Cyber Security Briefing: Child's play at DEF CON
Hacking electoral websites is so easy that even children can do it.
Next week’s annual anarchic DEF CON security conference in Las Vegas will challenge kids aged from eight to 16 to hack into replicas of websites which publish American election results.
The Democratic National Committee came up with the idea for the competition at DEF CON’s Vote Hacking Village, which will award $2,500 in prize money.
"It's just so easy to hack these websites we thought the grown-up hackers in the Vote Hacking Village wouldn't find it interesting," Jake Braun, co-founder of Vote Hacking Village and executive director of the University of Chicago Cyber Policy Initiative, told The Register.
"When I was discussing it with a colleague, they noted 'it would be child's play' and I said 'good f***ing point!' and started planning the event with the Capture the Packet crew and the r00tz Asylum group."
UK’s Huawei security concerns revealed
The UK’s security concerns over Chinese smartphone manufacturer Huawei stem from ageing software provided by an American company.
Last month a government report found technical and supply chain “shortcomings” which could expose the country’s telecoms networks as Huawei equipment is used by the likes of BT and Vodafone.
Sources told Reuters that the concern is over Huawei’s use of the VxWorks operating system, made by California firm Wind River Systems, which will stop receiving security patches and updates in 2020 and could therefore be left open to hacking or surveillance.
In the past authorities in both the US and Australia have said Huawei’s products can be used to facilitate Chinese espionage operations, which the firm has repeatedly denied.
Will Apple's new Phone be delayed by cyber-attack?
The new iPhone could be delayed after chipmaker Taiwan Semiconductor Co was hit by a huge cyber-attack.
TSMC, which also supplies chips to other smartphone makers, said it was still recovering from the virus.
It warned that the attack was likely to raise costs and delay shipments, with the new iPhone scheduled to be released next month.
Reddit suffers major ‘security breach’
Users of ‘front page of the internet’ Reddit may have had their personal data exposed.
Crooks stole data including usernames, email addresses and hashed passwords for the site, which places a high value upon the anonymity of its users.
They also seized all public and private posts from between the site’s launch in 2005 and May 2007.
“Whether or not Reddit prompts you to change your password, think about whether you still use the password you used on Reddit 11 years ago on any other sites today,” the company stated.
“If your email address was affected, think about whether there’s anything on your Reddit account that you wouldn’t want to be associated back to that address.”
Reddit said it has contacted everyone who may have been affected by the ‘security incident’.
Passwords no longer 'a necessary evil'
The first step for cyber security no longer has to be the password.
The superbly-named Secret Double Octopus is pioneering password-free, keyless authentication technology which allows users to gain access to systems through their mobiles.
We spoke to Amit Rahav, VP of marketing and business development, to find out more.