>

Source: WebProNews.com | by: Josh Wolford

Those findings come from a new report released Wednesday by DDoS mitigation service provider Prolexic Technologies, which saw across-the-board increases in DDoS attack metrics involving the company’s customers.

“Average packet-per-second rate and average bit rate spiked in the first quarter and both are growing at a fast clip,” said Prolexic president Stuart Scholly in a statement. “When you have average — not peak — rates in excess of 45 Gbps and 30 million packets per second, even the largest enterprises, carriers and, quite frankly, most mitigation providers, are going to face significant challenges.”

In the first three months of 2013, 77% of DDoS attacks targeted bandwidth capacity and routing infrastructure, while 23% were application-level attacks that didn’t overwhelm targeted networks through packet quantity, but rather by disrupting critical applications or processes running on a server. Read the entire article>>

Source: Information Week | by: Matthew Schwartz

The shortcomings of antivirus software are well known in the security industry, where the programs are typically considered an eminently fallible last line of defense.

When Google analyzed, for example, the performance of four antivirus engines in a recent research paper on new reputation-based techniques to stop malicious downloads, the company found that the best scanner caught at most 25 percent of malicious files from the Internet. Combining all four engines only resulted in 40 percent of the malicious files being detected. While the Internet giant did not name the providers of the software nor discuss the testing environment, the results are in line with other studies as well.   Read the entire article>>

Source: DarkReading.com | by Robert Lemos

The Federal Information Security Amendments Act of 2013 updates the Federal Information Security Management Act of 2002 and makes the director of the Office and Management and Budget responsible for overseeing the security of government information systems.

The bill also requires agencies to comply with computer security standards developed by the National Institute of Standards and Technology, and requires each agency to develop and implement security programs under the direction of its CIO. Furthermore, the legislation stipulates that senior federal managers be graded on IT security as part of their annual performance evaluations.

Source: FCW.com | by: Adam Mazmanian