Posted October 27, 2015
Is ApplePay vulnerable to an iHack?
MarketWatch.com - September 9th 2014
By Priya Anand
Criminals could also taint NFC tags, which are basically smart barcodes that can transfer information to another device, similar to QR codes. Users who scan them could be taken to a malicious URL that makes the phone do unintended things, like buy an app or make in-app purchases, and jailbroken iPhones face the risk of malware, says CEO of Aries Security Brian Markus. Aries sponsors a security awareness group called Wall of Sheep, which has studied NFC risks. People who leave bluetooth and Wi-Fi on by default already subject themselves to attacks from nearby hackers who intercept public networks. NFC transmissions are just “another coal on the fire,” Markus says.
Wall Of Sheep Hacker Group Exposes NFC's Risks At Def Con 2013
Forbes.com - Aug 8th 2013
By Michael Venables
I spoke directly with the awesome guys behind the Wall of Sheep hacker group, whose motto is, “Security Awareness For the Flock.” Their mission is that of the hacker. The good kind that is. It’s about showing the world what hacking does “outside the box” to liberate technology so it can perform outside the confines of it’s original purpose. We talked about the groundbreaking results of their NFC Security Awareness Project. Wall of Sheep showed me a demo of the NFC hack they have developed that exposes a major security risk for users of this smart technology. According to the Wall of Sheep security experts I spoke with at Def Con 2013, the “potential risk comes from someone with malicious intent creating or replacing an existing NFC tag with infected content. Malicious intent can vary from collecting unauthorized information about the device to changing the device settings to delivering malicious software to the device for remote access.”
Def Con, Day Two: Def Con Is for Winners
vice.com Aug - 5th 2013
"Wall of Sheep is a perennial favorite, proudly displaying the unsuspecting schmucks who are blissfully unaware of the passwords they are parading in front of thousands of hackers"
Has DefCon gone soft, or are the real hackers in hiding? I have a theory …
digitaltrends.com - Aug 4th 2013
By Mr. Worst Case Scenario
"Seriously. I have not witnessed one real hack here at DefCon. Oh, sure, there are a bunch of controlled hacking contests. And we all know that some idiots have tried to join the public Wi-Fi, only to find their name and login credentials plastered on the Wall of Sheep. "
Hack the mini bar, spot the feds, DEF CON is back
TheConversation.com - Aug 1st 2013
By Marco Cova
Another classic sight is the “Wall of Sheep”, a projection of the usernames and passwords that have been harvested from unencrypted network connections: people stop by to verify they are not on the wall (and breathe a sigh of relief) or to make fun of friends that should have known better.
NSA And Aaron Swartz Hot Topics At Hacking Conferences
hearandnow.wbur.org - Aug 1st 2013
By Jeremy Hobson
"You go Def Con, and there's the Wall of Sheep where..."
Calling All IT Security Professionals: How to Stay Secure at BlackHat and DEFCON
Infosecurity-magazine.com Jul 24 2013
Jeff Debrosse, director of security research at Websense Security Labs, has produced a series of tips to protect attendees from being hacked before and during Black Hat and DEFCON, and most importantly, from being shamed on the 'Wall of Sheep'.
Feds put heat on Web firms for master encryption keys
By Declan McCullagh
"Encryption used to armor Web communications was largely adopted not because of fears of NSA surveillance -- but because of the popularity of open, insecure Wi-Fi networks. The "Wall of Sheep," which highlights passwords transmitted over networks through unencrypted links, has become a fixture of computer security conventions, and Internet companies began adopting SSL in earnest about three years ago."
DEF CON: The event that scares hackers
By John D. Sutter, CNN
"You're on the most hostile network in the world. If you can perform business here, you can do it anywhere," said Brian Markus, referring to the public Wi-Fi network at DEF CON, which veterans know to steer clear of.
DefCon Welcomes Kids: Hacking Fun for Everyone
By Richard Adhikari
Cybersecurity professionals CedoxX, Riverside and FS ran the Wall of Sheep workshop. The guiding principle behind the Wall of Sheep, founded by Riverside and CedoxX more than 10 years ago, is being cruel to be kind.
DefCon: Hacker Conference Exposes Lax Security Of Companies, Other Hackers
By Gerald Smith
Brian Markus, chief executive of Aries Security, said his company runs the "Wall of Sheep" to teach a lesson on Internet security. He compared using unsecured networks to the free-love ethic of the 1960s and 1970s when many people had unprotected sex. "Today, everybody is connected and they need to go out and get protection because the environment has changed," Markus said.
DEF CON 19: Hide Your Passwords. Hide Your Laptop. Hide Your Phone. They.re Hacking Er.body Out Here
Being the paranoid person that I am (as detailed in my prior post), upon seeing the .Wall of Sheep,. my eyes widened in terror. In a small, dark conference room sat approximately 10-15 computers (my estimation may be off, because I was paralyzed with fear at the time) with people fiercely typing away. A large flat screen displayed a simple scoreboard of usernames and IP addresses of the .sheep..
Photos show the cultural difference between Black Hat and Defcon hacker events
By Dean Takahashi
Defcon: Gulp. Don.t get caught on the Wall of Sheep. That is the wall where the names of users, their partial passwords, and devices are listed...
InfoSec Daily Podcast Episode 447 for August 9, 2011.
by Rick Hayes, Karthik Rangarajan, b0n3z, and Varun Sharma
So, how does one avoid the "Wall of Sheep"? Markus suggests scrambling your Internet connection.
Wireless Awareness: Don't Be A Sheep
By Brian Krebs
iPhones and other mobile devices with wireless access were among the top contributors to this year's "Wall of Sheep," a public shaming exercise debuting at the Black Hat security conference in Las Vegas this week that aims to educate people about the dangers of sending e-mail and other online communications over open wireless networks.
Defcon's Wall Of Sheep Eats IPhones For Breakfast, Lunch And Dinner
By Humphrey Cheung
The Wall of Sheep team has 10 core people and approximately two to three times as many "floaters", curious people who drop in to help out. Using open source tools like ettercap, Wireshark and the BackTrack distribution, the team sniffs network traffic and posts login information (partially obscured) on a projector for all to see. Team members told us that many new volunteers often start laughing and "cracking up" when they capture their first passwords. "They think we're running complicated tools, but it's really easy," team member "Cedox" told us.
Feds at DefCon Alarmed After RFIDs Scanned
By Kim Zetter
Each year the Wall of Sheep volunteers sniff DefCon's wireless network for unencrypted passwords and other data attendees send in the clear and project the IP addresses, login names and truncated versions of the passwords onto a conference wall to raise awareness about information security.
This year they planned to add data collected from the RFID reader and camera (below) - to raise awareness about a privacy threat that's becoming increasingly prevalent as RFID chips are embedded into credit cards, employee access cards, state driver's licenses, passports and other documents.
Wall of Sheep comes to Black Hat
By Robert Vamosi
For years, a group called Wall of Sheep has been showing attendees of Defcon when their network connections are insecure. The Wall of Sheep board has been a fixture at Defcon, Black Hat's sister conference set to begin tomorrow at the Riviera Hotel and Casino. The board displays the names (with some identifying information obscured) of those connecting to the Internet in insecure ways. The idea is both meant to shame and educate users on best practices.
Wall of Sheep: Coming to Your Company?
By Robert McMillan
Last month, Markus and three of his fellow volunteers incorporated a company called Aries Security, which they bill as an education and security awareness consultancy that can come in and identify risky behavior on corporate networks.
DEFCON 2007 - Wall of Sheep
By George Ou
It's time to count sheep again and I don't mean the ones in your sleep. I'm talking about the ones on the Wi-Fi Hotspot that are using insecure protocols and getting their online accounts compromised. What you're looking at below is the DEFCON 15 Wall of Sheep.
What do I mean by compromised? Usually that means username and passwords are being transmitted in the clear for anyone to see or it means your account can be hijacked such that an attacker can get in to your account anytime they want after they copy your online Web session. In the above screen shot, a VERY large number of Gmail accounts that failed to use secure HTTPS (https://mail.google.com) were hijacked. This is despite the fact that they logged in using HTTPS because Gmail by default automatically kicks you back in to HTTP mode.
DEFCON's Wall of Sheep
by Barrett Canon
If there is one thing more humiliating to a hacker than getting owned, it is having your misstep (along with your login credentials) put on display for thousands of your peers to see. Above is the poster set up near the DEFCON Wall of Sheep HQ. I'd post a picture of the actual wall, but the cartoon of a sheep getting "owned" by a wolf makes things a little NSFW.
Wall of Sheep at DEFCON illustrates what not to do
By George Ou
At DEFCON 2006 in Las Vegas, a few "lucky" attendees "volunteered" to be real life examples what clear text authentication protocols you shouldn't be using.
User's passwords caught and posted on Wall of Sheep.
Because most of the common web technologies used in the world are still using clear text authentication, hackers at DEFCON illustrate why this is such a bad idea. Every year at DEFCON when one would think that attendees should know better, the Wall of Sheep is populated with careless users. I actually stopped by because of my paranoia and breathed a sigh of relief when I verified that I wasn't on the wall.
by Humphrey Cheung on 2007-08-07
“Oh look, I got a MySpace.” While other attendees at the Defcon security convention were soaking in the atmosphere, a dedicated group of hackers were soaking in their data. By sniffing both wired and wireless traffic, the group finds user names, passwords and yes even MySpace profile pages and then posts the information on the convention’s famous “Wall of Sheep”. Sure it’s embarrassing if you’re the one being caught, but in this group considers it tough love.
By Dave Lewis on 2007-08-05
One of my favourite parts of Defcon. It took them the better part of the first day to get the screen up and running but, when they did the laughter began. One interesting side was the capture of Gmail accounts on the wire. Gmail encrypts the initial login…but not the cookies. At least one victim found out the hard way.
By Brian Shearer on 2006-08-10
The Wall of Sheep is featured in the comic "Memory Leak."
By Brian Krebs on 2006-08-04
Already, there are dozens of names on the "Wall of Sheep," a running tally of the unsuspecting or foolhardy souls who venture to log in to various unencrypted Web sites over the hotel's wired, wireless or Bluetooth networks. As of 3 p.m. PT Friday I spotted at least five Myspace.com user-account credentials on the wall, as well as user name and password info for someone at networking giant Cisco and another at a Hawaii state government Web site. At the rate the sheep are piling up this year, we are likely to see more than 100 victims listed on the wall.
By George Ou on 2006-08-04
At DEFCON 2006 in Las Vegas, a few "lucky" attendees "volunteered" to be real life examples what clear text authentication protocols you shouldn’t be using. Because most of the common web technologies used in the world are still using clear text authentication, hackers at DEFCON illustrate why this is such a bad idea. Every year at DEFCON when one would think that attendees should know better, the Wall of Sheep is populated with careless users. I actually stopped by because of my paranoia and breathed a sigh of relief when I verified that I wasn’t on the wall.
By Newbury Networks on 2005-08-03
A team from Newbury Networks worked with the [Wall of Sheep], an independent group of security professionals who run the venerated "Wall of Sheep" project which finds and publicly identifies users who expose their identity via unsecured connections. Newbury was tasked with supplementing the "Wall of Sheep" by locating WiFi devices, identifying unsecured activity, and detecting wireless attacks. Newbury created a floor plan of the conference space and mapped the hall's "RF fingerprint" to allow for pinpoint identification of wireless devices' location. Newbury projected a large wall display, providing attendees a real-time "air-traffic control" view of wireless activity using Newbury Network's award-winning WiFi Watchdog.
By Greg Sandoval on 2005-08-01
To make their point, they pilfered Internet passwords from convention attendees. Anyone naive enough to access the Internet through the hotel's unsecured wireless system could see their name and part of their passwords scrolling across a huge public screen. It was dubbed the "The Wall of Sheep."
By Phillip Torrone on 2005-07-31
At DEFCON there's a wall with a projection of username and passwords (some of the password that is). When you use any wireless here, it's safe to assume that all the packets are being captured and if you're foolish, you logged in to webmail, pop, AIM, etc...DEFCON is reality concentrated in to one spot- when you see your friend's password on the wall, and a big sheep go by, it's a clever reminder.
By Charlie Demerjian on 2005-07-30
One of the highlights of Defcon 13 is the Wall of Sheep. This large projection of stupid people is hard to miss if you are in the chill out room, and it is a lot of fun. What they do is post usernames and enough of a password for the terminally stupid to realise that they are serious, but not enough to give it all away. The sheer number of them at a place where people should know better is really frightening.