What happens in Vegas: Black Hat and Def Con in pictures

LAS VEGAS— Sin City has the greatest density of surveillance cameras per square mile anywhere outside the Pentagon, and that fact makes Vegas an appropriate host for both Black Hat and Def Con, the yin and yang of information security conferences. The two have become the anchors for a collection of security events here every summer (including BsidesLV  and PasswordsCon) that results in a week-long festival of infosec overload so scary, it's now even more frightening to use hotel Wi-Fi.

While Jeff Moss, aka "TheDarkTangent," is the founder of both Black Hat and Def Con, the two events have continued to diverge. This year, however, they carried a very similar message: security has reached a critical point, and the people gathered at both events have never been more relevant to society as a whole, for better or worse. "This is our moment right now," Moss said during the introduction of his Black Hat keynote. "When was the last time we were this relevant and this in demand? I would say during the dot com (boom)... but if you think about it, all you needed was green hair to get a job back then."

Moss challenged attendees at Black Hat to do something real in the coming year. "I have the sense that we don't have unlimited time," he warned. "If we're going to make some moves, we're going to have to make them soon." The message at Def Con was similar—a call to action in a world where state actors and other maleficent forces are taking advantage of an ever-growing number of vulnerabilities in systems ranging from mobile applications to "Internet of Things" devices. The looming threat of surveillance makes it increasingly difficult to live a private life.

Read 1 remaining paragraphs | Comments

Meet WordHound, the tool that puts a personal touch on password cracking

Dan Goodin, Ars Technica

In the vexing pursuit of passwords that are both easy to remember and hard to crack, many people embed clues into their login credentials, choosing for instance, "playstationplaystationdec2014" to safeguard a recently created gaming account or "[email protected] w0rk!" for an IT administrative account at a financial services company. Now, a whitehat hacker is capitalizing on the habit with a tool that automates the process of launching highly targeted cracking attacks.

Dubbed WordHound, the freely available tool scours press releases, white papers, and Twitter accounts belonging to companies or sites that have recently suffered security breaches. The software then generates a list of commonly found words or phrases that attackers can use when trying to convert cryptographic hashes from compromised password databases into the corresponding plaintext passcodes. The tool, devised by security consultant Matthew Marx, was unveiled Wednesday at Passwords 14 conference in Las Vegas.

"People are influenced greatly by their environment when choosing a password," Marx, who works for consultancy MWR Info Security, told Ars. "It could be a work environment, their personal life, or the sport teams they like. I wanted to create a tool that leveraged this human vulnerability."

Read 8 remaining paragraphs | Comments