[ISN] AT&T To Sponsor Zero-Day Contest For Kids

From: InfoSec News <alerts_at_private>
Date: Tue, 17 Jul 2012 05:23:51 -0500 (CDT)
http://www.darkreading.com/risk-management/167901115/security/vulnerabilities/240003810/at-t-to-sponsor-zero-day-contest-for-kids.html

By Kelly Jackson Higgins
Dark Reading
July 16, 2012

AT&T has joined forces with an 11-year-old hacker -- that's right, 11 -- 
and DefCon Kids in sponsoring a hacking contest during the second annual 
conference that runs in conjunction with the adult DefCon later this 
month in Las Vegas. Whoever finds the most zero-day bugs in mobile apps 
wins an iPad and $1,000, courtesy of DefCon Kids.

Inspiration for the competition came out of a new class of mobile 
vulnerabilities that the young hacker, who goes by "CyFi," reported last 
year to AT&T. After getting bored with her progress in one of her 
favorite mobile app games, CyFi discovered a so-called "time-travel" 
flaw in her mobile gaming app that let her move time ahead on the device 
so she could further progress in the game. That meant she didn't have to 
wait for things to happen in the game, for example. These bugs affect 
any app on any mobile tablet and smartphone operating system platform.

AT&T helped CyFi notify all of the affected mobile app developers last 
year, but only a few have actually fixed the bug. DefCon Kids plans to 
run the hacking contest until most of the app developers finally fix the 
problem, which could be for some time given that most mobile app 
developers are not yet security-savvy. The first-place winner gets a new 
iPad and $1,000, and during the conference CyFi will name the apps that 
still contain the vulnerability -- details she has kept under wraps 
until now.

DefCon Kids, which launched last year for kids to learn about white-hat 
hacking during the grown-ups' DefCon conference, is featuring some 
big-name speakers again this year. Among its headliners are 
science-fiction author Cory Doctorow, hardware hacker (and DefCon badge 
creator) Joe Grand, Electronic Frontier Foundation lawyer Marcia 
Hoffman, and Wired editor-in-chief Chris Anderson. Aside from AT&T, 
other partners in the July 27 to 29 event at the Rio Hotel & Casino 
include the National Security Agency (NSA), the Defense Department, 
AllClear ID, HacKid, Max Kelly, and the EFF.

[...]


--
Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online.
Come to a free class and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill
Received on Tue Jul 17 2012 - 03:23:51 PDT

This archive was generated by hypermail 2.2.0 : Tue Jul 17 2012 - 04:03:52 PDT