Pwn2Own is an annual competition held at CanSacWest in Canada. Prizes are awarded to the hackers who can most quickly hack various operating systems and programs. This year a million dollars in prizes will be awarded, meaning it attracts the best hackers in the world. The money awarded is directly related to the difficulty in hacking the target. The most money goes to anyone who can hack an Apache web server.
The Russian hacking story is now all over the news, especially after the joint agency report about the hacking. Many security experts aren't basing their assessment on that report, and it was most likely misdirection for public consumption having nothing to do with the actual information. In the report, they listed about a hundred IP addresses that they believe were used by Russian government hackers. The problem with those IP addresses is that a lot of them are TOR exit nodes, which could have been used by anyone.
Leo says that the alleged hacking by the Russians in our election was a "bush league" spear phishing attack that allowed hackers to gain access to emails from the Democrat National Committee. Leo says we need to know more about it. It seems to Leo that this attack was more like North Korea hacking Sony.
In this election season, Leo says that touch screen voting machines are simply a bad idea. Technology can be a great thing, but not everything needs to be high tech. Voting machines need to be highly secure, must be constantly calibrated, and are ripe for hacking. Just because we can do it, doesn't mean we should, and voting machines are a great example of that. By keeping paper ballots, there's also a paper trail, so it's harder for someone to falsify them.
President Obama has ordered the CIA to develop a "proportional response" to the reported Russian hacking of the DNC which exposed emails about the Clinton campaign. But Leo says what could the CIA expose by hacking the Kremlin? Putin posts bare chested pictures of himself on Instagram? The man is embarrassed by nothing! And could such a response cause an escalation? Leo says that our utility infrastructure is vulnerable to hacking and such a cyber war could devolve into crippling our electrical grid ... or worse.
An obscure committee wants to grant the government with more hacking abilities. It comes from the advisory committee on criminal rules for the Judicial Conference of the United States. The amendment would update Rule 41 of the Federal Rules of Criminal Procedure.
Bob (aka Flob) has come across Kevin Mitnick's site called KnowBe4. Leo says that Kevin is an old friend and he's followed his life since being a hacker and being arrested. Leo had him on the show and he's reformed and created a business to train businesses and employees to not be victim's of hackers and social engineering. It's about time to get him back on the air.
A British teenager has hacked both the FBI and the Department of Homeland Security. Using the tried and true method of social engineering, the teen managed to hack into an email account of a DOJ employee and then used that information to call in and gain access. Then he published the names and addresses of FBI and Department of Homeland Security agents online. Though the teen has been arrested, he claims to have over 300GB of more data that he plans to publish online.
Elizabeth wants to undo whatever her nephew did to her PC after he came to visit. He's got mad computer skills and she caught him rummaging around her computer without her permission. Leo recommends backing up her data, formatting the hard drive and reinstalling Windows from a known good source. That way any modifications he's made will be wiped out.
Clyde heard about the Jeep that got hacked and worries that it could happen to his car since he connects his phone to the car with USB. Leo says that simply connecting the phone to the car stereo isn't sufficient for this. The Jeep hack involved using the car's built-in 3G access. The real flaw is that the entertainment unit of the car and the computer running the car (braking, ignition, etc), are not physically separated. They are connected in many cars through the CamBus, or internal car network.