Discover and read the best of Twitter Threads about #defcon

Most recents (18)

Wow. #Orwellian #Doublespeak Below @KathyBoockvar claims to be part of a bipartisan effort to improve #ElectionSecurity. Yesterday she released a report re-certifying the #ExpressVoteXL through a secret review that was not open to the public. freespeechforpeople.org/wp-content/upl…
3 good government groups made a joint statement about what a charade this #security review of the #ExpressVoteXL was freespeechforpeople.org/election-secur…
“It is disappointing that @KathyBoockvar decided not to be fully transparent” said @kskoglund Chief Technologist of Citizens for Better Elections. “Every petition for reexamination since 1980 has included a demonstration where the public and petitioners were invited."
Read 10 tweets
Thread 1. !CTA! Tues 8/20 8:30 PM EST Unique Opportunity - call w/ Senator @RonWyden & @HarriHursti To get $600M dollars in #ElectionSecurity funding for cash-strapped states. Sign up for call here: zoom.us/webinar/regist… @StandUpAmerica @secureourvotes @LetNYvote @commoncauseny
2. Read my op-ed @thehill about what I experienced at #DEFCON & the very real dangers we are facing right now in achieving an accurate vote count. thehill.com/opinion/techno… @VerifiedVoting @NEDCDefense @D3P @BrennanCenter @dailykos
3. !CTA! 9/17 there will be a nation-wide action to push for the $600M in #ElectionSecurity funding. Call tonight is to plan for this. Sign up: zoom.us/webinar/regist… Host an event. @StandUpAmerica @peoplefor @emilyslist @LetNYvote @NYDLC @representus @VerifiedVoting
Read 17 tweets
The #DEFCON Voting Machine Hacking Village is critically important to US election security. But I personally believe that the Village should not be advertising and promoting goods or services for personal gain.
Many people have shared similar concerns with me. I say this after searching the twitter feeds of many other villages at #DEFCON to understand if this is a normal activity. It does not appear to be so.
I believe this is a bad example to set for an organization so important. To be clear, if they were raising money for the village itself, I personally think that would be different. Buying machines off eBay ain’t cheap. I know.
Read 6 tweets
Yet another highly regarded election-expert expresses concern about new voting systems (Ballot Marking Devices) that put votes into barcodes (or QR codes).

Hursti is an internationally renowned computer scientist & co-organizer of the #defcon hacking conference. #gapol 1/
3/ More from Hursti about Ballot Marking Devices (BMDs).
Read 3 tweets
.@GaSecofState rejected unhackable HAND MARKED paper ballots in favor of hackable MACHINE MARKED “summary cards” (which NASEM advises against) that put votes into QR codes. The QR codes are the only part counted as your vote. @AJC is misleading the public with biased coverage. 1/
2/ I have written to @AJC in the past about its propensity for spreading propaganda on behalf of @GASecofState. But they have no shame. Thread.
3/ One of the new @AJC pieces was written by David Becker who has helped election officials spread the LIE (debunked by cybersecurity journalist @kimzetter and others) that voting machines don’t connect to the internet.
Read 17 tweets
[THREAD sorry]

So @smealum's #defcon #buttplug talk is done.

Piecing together what I can from slides posted to Twitter since going to Defcon would requires leaving the house.

AFAIK, our software is not affected by this specific exploit chain.

Info and some thoughts follow.
I will warn that this thread will be painfully technical.

If you're following me for intimate UI/UX contexts and don't wanna see a bunch of talk about OS API models and firmware and what not, feel free to mute this thread, I'll tag everything from here out with #meltbutt too.
So, to begin, an explanation of what's up:

@smealum presented today at @defcon 27, outlining a multi-exploit chain for Lovense toys, mostly between the Lovense electron app and their USB key, partially having to do w/ the firmware for the Nordic chip on the USB key.

#meltbutt
Read 50 tweets
1 hour left! My talk « History if the worst #Android app ever: mAadhaar » is at 10am at the @AppSecVillage of #Defcon!

I will talk about #India, #Aadhaar, #Android app, #Frida and #disclosure
Ofc I’ll share the link when I have it
Oops I tagged the wrong handle it’s @AppSec_Village
Read 3 tweets
A gorilla is on the dance floor 😁
His friend the dinosaur is dancing too
Read 6 tweets
This is odd. In the last hour, I did a series of election-security posts using the #DEFCON27 & #DEFCON hashtags. Based on RTs, they should pop up under a search under "top" and "most recent" for those hashtags. They did a few minutes ago, but now don't come up at all. Ideas?
Update: they now show up with a search of the #DEFCON hashtag, but not with a search of the #DEFCON27 hashtag.
Read 5 tweets
Bro, don't try to be smart. Do your homework first and I'll be happy to discuss with you... 😒
General comment: Don't let your political view change your judgement on technical details. You will say stupidity like this.

My research on mAadhaar is well documented and I will present everything at #Defcon. You will have the possibility to verify everything if you want
I broke all the versions of mAadhaar for the last 4 years. I know my subject 😀
Read 4 tweets
I want to drop something cool for #Defcon.

@ceo_uidai: do you get to sleep these last days 😘?
@ceo_uidai Hi @reliancejio, what's up? Can you cancel the vacation of your spokesperson?
@ceo_uidai @reliancejio It's gonna be epic
Read 3 tweets
In order to prepare my talk for the @AppSec_Village at #Defcon, I spent my night on the the official #Android app made by @UIDAI: mAadhaar.

Whatever the version of the app, you will get a "Technical Error" when you try to add a profile. 1/3
Few months ago, someone at the @UIDAI offices changed the APIs on the server side but forgot to update the mobile app. I decrypted the all thing and the "Technical Error" is in reality an "API ERROR" aka the mAadhaar don't know anymore how to discuss with the UIDAI's servers. 2/3
The quality of this app is a shame. Again, this shows how bad is the app and the mAadhaar team. This is ridiculous @UIDAI, fix your sh*t! 3/3
Read 3 tweets
#Defcon advice: Do whatever you want to do, there is a room for everyone.

This is what @Defcon and this community is: a bunch of very different people with the same passion, the same spirit.

We are also adults and security professionals, so be respectful too.
If you read Twitter, you can have a weird feeling about #Defcon. If you want to join, don’t be afraid and come. As said, we will make a place for you.
Personally, I’m going to the conferences and Defcon especially for the experience. I want to meet new people, know them, share our experiences. I will also select and attend some talks to expand my view on subjects I like.
Read 4 tweets
Ok so since #DEFCON is coming up, and there is a lot of talk about opsec, lets chat about what you can do today to up your opsec game BEFORE you go to DEFCON and thats maintainable AFTER you get home. 1/?
First lets talk phones, buy an iPhone. Unless you feel comfortable flashing some custom rom, like @GrapheneOS and maintaining it, just buy an iPhone. Regardless of how you feel about Apple, the privacy and security of their devices it top notch 2/?
When you buy a phone, DO NOT BUY USED. You don't want someone else's metadata associated with you. This should go without saying but pay cash for the phone as well. You're gonna need an iCloud account but we will get to that in a minute. 3/?
Read 15 tweets
OK, chores are done, errands are run, so here comes a thread about surviving #defcon (and looking fabulous while you do it.)
1) You're going to want to wear waterproof mascara, if you're wearing mascara at all. The heat/sweat will cause normal mascara to run, so waterproof is definitely your best bet.
2) Find a good setting spray to keep face makeup from melting. I really like Too Faced's 3-in-1 setting spray because it hydrates, primes, and sets well, but ymmv.
Read 46 tweets
Last view of the crime scene that was my invaded hotel room and violated space, courtesy of @CaesarsPalace who still have not told me anything, offered me anything (except to move my room - like that really would prevent their security team screaming at me again). My last #DEFCON
The reporting out of this event so far has noted "privacy" concerns. The fact of the matter is, a male's chief concern is privacy. Women's includes that, but our high order bit is that this policy designed to keep people safe from gun attacks *increases* our chance of assault.
Threat models change, & we as security professionals know that. October 1 changed the threat model for Vegas hotels. That in no way changed the threat models for women traveling alone. Only @CaesarsPalace security did that. They are sacrificing women's safety for gun inspections.
Read 19 tweets
I wonder if #DEFCON26 just leaves discoverable BlueTooth devices around in order to see how many people try to pair with them
Hi Marvin. #DEFCON26
(Explanation: this guy trust transmits a zillion random WiFi "beacons" pretending to be an access-point, in order to overflow monitor products like this with data)
At #DEFCON26, this other guy is doing a brute-force attempt at broadcasting a zillion access-point names, hoping that your phone/laptop is automatically configured to connect to them.
Read 4 tweets
I've been getting a lot of questions from women (and some men!) who are going to defcon for the first time this year. First off, congratulations! It's a really great environment to learn and make friends! Since I've been answering the same qs for many, here's a thread of tips:
I'm heading to #defcon @defcon and @DianaInitiative only this year because I'm finalizing a keynote and working on a super secret thing for Saturday. I don't have the capacity to also go to #BlackHat2018 and #BSidesLV so will sadly be missing those :(
With that said though, @BSidesLV is one of my favs and I've never been to Black hat. I've been to #defcon for 10 years straight. Even missed family reunions to go!
Read 23 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!