Outstanding news via DARPA's Outreach Coordinator, detailing the upcoming DARPA SDR Hackfest. The key acronym here is SDR, which represents Software Defined Radio. DARPA has published a Special Notice (DARPA-SN-17-40) on FBO.gov with information about the workshop/hackfest along with registration information. Enjoy
"Throughout May — as a buildup to a final event in November, the DARPA Bay Area Hackfest — Rondeau will continue his roadshow, which will include hyperlocal visits to small hacker and maker spaces as well as high-profile keynote addresses to the SDR community. On May 9, 10, 11, and 12, respectively, he will visit maker and hacker spaces in Niwot, Colorado; Vista, California; Austin, Texas; and Santa Clara, California." - via DARPA
"To exploit the vulnerability, a criminal would need to pose as the control server, which is possible via ARP spoofing, or by simply connecting the ATM to a criminal-controlled network connection," said Georgy Zaytsev, a researcher with Positive Technologies. "During the process of generating the public key for traffic encryption, the rogue server can cause a buffer overflow on the ATM due to failure on the client side to limit the length of response parameters and send a command for remote code execution." - via John Leyden, at El Reg
Andrei Robachevsky, a Technology Program Manager at The Internet Society (ISOC), writes of a contemplated security engineering initiative targeting security flaws in the Internet of Things environ. Today's Must Read.
"Unfortunately, as is often the case with fast-pace developments, security of IoT components and the system as a whole is lagging. Price and functionality features take higher priority. We need to make security and privacy the most important features. Never before has the virtual world penetrated so deep into our physical lives, and if the gap isn't shortened there is a high risk of long-term damage to user confidence in the IoT." - Andrei Robachevsky, Technology Program Manager at The Internet Society (ISOC)
via Charlie Demerjian, writing at SemiAccurate, tells the tale of probably the single most egregious flaw in Intel Corporation (Nasdaq: INTC) products discovered to date. Reportedly, all Intel Corporation products, from 2008 till the present (Nehalem to Kabylake) possess the remote and local exploitable flaw. Hat Tip Update: Now Fixed.
Meanwhile, in troubling IoT news, a paper (published by the IACR) entitled "IoT Goes Nuclear: Creating a ZigBee Chain Reaction" & authored by Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten (a Weizmann MSc student); we find - perhaps - the ultimate ZigBee nightmare... Today's Must Read (and while your're at it, check out the video to round out your day). Thanks and Tip O' The Hat