Archive for September, 2011

Talk: Why the Software we use is designed to violate our Privacy

September 29, 2011

Most of us are used to take advantage of  the fruits of the Web 2.0. There is web e-mail, online backups, social networking, blogs, media sharing portals (for audio/video), games, instant messaging and more – available for private and corporate users. A lot of sites offer their services for free (meaning without charging anything), thus […]

Tags: , ,
Posted in Conference Comments Off on Talk: Why the Software we use is designed to violate our Privacy

Workshop: Social Engineering for IT Security Professionals

September 28, 2011

Social Engineering engagements can appear to be easy, especially to someone who already has experience in the Information Security industry.  All InfoSec consultants have experienced situations where they’ve been let into a meeting or to perform an onsite engagement without the correct paperwork or permission, and we’ve all heard the stories of successful Social Engineering […]

Tags: , ,
Posted in Conference Comments Off on Workshop: Social Engineering for IT Security Professionals

The BEAST SSL Attack and the postponed Digital Apocalypse

September 25, 2011

When it comes to security flaws of SSL/TLS (either in theory or in implementation), then a lot of people get very nervous. The past days have been full of media coverage of the BEAST SSL Attack. Since Juliano Rizzo and Thai Duong have published their results the level of speculation has dropped. Let’s replace panic by […]

Tags: , ,
Posted in Security Comments Off on The BEAST SSL Attack and the postponed Digital Apocalypse

Workshop: Web Hacking – Attacks, Exploits and Defence

September 23, 2011

In 2011 we have seen a lot of articles about „cyber“ attacks in the media. Judging from the media echo it looks as if a lot of servers were suddenly compromised and exploited for intruding into networks. While attacks usually take advantage of weaknesses in software, servers do not develop vulnerabilities over night. Most are […]

Tags: , ,
Posted in Conference Comments Off on Workshop: Web Hacking – Attacks, Exploits and Defence

Press Release: How Terrorists encrypt, tenuous Security Situations concerning GSM Networks and IPv6 under Attack

September 22, 2011

Press release: From the 15th until the 18th of November international IT-security experts and hackers will meet again in Vienna, Austria, to discuss strategic security topics. The schedule is confirmed: At this year’s international IT-security conference DeepSec, the main focus lies on strategic security topics.  DeepSec 2011 takes place from the 15th-18th of November, it’ll […]

Tags: ,
Posted in Press Comments Off on Press Release: How Terrorists encrypt, tenuous Security Situations concerning GSM Networks and IPv6 under Attack

Talk: Intelligent Bluetooth fuzzing – Why bother?

September 21, 2011

Bluetooth devices and software implementations have been a fruitful playground for security researchers for years. You probably remember the PoC code from the trinifite.group and other bugs dragged out into the open. Riding public transport often led to Bluetooth scanning with tools such as Blooover. But that’s all past and gone. Software has evolved. Developers […]

Tags: , , ,
Posted in Conference, Security Comments Off on Talk: Intelligent Bluetooth fuzzing – Why bother?

Talk: IT Security Compliance Management can be done right

September 20, 2011

Your IT infrastructure needs more than hardware or software. If your IT landscape is big enough you already know that. The question how to tackle compliance management remains. What kind of internal and external controls from regulations and other sources are there? What is IT-Risk and IT-Compliance management? Why and for whom does it matter? […]

Tags: , ,
Posted in Conference Comments Off on Talk: IT Security Compliance Management can be done right

Talk: Windows Pwn 7 OEM – Owned Every Mobile?

September 19, 2011

Windows Phone is an operating system for mobile phones. Similar to other operating systems it has security features such as sandboxing applications, APIs for exchanging data across applications and isolation of storage built in. It also offer methods for encrypting data on the phone itself. There’s more documentation out in the Internet or directly available […]

Tags: , , ,
Posted in Conference Comments Off on Talk: Windows Pwn 7 OEM – Owned Every Mobile?

Talk: How To Rob An Online Bank And Get Away With It

September 18, 2011

We’ve all heard of – or have even been a victim of – attacks against online banking users where malware on their computers stole their identities and transferred their money to offshore mules’ accounts. While such attacks are still possible and will probably remain a viable threat, they suffer from severe limitations: the loot is […]

Tags: , , ,
Posted in Conference Comments Off on Talk: How To Rob An Online Bank And Get Away With It

When Blackholes backfire…

September 15, 2011

According to our current scientific folklore nothing will ever come out of a black hole, no matter or particles, no light, no information. But black holes in networking  can backfire from time to time. Of course I’m talking about “black-holing” Internet traffic, a strategy often used on backbones to defend against attacks, specifically flooding, DDoS […]

Posted in Internet, Odd, Stories Comments Off on When Blackholes backfire…

Talk: Reassemble or GTFO! – IDS Evasion Strategies

September 15, 2011

Ever since network intrusion technology was introduced, attackers have tried to evade detection. The tactics for evasion changed over time, but there really was no point in the past when evasion was not discussed. This is especially true for all things HTTP, because web applications transmit a rich set of data between server and client […]

Tags: , ,
Posted in Conference Comments Off on Talk: Reassemble or GTFO! – IDS Evasion Strategies

Talk: An online Game Trojan Framework from China Underground Market

September 14, 2011

Malware infecting computers always serves a purpose. Zombies, as infected systems are called, usually connect to a Command & Control channel and receive their orders from the owners of the zombie herd. Malicious software can also be used as a tool for retrieving information. Some of these tools are specialised and look for specific data […]

Tags: , ,
Posted in Conference Comments Off on Talk: An online Game Trojan Framework from China Underground Market

Talk: Do They Deliver – Practical Security and Load Testing of Cloud Service Providers

September 13, 2011

No technology has produced more hot air and confusion than All Things Cloud™. This is not meant to be the introduction for yet another rant. It serves to illustrate what happens when you talk about complex infrastructure and use too much simplification. The Cloud infrastructure is no off-the-shelf gadget you can buy by the dozen, […]

Tags: ,
Posted in Conference Comments Off on Talk: Do They Deliver – Practical Security and Load Testing of Cloud Service Providers

Workshop: The Art of Exploiting Injection Flaws

September 12, 2011

If you have ever developed a web application you know that attackers try to exploit requests to the web server in order to inject commands sent to a database server. This attack is called SQL injection. It is done by modifying data sent through web forms or parameters that are part of a request to […]

Tags: , ,
Posted in Conference Comments Off on Workshop: The Art of Exploiting Injection Flaws

Workshop: Attacks on GSM Networks

September 10, 2011

The topic of GSM networks has been discussed at past DeepSec conferences right from the very first event in 2007. Recent years saw a significant increase of research in GSM attacks: The weaknesses of A5/1 encryption have been demonstrated and exploited, several GPRS networks in Europe have been shown to be insecure, and an ever-growing […]

Tags: , , ,
Posted in Conference Comments Off on Workshop: Attacks on GSM Networks