Disposable mail @ DEF CON 2015 – 10 minute mail

Frans @fransrosen and Fredrik @almroot from the Disposable mail team visited the 23rd annual DEF CON Hacker Conference, as usual hosted in Vegas, in beginning of August. This year was the big eye opener for car hacking with the hacking of a Tesla Model S reaching the mainstream media. On the technical side researcher Fernando Arnaboldi presented some very interesting findings on XSLT and its implications. And of course the team also made sure to have some fun during the visit and will here reveal who threw this year’s best party.

Car hacking is the new black

Car hacking seems to be the new black at DEF CON this year. Even though car hacking did make some headlines back in 2010 and 2011, this was the year it really became the main topic.

DEF CON had organized its own car hacking village with the slogan “Drive it like you hacked it”. For example it was revealed that hackers had been able to hack two of america’s most commonly used cars: a 2010 Toyota Prius and a 2010 Ford Escape.

Further it was revealed that Marc Rogers and Kevin Mahaffey have been able to hack Tesla Model S so that they could unlock, start and stop the car. They did admit that it was “very hard” to hack the Model S, but apparently possible. Tesla was not late on responding to the hack announced that they double the maximum reward in their bug bounty program to $10,000 for anyone able to find severe vulnerabilities in the Model S. Both Tesla and the hackers were clear on mentioning that all known vulnerabilities now are patched.

It will be very interesting to follow the development of the car hacking scene and we can be pretty sure that we haven’t seen anything yet.

Best technical research – XSLT for practical attacks & Abusing Adobe Reader’s JavaScript APIs

Fernando Arnaboldi (IOActive) presented interesting security research on XSLT, ranging all from information disclosure to arbitrary file access by the means of providing XML documents together with XSL.

The findings presented have implications for all major web browsers (Safari, Opera, Chrome, Internet Explorer and Firefox), as well a range of popular programming languages (Python, perl, PHP, Java, JavaScript, .NET and C++).

Another interesting research was presented by Brian Gorenc, Abdul-Aziz Hariri & Jasiel Spelman (HP’s Zero Day Initiative) on how the JavaScript API’s work in Adobe Reader. By abusing logical flaws they managed to get remote code execution.

Who threw the best party?

Last but not least, as maybe the most prestigious award, the Disposable mail team names “The best party of DEF CON 2015”. As it should, in Vegas, the focus easily slips to the party scene and the competition is fierce among the companies on who can throw the best party. Based on our thorough research from our team, here are the three honorable mentions that made it to the final.

  • IOActive pool party, almost the unofficial DEF CON party, was hosted at the Bally’s hotel. The event was massive and in great spirit even though the beer was not for free.
  • BSides checked its party in at the Tuscany hotel. The event was a classic pool party highlighted with cupcakes, open bar and a great crowd.
  • Facebook hosted its venue at the Surrender nightclub at the Wynn hotel. They flew in the DJs Flosstradamus, served cupcakes (seemed to be a trend this year) and of course had an open bar all night long.

As mentioned there was some stiff competition this year and after some hard discussion the team agreed that Facebook did throw the best party, with BSides as the runner up.

To summarize, DEF CON 2015 had a little bit of everything. We at Disposable mail are very thankful for its existence and how the conference manages to shed some light on the real hacker community and, of course, throw a lot of great parties.

Below you can see some pictures from our team’s experience at DEF CON 2015, see you again next year Vegas!

Defcon Facebook party

Cobalt playing cards

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail on tour – meet us at the following events and meetups! – 10 minute mail

Disposable mail is attending/partnering with some of the biggest international tech and security conferences this fall. If you want to schedule a meeting with us in advance, or want to get a hold of us at any of the events, just drop us a note at hello[at]detectify.com or reach us on Twitter.
Slush

Photo: Sami Heiskanen (Slush 2014)

Here is the list of events that Disposable mail will participate in. We can’t wait to meet you!

Web Tech Conference 

Disposable mail’s very own security researcher and knowledge advisor Frans Rosén will be presenting at Web Tech Conference in Münich amongst speakers like Ilia Alshanetsky, CTO at Centah Inc. and polyglot developer Armagan Amcalar. Don’t miss Frans’ talk aboutCommon Pitfalls in PHP – The State of PHP Security on October 26, and stop by Disposable mail’s booth in the exhibition area to find out more about our work and what we are up to!

Time and date: Monday, October 26, 2015 – 2:15pm to 3:15pm
Location: Münich, Germany
Twitter: @WebTechCon

Disposable mail and Server Density’s SaaS Security Webinar

Don’t miss Disposable mail and Server Density’s SaaS Security Hangout October 29 – featuring Disposable mail’s knowledge advisor Frans Rosén, CIO Johan Norrman and Server Density CEO David Mytton. There will be plenty of war stories, tried and tested practices, and ample time for questions.

Time and date: October 29, 6:00 PM GMT+1
Location: Google Hangout (sign up now!) 

Web Summit

Web Summit is the largest tech conference in Europe with its 30 000 attendees. Are you attending? If so, make sure to stop by Disposable mail’s stand to say hello and pick up some awesome stickers! Meet Detecitfy and other handpicked Swedish startups in the main hall exhibition area November 3rd (co-branded Talk to Sweden by Business Sweden).

Time and date: Nov 3-5, 2015
Location: Dublin, Ireland
Twitter: @WebSummitHQ 

Internetdagarna (‘The Internet Days’)

The Internet Days is one of Sweden’s most important meeting places for individuals who work with the internet in various ways. Disposable mail’s Frans Rosén will be be speaking on the topic of trusting cloud service providers on Nov 23rd.

Time and date: November 23-24th, 2015, at 3.30 pm
Location: Stockholm, Sweden
Twitter: @internetdagarna 

Slush

Slush is one of the leading startup events in the world. This year thousands of attendees, startups and investors will gather to network, innovate and listen to speakers like Caterina Fake, Co-founder of Flickr & Hunch, Chairman of Etsy.com and Niklas Zennström, Co-founder of Skype & Atomico. And what’s more: Disposable mail’s CEO and Co-founder Rickard Carlsson is invited to participate in a fire side chat on November 12.

Time and date: Thursday November 12th, on Cybersecurity session at Black Stage starting at 9:30
Location: Helsinki, Finland
Twitter: @SlushHQ

Säkerhetsdagen (‘Security Day’)

Säkerhetsdagen (‘Security day’), hosted by Computer Sweden (a part of IDG Sweden), is the must-attend event for security experts in Sweden. Disposable mail’s knowledge advisor Frans Rosén is one of the keynote speakers – don’t miss the opportunity to hear his presentation ‘Inside the head of a whitehat hacker’.

Time and date: February 24, 2016
Location: Stockholm, Sweden

In case you can’t make it to any of the listed events, you’ll still be able to follow our adventures through Twitter, Facebook and the Disposable mail blog. And stay tuned – we are continuously adding more events, meetups and conferences to the Disposable mail roadshow!


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Top 3 takeaways from CIO Trend 2016 – 10 minute mail

In an ever changing world, nothing has a faster pace than IT, and the person in the lead of this change is the CIO. The challenges of the evolving CIO role was one of the many topics that were discussed at CIO Trend 2016, hosted by IDG Sweden, where about 80 CIOs, IT-managers and Heads of IT gathered for knowledge exchange and networking. The agenda featured several industry experts and a Startup Panel, where Disposable mail was one of three invited startups to hold a 5 minute pitch for the audience.

These are three of the conclusions I brought back home with me.

Long term plans and short term actions

One of the recurring topics of the day was how to manage teams during today’s transformation. A lot of us are used to working with roadmaps and product visions, but the demand for moving to a more fast paced and agile environment is only getting higher and higher. Johan Hallberg, a researcher at IDC, referred to this as “Managing teams in 3D”.

Analysts claim that 9 out of 10 companies that are rated top 1 within their respective fields today will be replaced by companies established after 2000. One of the key ways to not be surpassed by new startups is to manage to navigate in the mist, and find a way to make decisions that follow both your long term and your short term agenda.

Automation

Everything that can be automated will be automated, and we are already seeing the effects in the IT sector: smaller manual hosting companies are being pushed aside by automated services like AWS and Azure. Developer teams are taking over ops-responsibilities where Devops and Noops are being implemented. More and more services are being automated and only act and inform on demand.

But automation is not only coming to IT. So-called Lights out factories, where robots are in charge of the entire production chain, are becoming incessantly popular. Fully automated factories that can receive an order, reprogram themselves and automatically start the production are here to stay.

Security is an all growing priority

It doesn’t matter if we look at what’s trending, what the biggest challenge is or what the CIOs’ plan is to invest in; security will be in the top 3. The need for a holistic view covering IT-security has grown with more than 25% since last year according to the latest CIO report from IDG Sweden.

Within today’s IT infrastructure, when more and more data is being migrated to the cloud, the demand to know who has access to what data is an ongoing struggle. Services like Identity as a service (IDaaS) are being accepted.

I know I said three, but to wrap it up I am going to give you a fourth – it’s no longer technology but rather the services that drive which solutions to choose whether it comes to planning, automation or security.


Author: 

johan norrman

Johan Norrman, CIO, Disposable mail
Twitter: @johannorrman

 


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Inside the head of a white hat hacker – 10 minute mail

Yesterday, Disposable mail’s Knowledge Advisor Frans Rosén gave an inspiring talk about white hat hacking and web security at Computer Sweden’s event Säkerhetsdagen 2016 in Stockholm. His four recommendations to the audience were

1)Set up a security contact for your company as soon as possible

2) Establish a Responsible Disclosure Policy

3) Work with bug bounties, rewards and feedback to the security researchers that report security issues

4) Automation is a must when it comes to security

Watch his presentation here (in Swedish):

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.