Archive for May, 2011

Security B Sides Vienna auf Radio Netwatcher

May 31, 2011

Wir, Chris John Riley und René Pfeiffer, waren bei Radio Netwatcher zu Gast um etwas über Sicherheit, Datenpannen und die zunehmende Präsenz der eigenen Daten im Internet zu reden. Anlaß waren die Ereignisse der letzten Wochen in Sonys Playstation Netzwerk, bei den Auth Tokens der Facebook Apps sowie bei Googles Android Betriebssystem und vieles mehr. […]

Tags: , , ,
Posted in Veranstaltung Comments Off on Security B Sides Vienna auf Radio Netwatcher

DeepSec Conference Videos

May 27, 2011

Finally we found some time to sort through the video recording legacy of past DeepSec conferences. We’ve been asked for video material repeatedly since we record all talks held at DeepSec (except those where the speaker does not want to be published on video). Let me explain what the state of our video archive is. […]

Tags: ,
Posted in Administrivia, Conference Comments Off on DeepSec Conference Videos

DeepSec 2011 Focus: Security Management and IT Governance

May 23, 2011

Have you lost track of the risks that may or may not impact your security? How good are the facts you base your security decisions on? Does your organisation follow defined procedures in terms of deploying, monitoring or evaluating security measures? Who decides what’s next and what’s being phased out? Is there a way to […]

Tags: ,
Posted in Administrivia, Conference Comments Off on DeepSec 2011 Focus: Security Management and IT Governance

Thoughts about Threats by „Virtual Bombs“

May 22, 2011

The German  Federal Minister of the Interior, Hans-Peter Friedrich, has warned „that it is only a question of time until criminal gangs and terrorists have virtual bombs at their disposal“. While the term „virtual bomb“ is very vague by itself, the minister mentioned „malware“ as well. This is no surprise for security researchers. Malicious software […]

Tags: , ,
Posted in Security Comments Off on Thoughts about Threats by „Virtual Bombs“

Mobile Network Security revisited at the Linuxwochen

May 20, 2011

Tomorrow we will present a review talk about the state of mobile network security. The talk will be held at the Linuxwochen in Eisenstadt. We will address results discussed in the past DeepSec conferences (including work of Karsten Nohl, Harald Welte, David A. Burgess, Sylvain Munaut, Dieter Spaar, Ralph-Philipp Weinmann and others). If you understand […]

Tags: , , , ,
Posted in Veranstaltung Comments Off on Mobile Network Security revisited at the Linuxwochen

Mobile Security and authTokens

May 17, 2011

Recently we mentioned the topic of mobile security in this blog since it keeps being addressed by security researchers. Now there’s something that can be combined by networking, defective by design and mobile security. German security researcher from the University of Ulm have explored a flaw in Google’s ClientLogin protocol. The initial idea stems from […]

Tags: , , , ,
Posted in Security Comments Off on Mobile Security and authTokens

DeepSec 2011 Focus: IPv6 and Next Generation Networks

May 13, 2011

Since 3 February 2011 the IPv4 pool is now officially and fully depleted. „Peak IPv4“ was a long time ago. IANA can no longer hand out any IPv4 address space. Everyone who needs more address space will be force to look to IPv6. What about security? Are there any benefits? Has IPv6 eliminated all the […]

Tags: ,
Posted in Administrivia, Conference Comments Off on DeepSec 2011 Focus: IPv6 and Next Generation Networks

Have an app and share your data!

May 11, 2011

Apps are all the fashion. You can download them, and you can add them to web sites (such as your blog) including your favourite social network. Facebook has introduced applications back in 2007. If you want to tie an application to your account, the code needs to have proper credentials in order to connect an […]

Tags: , ,
Posted in Security Comments Off on Have an app and share your data!

Talks held at the Linuxwochen Wien

May 8, 2011

MiKa and me held three talks at the Linuxwochen Wien 2011. The scheduled talks were „VoIP Security“ and „The Wind Chill Factor of Security“. The third talk was a review of the trust models used with X.509 certificates and issued by certificate authorities. The review was a drop-in replacement talk for a speaker who did […]

Tags: , , , , ,
Posted in Security, Veranstaltung Comments Off on Talks held at the Linuxwochen Wien

Article about White and Black Hats in Wiener Zeitung

May 6, 2011

Christoph Rella, a journalist who has been at past DeepSec conferences made telephone interviews with MiKa and me. He explored the difference between White Hats and Black Hats along with the motivations of hackers. He was interested in getting to know the reasons why the stereotype of the nice IT guy turns criminal. We think […]

Tags:
Posted in Press Comments Off on Article about White and Black Hats in Wiener Zeitung

Zu Gast bei Taalk.at: Vorratsdatenspeicherung

May 3, 2011

Michael Kafka war am 29. April 2011 zu Gast bei einer Expertenrunde zum Thema Vorratsdatenspeicherung. Der Hintergrund ist die Speicherung von Verbindungs- und Geodaten bei Kommunikation über Internet, Telefon und andere Netzwerke. Die EU Richtlinie dazu muß in allen Mitgliedsstaaten umgesetzt werden. In Österreich wurde das Gesetz letzte Woche beschlossen und tritt am 1. Januar […]

Posted in Discussion Comments Off on Zu Gast bei Taalk.at: Vorratsdatenspeicherung

DeepSec 2011 Focus: Mobile Computing and Communications

May 2, 2011

Our Call for Papers announcement mentioned seven topics that we are focussing on. We’d like to explain what these topics are all about in a couple of blog postings since it is not easy to squeeze everything into a few lines. We begin with mobile computing and communication. Mobile computing incorporates mobile computing devices such […]

Tags: , ,
Posted in Conference Comments Off on DeepSec 2011 Focus: Mobile Computing and Communications