Tag Archive for: Skill’

The SANS 2022 Holiday Hack Challenge, The Year’s Most Awaited Cybersecurity Tradition, Opens to Players of All Skill Levels

/in


Protect the North Pole from Threats and Earn Your Place on Santa’s Nice List – Then Join Santa at KringleCon, a Virtual Conference featuring Cybersecurity Experts

BETHESDA, Md., Dec. 8, 2022 /PRNewswire/ — The SANS Institute (SANS) has officially opened its 21st annual Holiday Hack Challenge! Participants can join Santa to save the holiday season from treachery by recovering five precious rings, each ring representing a different quest to defeat cybersecurity obstacles and change the course of the future. This free, hands-on cybersecurity challenge is open to all skill levels and ages, where players will have their skills tested by a holiday supervillain with the potential to win prizes ranging from cybersecurity goodies to the grand prize of a free SANS online training course.

John the SANS 2022 Holiday Hack Challenge

SANS 2022 Holiday Hack Challenge, The Year’s Most Awaited Cybersecurity Tradition, Opens to Players of All Skill Levels

“We are thrilled to present another year of the SANS Holiday Hack Challenge,” said Ed Skoudis, President of the SANS Technology Institute college and SANS Chief Holiday Officer. “We’ve been saving the holidays with the cybersecurity community since 2002, and this year, we hope even more players will join the fight in this playful way to advance critical skills and cyber capabilities across the globe.”

More than 17,000 players participated in 2021, and this year’s Holiday Hack Challenge is expected to reach even more cybersecurity professionals and students. The collaborative virtual game allows players to create customized avatars and join up with teammates, friends, and players worldwide in this one-of-a-kind shared virtual experience to explore the North Pole while advancing their cybersecurity skills across cloud security, forensics, offensive and defensive security, and more.

“Our cybersecurity elves narrowly saved the season last year, protecting Santa and the North Pole from danger, and we all thought the holidays would be safe for years to come,” said Mr. Skoudis. “We have discovered that evil still lurks across the icy terrain, so we must call on our cybersecurity community, from elementary students to seasoned professionals, to join us in this mission to save the…

Source…

Researchers show Alexa “skill squatting” could hijack voice commands

/in
Article intro image

Enlarge (credit: Amazon)

The success of Internet of Things devices such as Amazon’s Echo and Google Home have created an opportunity for developers to build voice-activated applications that connect ever deeper—into customers’ homes and personal lives. And—according to research by a team from the University of Illinois at Urbana-Champaign (UIUC)—the potential to exploit some of the idiosyncrasies of voice-recognition machine-learning systems for malicious purposes has grown as well.

Called “skill squatting,” the attack method (described in a paper presented at USENIX Security Symposium in Baltimore this month) is currently limited to the Amazon Alexa platform—but it reveals a weakness that other voice platforms will have to resolve as they widen support for third-party applications. Ars met with the UIUC team (which is comprised of Deepak Kumar, Riccardo Paccagnella, Paul Murley, Eric Hennenfent, Joshua Mason, Assistant Professor Adam Bates, and Professor Michael Bailey) at USENIX Security. We talked about their research and the potential for other threats posed by voice-based input to information systems.

Its master’s voice

There have been a number of recent demonstrations of attacks that leverage voice interfaces. In March, researchers showed that, even when Windows 10 is locked, the Cortana “assistant” responds to voice commands—including opening websites. And voice-recognition-enabled IoT devices have been demonstrated to be vulnerable to commands from radio or television ads, YouTube videos, and small children.

Read 12 remaining paragraphs | Comments

Biz & IT – Ars Technica

Vulnerabilities in industrial gas detectors require little skill to exploit

/in

Gas detectors used in factories and other industrial settings to identify toxic conditions contain several vulnerabilities that can allow hackers to remotely sabotage the devices, according to an industry advisory published late last week.

The vulnerabilities in the Midas and Midas Black gas detectors manufactured by Honeywell can be exploited by hackers with a low skill level, according to the advisory, which was published Thursday by the Industrial Control System Cyber Emergency Response Team. The first weaknesses is a “path traversal” weakness, which allows remote attackers to bypass the normal authentication system. A second one results in the failure to encrypt user passwords when they’re being transmitted.

“Successful exploitation of these vulnerabilities could allow a remote attacker to gain unauthenticated access to the device, potentially allowing configuration changes, as well as the initiation of calibration or test processes,” the advisory warned. The notice went on to advise organizations that rely on on the detectors to install versions 1.13b3 or 2.13b3, which patch against the vulnerabilities. The advisory pointed to this link from Honeywell.

Read 1 remaining paragraphs | Comments

Ars Technica » Technology Lab

If my team has low skill, should I reduce the difficulty-level of my code?

/in

Stack Exchange

This Q&A is part of a weekly series of posts highlighting common questions encountered by technophiles and answered by users at Stack Exchange, a free, community-powered network of 100+ Q&A sites.

Florian Margaine asked:

There is a common snippet in JS to get a default value:

Read 40 remaining paragraphs | Comments


    




Ars Technica » Technology Lab