You all know hierarchies. You use them, you work within them and you are probably part of one. This is also true for IT staffers or even freelancers dealing with security issues. Usually there is a team/project leader, a CEO, a CIO and all kinds of specialists from other departments (if the company or organisation is bigger). While the „chain of command“ may not be important during daily routine, it is tremendously critical when incidents happen or when the infrastructure is prepared against compromise. More often than not security-aware admins and developers experience the „override by pointy haired boss“ effect. Checks and balances are great, the budget might confirm this, but once you deviate from routine there’s the nasty blame game. That’s when hierarchies turn to bite you in the back.
Time spent on designing proper hierarchies is time well spent. There are plenty of stories around where the right people had the right idea, but they were overridden. Some of them also took the blame for being overruled. If you are ever going to be in a position where security is part of the job description, you absolutely have to make sure that your voice carries sufficient weight. Any recommendation and decision affecting security must be properly documented and every objection must be recorded as well. Sometimes the security officer is just a job to take the blame without any power to influence infrastructure or procedures. If you ever end up in such a position, our advice is to quit as soon as possible.
How do you get around hierarchies to boost security? Well, it depends on your situation. You can either rearrange positions, design everything from scratch right or use temporary exception. The latter strategy is used in the military when units take over guard duty. Guards are usually soldiers from regular units. These soldiers belong to an unit and have their own commanders. This is undesirable for guard duty, because the task of guarding a facility has its own structure, commanders and groups attached to it. If you use regular soldiers from other units from this, they end up belong to two different hierarchies which have different goals. The solution is a temporary change of the chain of command (the German term for this is „Vergatterung“, stemming from the German word Gatter for gate). During guard duty all guard soldiers only report to a specific selection of officers commanding the guard. All other superiors have no command over the soldiers. In turn guard soldiers obtain the privileges to execute tasks connected to their guard duty (including elevated privileges to issue commands to others). This mechanism allows the guards to do their job.
So if you are part of the IT staff or if you are an external consultant always look out for hierarchies. Make sure your opinion carries meaning. If you are responsible for security, make sure you have the authority to influence decisions or to veto them. If you get the position or the contract without the necessary privileges, then chances are that someone is just trying to outsource the blame. Don’t fall for this trick! Politely phrased this trick is social engineering, plainly stated someone is lying to you. That’s no basis for security measures.
Posted in Security by .
We are currently finalizing our new event in Summer 2012, focusing on Security Intelligence. Security Intelligence is one the newest disciplines in the IT security zoo and not yet fully defined (e.g. there is no Wikipedia article or rich bibliography of works dealing with the topic).
We have been monitoring the Security Intelligence scene now for more than 3 years and found many different approaches, ranging from standard security advisories and alerts to deep insight into the current threat landscape. While some organizations (mostly network equipment vendors) seem to view Security Intelligence just as a new buzz-word for marketing others do a more thorough job:
Especially software and anti-virus vendors like Microsoft, McAfee, IBM, Symantec and some ISPs like Verizon and AT&T provide valuable intelligence to the community. Also voluntary groups, free-of-charge spin-offs from consulting companies and open source projects contribute to Security Intelligence like shadowserver.org, Team Cymru, SANS Institute with DShield and many others. And there are of course many professional consulting companies which provide their services and products to commercial customers like iDefense (now part of Verisign/Symantec), Damballa, Q1 Labs (now part of IBM) and others.
The latter is, what we are looking at: robust and thorough information about the current threat landscape to improve our security strategies and align our countermeasures efficiently with the actual risk – without over-doing it and without neglecting minimum required effort.
After a long time of preparation, collecting background information and talking to many of our friends, supporters and conference guests we are now confident that our format will meet the requirements of of a high-end Security Intelligence event. We want to provide an environment, where information can be freely exchanged between cooperating and trusted dialogue partners in a secure environment. To achieve this we have a completely new format, which can be best described as a “conclave congress”.
The main characteristics will be:
- Single track, two day event: stay focused, no missing of a talk in the other track.
- Outside of Vienna, we currently have identified a few venues like a castle south of Vienna, a manor house near Salzburg or something like that, again to stay focused for two days without the temptation of a big City.
- Limited and controlled enrollment on an invitation/recommendation basis. We want to present sensitive information which requires a more restrictive policy compared to our DeepSec conference.
- No video recordings of the presentations for the same reasons as above. Presentations will be provided by the speakers on their own discretion but not published like the DeepSec talks.
- Limited seats, we currently look at 50 participants plus speakers as a maximum.
- Target audience: Public and national CERTs, government organizations, respected academic researchers, critical infrastructure and finance sector as well as recommended participants from one the mentioned organizations.
- All-inclusive event, covering conference fee, accommodation and all meals and beverages (non-alcoholic).
- All the venues we have in mind will offer a very reasonable on-top charge if you want to bring your significant other and we will organize a side-program and excursions into the vicinity of the venue.
The details, our CfP, dates and venue will be published in the next one or two weeks.
In the meantime please give it a thought whether you can contribute as a speaker or if you can reserve two days in the last week of August, resp. first week of September in 2012.
Please give us your feedback via (encrypted) e-mail: deepsec@deepsec.net (or posting blog comments) concerning anything about Security Intelligence, our event format or anything we might have forgot. Security events are all about collaboration, you know. ☺
Posted in Conference Internet Security Intelligence by .
Jan 12
18
DeepSec.net is on Strike!
You have probably heard of the Stop Online Piracy Act (SOPA) and its chilling effects on the Internet and all its users. „The originally proposed bill would allow the U.S. Department of Justice, as well as copyright holders,to seek court orders against websites accused of enabling or facilitating copyright infringement. “ (quote taken from the Wikipedia article) SOPA is a major security risk for it advocates to change the DNS zones for specific domains. Blocking would be done by DNS, so the bill compromises the Internet’s infrastructure. Speaking from the view of security researchers we would like to quote the white paper written by Steve Crocker and Dan Kaminsky:
From an operational standpoint, a resolution failure from a nameserver subject to a court order and from a hacked nameserver would be indistinguishable. Users running secure applications have a need to distinguish between policy-based failures and failures caused, for example, by the presence of an attack or a hostile network, or else downgrade attacks would likely be prolific.
SOPA has many more disadvantages and should never be passed. Basically SOPA is Internet censorship and can be used/abused to take down arbitrary content, for example information about security vulnerabilities (which has happened in the past with the DMCA and still continues to happen). This is why the main DeepSec.net web site takes part in the strike against SOPA. Let’s hope we won’t need to shut down our web sites for the real SOPA.
If you are worried about our digital future, please consider joining the protests.
Posted in Administrivia Internet by .
After the Christmas break we are back and continue to plan DeepSec events for 2012. Judging from the news on Twitter and the web there’s ample demand to look behind the scenes and to question „well-established facts“ or myths. We could have skipped vacation and kept on blogging throughout Christmas and New Year’s Eve. There was the Stratfor hack, Anonymous activity, rumours about back doors in operating systems, leaked anti-virus source code and hacking military networks. 2012 starts right where 2011 left off. And we haven’t even watched most of the 28C3 videos!
So we will have two major DeepSec events in 2012. There’s the DeepSec 2012 in November (we’re currently fixing the exact date) and there will be a second event in Summer. More details follow in the course of next week when everyone’s back at the helm.
Posted in Administrivia by .
While we refuse to add a Cyberwar category to this blog, we want to explore this shady topic with a story. Do you recall the water plant hack a few weeks ago? According to news floating around in the Internet an US-American water plant in Illinois suffered from a security breach together with a failed water pump. Apparently attackers took the pump out by applying a well-tried IT technique called „Have you tried to turn it off and on again?“. So in theory this is a full-scale Cyberwar incident that puts all of our infrastructure at risk – plus you can add the magical acronym SCADA when talking about it, thus lowering the room temperature a few degrees and imposing the well-tried fear and awe effect on your audience.
While industrial control systems remain a part of the infrastructure that can be attacked with or without being networked, the water plant hack has turned out to be lacking some facts. So what has happened? Why did the incident change from being an attack to becoming a slightly confused story about a defective piece of hardware? Well, have you ever heard of scenario fulfillment? The term was used in reports about the Iran Air Flight 655 incident where the Aegis guided missile cruiser USS Vincennes shot down a civilian jet airliner over the Strait of Hormuz. The crew of the cruiser assumed to be under attack by an approaching F-14 fighter jet. A review of the incident led to a psychological explanation published in a BBC documentary.
When questioned in a 2000 BBC documentary, the U.S. government stated in a written answer that they believed the incident may have been caused by a simultaneous psychological condition amongst the 18 bridge crew of the Vincennes called ‘scenario fulfillment’, which is said to occur when persons are under pressure. In such a situation, the men will carry out a training scenario, believing it to be reality while ignoring sensory
information that contradicts the scenario. In the case of this incident, the scenario was an attack by a lone military aircraft.
What are the implications if you combine wisdom from the 1980s with the Internet, new military doctrines and scenes from the film War Games? Let’s hope we’re not in for a decade of speculation, packet firings squads and unbridled and irrational fear about the threat of cyber war. Make sure you remember to look for facts, especially when dealing with security and incidents.
Side note: Actually there is a tool for the protection of water plants, and it’s called Crypto. If you manage to sneak this tool into a talk and base your presentation on it, then our CfP team might just accept you for DeepSec 2012 without asking any questions.
Posted in High Entropy Security Stories by .
Nov 11
24
DeepSec 2011 – Video Interviews
A video team from Golem, one of Germany’s largest IT news web sites, did some interviews at DeepSec 2011. We already mentioned the interview with Sharon Conheady and Stefan Schumacher. There’s a new video available. It’s an interview with Constantinos Patsakis about the security and the automotive industry. Modern cars rely heavily on computer systems and data buses, but they lack mechanisms to control access to different components by different users. Constantinos and Kleanthis Dellios discussed this problem in their talk at DeepSec 2011 and suggested solutions to this problem. Watch the video and listen to the interview.
Harald Welte, who conducted the „Attacking GSM“ training with Dieter Spaar at DeepSec 2011, gave an interview about the state of security in the GSM network.
Fernando Gont, who conducted the „IPv6 Security“ workshop at DeepSec 2011, talks about the growing importance of IPv6 and the state of security in IPv6 networks.
We will update this posting and include new video interviews as soon as they are published.
Posted in Press by .
All of you who attended DeepSec 2011 know that we had a Wall of Sheep at the conference. We set it up by copying packets via the Netfilter TEE target from the router to the Wall of Sheep box (note to self: never ever mirror broadcast or multicast packets). We only displayed logins and the number of characters of the password, all data was processed and stored in RAM. The display was only accessible from the conference network. On the first day of the conference we did not announced the Wall, we only encouraged everyone to use secure protocols and not to use services that send sensitive data unprotected. We even set up posters and flyers warning to use the conference network (the reason were other events at the venue taking place in parallel). We got about 80 hits. We talked to people we could identify by login and told them. On the second day we announced that there is a Wall of Sheep and published the URL locally. Then we got about 20-30 hits. So, what have we seen?
- Even security-aware persons can overlook a simple check-box or an auto-login using insecure protocols by default (using the wrong ports for IRC on Freenode for example).
- Some user use services that offer SSL/TLS with self-signed certificates and turn SSL/TLS off because of the annoying requesters. No fault of the users, everyone tries to get rid of pop-up windows.
- Recommending to use protected communication is less effective than to publicly display logins. People only believe it, when they see it. No news here for anyone being involved in the full/responsible/no disclosure discussions.
- You cannot expect Zen mastery of encrypted protocols from end-users. Few are even aware of the tools they can use and the configuration they have to select. In addition not everyone uses VPN tunnels or other means of encrypting data over the „first mile“.
- If you want to help the sheeps, then you have to prepare easy to understand and easy to implement workarounds or configuration descriptions. Ridiculing someone or simply saying „Then just turn on encryption!“ doesn’t help.
- If you develop an application and design network communication, make sure you do not shift the burden of securing the transmissions to the system administrator or end user. No one likes jumping through hoops. Make it easy to use.
- If you offer a service, please offer protection for data in transit as well. Some entries on the Wall were due to servers not offering any kind of in-transit protection.
Our router also recorded 3,645,892 netflows during the 4 days of DeepSec (flow records only contained timestamps, ports, packets, bytes and duration, no addresses). This includes some of the broadcast and multicast packets that got amplified by the Wall of Sheep, so we had some very busy Intertubes at DeepSec 2011. Probably because of the cat videos.
Nov 11
22
Articles about DeepSec 2011
We have some more articles for you. Apparently the talks of our speakers raised a few eyebrows. Most of the articles are in German.
- Dradio: Das sichere Auto ist ein Mythos
Interview with Mariann Unterluggauer about impressions from DeepSec 2011 and the myth of automobile security. - Dradio: Nur scheinbare Datensicherheit
This is a second article published on the Deutschlandfunk web site features Duncan’s talk and bugs in security software. - Ö1: Können Hacker Autos fernsteuern?
„Can hackers remotely control cars?“ Well, given the current design and lack of security they probably will do so in time for DeepSec 2012. - Ö1: Make Cyberpeace, not Cyberwar. Ein Bericht von der DeepSec
The topic of cyber warfare is still hot. - Wie Terroristen verschlüsseln – Digitale Spuren kaum verwischt
The Neuer Zürcher Zeitung (NZZ) has a comment about Duncan’s talk in combination with the recent attack on a Illinois water pump. Ever since the first DeepSec our speakers have illustrated that infrastructure is at risk if being visible to untrusted networks (not just the Internet). - Online-Banking ist leicht knacken
Mitja Kolsek’s talk about online banking has set the alarm call for customers and journalists alike. This is the third article about his talk. We hope that the information Mitja presented will raise some doubts about systems that „must be secure“. There’s no „must“, and security doesn’t appear from nowhere and doesn’t stay once the design of your new web app is ready. - DEEPSEC 2011: Quick Roundup
Chris J. Riley has an executive summary with links to articles describing all talks he saw or wrote about. - SIM Toolkit Attack
Bogdan has published his own video recording of his talk about attacking the SMS Toolkit. - We found no articles about the party in the Metalab, just this photograph.
- DeepSec: IT-Sicherheit bei Online-Banking und Autos unzureichend
The Austrian Computerwelt wrote an article with the content of our past-conference press release. The article covers the weaknesses of online banking from Mitja’s talk, Duncan’s keynote, „cyberpeace/cyberwar“, automotive security, and a general review of the conference.
Tomorrow MiKa and me will be guests of the radio show hackerspaces | signal at the studio of Radio Orange. We will have a chat about DeepSec 2011, the impact of security on military, politics and society, and how everything’s connected to hackerspaces. The recording will be online on Radio Orange’s web site.
Update: Golem.de has published the interview with Sharon Conheady about social engineering.
Posted in Conference Press by .
Since DeepSec 2011 has ended and we still want to have a chat with you, let’s meet at the party! It takes place at the Metalab, a local hacker space next to the town hall. We have music, we have stuff to drink, we got access to the Intertubes, we got lots of nice people, and even more reasons to have some fun! Don’t miss it!
This is where you get in.
Posted in Administrivia High Entropy by .
Nov 11
18
Thanks for attending DeepSec 2011!
The DeepSec 2011 has ended. We enjoyed meeting all of you and hope to have fulfilled our role as a catalyst. We had some great talks, great discussions, and shared thoughts, insights and different views concerning security and insecurity alike. We hope your professional paranoia doesn’t keep you from getting sleep.
We will follow the press coverage in our blog and link to articles. Golem has produced video interviews which will be published soon. Our own video team will retreat to the rendering farm and post-process the raw video data. As soon as we have collected all slides from our speakers, we will put them to the archive (and publish the link).
We thank all the speakers for the superb material they presented! Without talks there would be no DeepSec at all.
We thank our sponsors Google, RIM, McAfee, Microsoft, SEC Consult, and FH Hagenberg.
We thank all participants for attending, and we thank all our staff for running DeepSec 2011 as smooth as possible: Thanks kyrah, Ralf, Grisu, Albert, astera, Neodym, Oggi, Phileas, Fx, Daniel, Lukas, Christian, Eva, Dominik, red, naxx, x4lt; a very special thank you goes to Manuela (a.k.a. RegDesk) for keeping the herd of cats together and organising speaker arrival, accommodation and interview together with our PR agency.
Thanks and see you in 2012!
Posted in Conference by .
Nov 11
18
First Press Coverage of DeepSec 2011
The first articles about DeepSec 2011 are online. Most of them are in German, so you might want to use Google Translate for it. In addition Golem will publish video interviews with selected speakers soon (we will tell you as soon as they are available).
- Wie Terroristen verschlüsseln
Duncan Campbell talks about encryption and compares it to the real world. There have been a lot of rumours about terrorist groups using modern encryption. The reality looks a bit different. Tools like PGP are around, but some groups still rely on substitution and transposition ciphers. Managing keys of modern cryptography and handling the tools isn’t as easy as changing clothes. Procedures, procedures, procedures, ask the auditors. - Das Streben nach dem Cyber-Weltfrieden
Stefan Schumacher illustrates the concept of cyber-peace described in his talk yesterday. Everyone invests in cyber weapons, no one knows what cyber war really looks like. The days of ”Veni, vidi, vici” in conventional warfare are over, and “Cyber War” is even farther away from Caesar’s quote. Stefan explains how to address international conflicts in cyberspace and how to deal with them.
- Die Deals russischer Cyber-Gangs
FM4 has interviewed Alan Kakareka about black markets, typical goods and how the shadow trade works. - Angriffe auf Server der Banken lohnen sich
Mitja Kolsek’s talk about security weaknesses of online banks is featured in this article (first published at the Golem web site). - Chris John Riley’s blog features a live coverage from the talks How To Rob An Online Bank, Extending Scapy by a GSM Air Interface, SMS Fuzzing, Windows Pwn 7 OEM, Intelligent Bluetooth fuzzing, and Reassemble or GTFO! – IDS Evasion Strategies.
There’s more to come. First impressions from our on-site photographer can be found on his noteblog.
Posted in Conference Press by .
Nov 11
11
Talk: Advances in IDS and Suricata
Intrusion Detection Systems were very much in demand over 10 years ago. The widely known Snort IDS software is a prominent tool. Other vendors have their own implementations and you can readily buy or download thousands of rules distributed in various rule sets. Cranking up the sensitivity will then easily give you more alerts than you will ever be able process sensibly. This is the mindset that settles once they hear „IDS“ or „IPS“. We don’t think this view is still true. That’s why Victor Julien and Eric Leblond, Open Information Security Foundation, will talk about Advances in IDS and Suricata at DeepSec 2011.
You have probably heard of Suricata, the next generation intrusion detection engine. Development of Suricata started in 2008 and war first released as stable in December 2009. Past DeepSec conferences featured talks with feedback sessions where the developers asked for features wanted by the security community. Despite rumours Suricata is not a rewrite of Snort. While Suricata can parse Snort rule configurations you have additional features that you can deploy. Hardware acceleration is in the pipeline, and Victor and Eric will focus on SSL/TLS parsers and keywords and HTTP file carving. Both SSL/TLS and HTTP are widespread. Nearly every security administrator has to deal with these protocols and their data transmissions. Naturally inspection of flow containing SSL/TLS and HTTP are on top of the list of requirements (or at least on top when writing wish lists to Santa Claus).
Both Victor and Eric are active developers within the Suricata project, so you get information about this IDS tool first hand.
This talk is important for anyone wishing to improve the radar and maybe even chasing APTs or other covert and not very covert network activity.
Posted in Conference by .
For all of you who frequently visits „hacking hot spots“ this should be familiar. For all others who blindly trust the Net it should be a wake-up call. Here’s a short and probably incomplete check-list in case you are preparing for DeepSec 2011 or any other event with a public Internet access (the CCC has a more complete list on their event web site).
- Secure your operating system (vendor and type doesn’t matter).
- Backup your data.
- Do run a firewall or a similar filter on your device (vendor and type doesn’t matter). The hostile network starts right at your antenna or Ethernet jack (again regardless of vendor and layer 1 technology).
- Try to use a VPN tunnel to a trusted network (such as your company or home network). Tunnel all traffic through your VPN tunnel. Secure Shell (SSH), OpenVPN™, IPsec and other tools provide such a tunnel.
- Use protocols secured by encryption (all things SSL/TLS for example). Tell your browser to do so by installing HTTPS Everywhere prior to connecting to the event network. If you have trouble enforcing secure protocols, use an encrypted tunnel to a trusted site for transport.
- When using HTTPS and other SSL/TLS protocols, don’t ignore security warnings! Fake certificates are all the fashion these days.
The conference wireless network at DeepSec 2011 will be an open network without any encryption. This means that we won’t configure WEP, WPA or WPA2 on our access points (only for maximum interoperability, of course). Passive attacks are always possible in such an environment. If you are not sure whether your data transmissions are secured, we will provide an online tool for helping you securing your network traffic. Some of our staff might be of assistance, otherwise talk to the people around you. That’s why you are at a security conference. ☺
So we do not condone any abusive or intrusive behaviour, but we do not have the means to enforce a policy. The Internet access at the conference is for everyone. Use it wisely and encrypt everything. Don’t be a sheep! We will announce known infrastructure devices with their MAC address on our Twitter feed for reference and for helping to detect „person/device in the middle“ attacks.
Posted in Administrivia by .
While UK is preparing for war we’ll try something completely different at DeepSec 2011. We will talk about peace („cyber-peace“ to be exact). The ill-defined term cyber-war is haunting media, security communities, politics and the military for a while now. We already had talks about this at past DeepSec conferences. Cybersecurity is currently a big hype even in mainstream media like the Frankfurter Allgemeine Zeitung, The Guardian or The New Yorker. Exploits and Vulnerabilities like Stuxnet or the German Trojan Rootkit for Lawful Interception are discussed in prime time news. Hackers like the Chaos Computer Club offer technical advice to the German Parliament and the highest court, the Federal Constitutional Court. Due to the constant work of security experts, researchers and hackers (including some really cool media fnords and stints), the level of security awareness has been raised to a level, which has never been achieved before.
However, the media (and also some „real security experts“) tend to alarmism and panicking, including the rants of a Cyberwar, which is supposed to break out every day (or about now depending on your sources). This does not help to solve the diverse existing security problems. Assessing the facts and dealing with the risks rationally can’t be done when in panic. So Stefan Schumacher, managing director of the Magdeburger Institut für Sicherheitsforschung, will give a short introduction into the most important security problems tied to cyber warfare. He will present some ideas to solve those problems touching technology, psychology and governance, presenting a strategic level of security.
- Raising security awareness in users, system administrators and programmers/developers
- Enhancing training and education for IT Security capacity building
- Enhance IT Security management by software developers, no matter if it is an Open Source Project or a huge company
- Enhance international cooperation on IT Security
- Setting and enhancing an international legal framework for IT Security
You see, achieving and maintaining cyber-peace can be as demanding as starting a Cyberwar. Don’t expect to see simple solutions for countering threats hiding in complex infrastructure and interwoven networks and gadgets. If you plan to start a Cyberwar, want to defend against it, or try to completely avoid this kind of warfare (regardless of profession or role), then this talk is for you. All others who might caught in the middle of a cyber shoot-out should attend as well.
Posted in Conference by .
Nov 11
3
DeepSec 2011: Techniques de cryptage des cellules terroristes, espionnage GSM, piratage informatique
Du 15 au 18 novembre 2011, la cinquième édition de la conférence DeepSec réunira les plus grands spécialistes internationaux de la sécurité des réseaux et du piratage autour du thème de la sécurité informatique. Les principaux sujets abordés: techniques de cryptage des cellules terroristes, sécurité des systèmes de communication mobiles et de leurs utilisateurs et enfin, infrastructures de sécurité de la prochaine génération numérique.
“Nous avons voulu, cette année encore, aborder des thématiques passionnantes et sujettes à controverse. Les sept workshops et les trente-quatre interventions de la conférence concernent directement ou indirectement une grande partie de la population” explique René Pfeiffer, organisateur du DeepSec. “C’est le cas notamment des tentatives de piratage constatées sur les réseaux GSM. C’est également le cas des problèmes de sécurité rencontrés sur IPv6 (Internet Protocol version 6), un protocole utilisé par de plus en plus d’entreprises et d’organisations qui n’en soupconnent pas toujours les failles. Nous nous pencherons aussi sur les cryptages des communications terroristes et sur la facon dont les autorités y répondent. DeepSec se veut une plateforme neutre d’échange d’idées et d’expérience entre la communauté Hacker, les entreprises d’informatique et de sécurité, les usagers, les autorités et les chercheurs” souligne René Pfeiffer, lui même expert en sécurité des réseaux.
Un danger bien réel: techniques de cryptage des cellules terroristes, espionnage GSM, piratage informatique.
Le journaliste et chercheur informatique Duncan Campbell analyse ainsi dans son intervention “How Terrorists encrypt” les techniques de cryptage du terrorisme moderne depuis le 11 septembre. Quels sont leurs outils? Sont-ils sûrs, efficaces? Il s’intéresse aussi aux méthodes de décodage des services secrets occidentaux. Surestime-t-on ou sous-estime-t-on son adversaire? Les erreurs se répètent, dans le camp terroriste comme occidental et les conséquences en sont souvent dramatiques.
Tout le monde les utilise, tout le monde est concerné: les terminaux mobiles et les téléphones portables.
Les offensives menées sur ces terminaux et l’espionnage GSM seront l’objets de plusieurs des interventions du DeepSec. Les spécialistes du réseau GSM Dieter Spaar et Harald Welte traiteront dans leur workshop “Attacks on GSM networks” la vaste gamme des failles et des faiblesses du réseau. Une chose est sûre: les informations confidentielles d’une entreprise ne devront plus être communiquées au moyen d’un téléphone portable. En cas d’espionnage industriel, les dommages potentiels sont imprévisibles.
Dans son workshop “hacking IPv6″ Fernando Gont présentera les points faibles du nouveau protocole Internet, les attaques possibles et la manière de les contrer. Pratiquement tous les éléments du protocole présente des failles pouvant être utilisées par les hackers. Des expériences réalisées en direct illustreront l’ampleur des défis à relever.
Les autres thèmes discutés pendant la conférence seront: Code Review, espionnage numérique, criminalistique numérique, Incident Response, Malware Research, communication sécurisée, Protocole Internet, système d’exploitation, Patch & Upgrade management, Social engineering, VoIP technology, Web Application Security et technologies mobiles.
DeepSec se veut une plate forme neutre permettant aux experts en sécurité informatique de tous horizons d’échanger idées et expériences. La conférence souhaite aussi combattre le préjugé largement répandu du hacker aux activités obligatoirement criminelles. “Au contraire. Pour beaucoup d’entre eux, il s’agit plutôt de découvrir et de révéler les failles de sécurité des systèmes. Comme dans d’autres domaines, on ne peut éliminer que les risques que l’on connait et que l’on a étudié” nous dit René Pfeiffer.
Parmi les sponsors du DeepSec, on retrouve Google, McAfee, Research in Motion (RIM), Microsoft, SEC Consult et la Fachhochschule Hagenberg.
Vous trouverez le programme du DeepSec ici: https://deepsec.net/schedule.html
Informations complémentaires: https://deepsec.net/
Visitez aussi le blog DeepSec: http://blog.deepsec.net/
Posted in Press by .