http://www.darkreading.com/risk-management/167901115/security/vulnerabilities/240003810/at-t-to-sponsor-zero-day-contest-for-kids.html By Kelly Jackson Higgins Dark Reading July 16, 2012 AT&T has joined forces with an 11-year-old hacker -- that's right, 11 -- and DefCon Kids in sponsoring a hacking contest during the second annual conference that runs in conjunction with the adult DefCon later this month in Las Vegas. Whoever finds the most zero-day bugs in mobile apps wins an iPad and $1,000, courtesy of DefCon Kids. Inspiration for the competition came out of a new class of mobile vulnerabilities that the young hacker, who goes by "CyFi," reported last year to AT&T. After getting bored with her progress in one of her favorite mobile app games, CyFi discovered a so-called "time-travel" flaw in her mobile gaming app that let her move time ahead on the device so she could further progress in the game. That meant she didn't have to wait for things to happen in the game, for example. These bugs affect any app on any mobile tablet and smartphone operating system platform. AT&T helped CyFi notify all of the affected mobile app developers last year, but only a few have actually fixed the bug. DefCon Kids plans to run the hacking contest until most of the app developers finally fix the problem, which could be for some time given that most mobile app developers are not yet security-savvy. The first-place winner gets a new iPad and $1,000, and during the conference CyFi will name the apps that still contain the vulnerability -- details she has kept under wraps until now. DefCon Kids, which launched last year for kids to learn about white-hat hacking during the grown-ups' DefCon conference, is featuring some big-name speakers again this year. Among its headliners are science-fiction author Cory Doctorow, hardware hacker (and DefCon badge creator) Joe Grand, Electronic Frontier Foundation lawyer Marcia Hoffman, and Wired editor-in-chief Chris Anderson. Aside from AT&T, other partners in the July 27 to 29 event at the Rio Hotel & Casino include the National Security Agency (NSA), the Defense Department, AllClear ID, HacKid, Max Kelly, and the EFF. [...] -- Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online. Come to a free class and see how good and fun the program really is. http://www.expandingsecurity.com/PainPillReceived on Tue Jul 17 2012 - 03:23:51 PDT
This archive was generated by hypermail 2.2.0 : Tue Jul 17 2012 - 04:03:52 PDT