Imagine buying an allegedly passcode-protected, encrypted secure Micro-SD card. Only to find out that the password protection can trivially be disabled without knowing the password. Meaning that it's probably not really encrypted …

And that a "PRO" version of the same brand coming out has the same problem, the only "advantage" being that you no longer read the password in clear text (but you don't need that anyway).
#Area41
https://www.balda.ch/publications.html

Marina Bochenkova reported about her quest on identifying the origin of hard disks found at a flea market – with real medical data of a lot of people on them. And that the company (or their successor) who sold the disks is changing whenever you start asking questions.

But their interactive voicemail is still accepting messages.
#Area41
https://a41con.ch/

"You need lean identities, restricting the access rights of the agents, as they will be persistent in trying to get things done, finding workarounds." (paraphrased)

Nico Fischbach also talks about that we have a second "COBOL moment": New people will not really know how the existing (soon "legacy") systems work and these skills will become increasingly valuable over time.
#Area41

Nico Fischbach on the past, present and future of IT security.

Know your assets, how to assess at scale, and be able to safely activate changes.
#Area41
https://a41con.ch/

Andreas Wiegenstein gave astonishing insight into how to protect SAP systems agaons #Malware in the code. SAP's ABAP language was definitely not meant for security …

"Attacking SAP through the supply chain"
#Area41

Thibaut Passilly gave excellent insight into the #Ransomware cartel #DragonForce operations, including their use of fake video calls to exfiltrate data.

"DragonForce: the cartel makes a TURN in Ransomware Capabilities"
#Area41
https://www.security.com/threat-intelligence/dragonforce-msteams-backdoor

Raphael Lipp & Pascal Gujer started manipulating a car parked in the room based on security weaknesses in the VW group entertainment system.

A further lesson: There apparently seems to be no correlation between the car types and the MIB hardware/software configuration.

"MIB2: Still Running, Still Vulnerable"
#Area41
https://area41.io

Physical Access Control Systems (e.g. keycard entry systems) are often not really secure. Once, because at least some of the devices are outside of the the building/security parameter. But also the networking security is frequently lacking.

A cool demo with a movie-quality automated hacking UI.

#Area41
"Hands-Free Lockpicking: Opening Doors Like in The Movies" by Werner Schober & Clemens Stockenreitner