Archive for October, 2011

Lessons in Trust and Malicious Code from the Staatstrojaner

October 31, 2011

Since it is Halloween we will beat an undead horse in our blog today. Zombies are all the fashion both in literature and on your computer. The question is: Are all zombies alike? Are there good and bad zombies, or only bad ones? How can you distinguish between good and evil intentions if all you […]

Tags: , ,
Posted in Security Comments Off on Lessons in Trust and Malicious Code from the Staatstrojaner

Defending against the Hype of Advanced Persistent Threat (APT)

October 31, 2011

Many articles like to mention Advanced Persistent Threat (APT), point out that 0-day attacks are extremely dangerous, and that anyone and your neighbour might already be compromised, but doesn’t know about it. So APT casts a long shadow even when not having arrived yet. This is exactly why we used the word „hype“ in the […]

Tags: , , ,
Posted in Security 1 Comment »

Talk: Bond Tech – I Want More Than Movie Props

October 30, 2011

I watched „Bolt“ with my daughter yesterday. She’s still young and needed some time to distinguish fiction from reality, just like Bolt himself. If you regularly use (security) tools, then you might get a bit jealous about all these super-science skills and gadgets. This is especially true when it comes to the toys of James […]

Tags: , , ,
Posted in Conference Comments Off on Talk: Bond Tech – I Want More Than Movie Props

Talk: The Security of non-executable Files

October 27, 2011

Recent security incidents push the imagination of some people to the limits. On today’s menu are U.S. Government satellites (done before albeit with a different vector), insulin pumps, automatic teller machines, smartphones linked to cars, and even vending machines in wilderness resort parks. What’s next? Executing code by the use of postcards or printed newspapers? […]

Tags: , ,
Posted in Conference Comments Off on Talk: The Security of non-executable Files

Talk: FakeAntiVirus – Journey from Trojan to a Persisent Threat

October 26, 2011

You run the latest software defending you against malicious code. You have your best filters deployed. Your firewalls are tight as granite. Your crypto is flawless. Your authentication is watertight. But you’re still being attacked and have probably been compromised. What happened? There’s always the attack vector through social engineering. Combine this with a web […]

Tags: , ,
Posted in Conference Comments Off on Talk: FakeAntiVirus – Journey from Trojan to a Persisent Threat

Dissection of Malware and Legality

October 24, 2011

You have probably seen the articles about the 0zapftis (a.k.a. the German Federal Trojan) malware used by the German police for investigation. There’s a lot going on in Germany and the German parliament, so we’d like to point out the issue of dissecting governmental malware and its relation to common sense and the law. The […]

Tags: , , , ,
Posted in Discussion, Security Comments Off on Dissection of Malware and Legality

Stealing Digital Assets with Knives

October 22, 2011

This article on the ElReg® web site caught my attention today. Police forces in England and Wales read the statistics stemming from crime reports more closely. They think to have found a correlation between the increase of robbery and robbery with knives and the demand for smartphones to sell on the black market. The stolen […]

Tags: , , , ,
Posted in Discussion, High Entropy Comments Off on Stealing Digital Assets with Knives

DeepSec auf Radio Netwatcher am 25. Oktober 2011

October 22, 2011

We did an interview with Radio Netwatcher. You can listen to it on 25 October 2011 at 1800 CEST on radio ORANGE 94.0 (Austria and other countries where the content is syndicated). The interview is in German. It covers the 0zapftis trojan horse, malware in general, security (of course), DeepSec 2011 and the Austrian Big […]

Tags: , ,
Posted in Communication Comments Off on DeepSec auf Radio Netwatcher am 25. Oktober 2011

Security Intelligence, two different Approaches

October 20, 2011

We are monitoring activities around Security Intelligence since a while and found quite different understandings and approaches. Security Intelligence is one the newest disciplines in the area of Information Security and the goals seems to be quite vague. Different organizations seem to have totally different understandings of what Security Intelligence should be about. To illustrate […]

Posted in Internet, Report, Security Comments Off on Security Intelligence, two different Approaches

Press Release: From Car to „Zombie“ – Data-driven Attacks on Automobiles

October 19, 2011

Data-driven Attacks on Automobiles Security conference DeepSec broaches the issue of automobile security  Vienna – Hacking attacks on cars sound like something out of a Hollywood blockbuster. However, they’re possible today and pose a real threat for individuals and the automotive industry. The international security conference DeepSec, which takes place between the 15th and 18th […]

Tags: , , ,
Posted in Press Comments Off on Press Release: From Car to „Zombie“ – Data-driven Attacks on Automobiles

Talk: Behavioral Security: 10 steps forward 5 steps backward

October 17, 2011

How do you distinguish good from evil? Have you ever asked yourself this question? In order to avoid diving into philosophy let’s translate evil to harmful and good to harmless. What’s your strategy to find out if something is harmful or harmless? When it comes to food maybe you try a small bit and gradually […]

Tags: , ,
Posted in Conference Comments Off on Talk: Behavioral Security: 10 steps forward 5 steps backward

Talk: Extending Scapy by a GSM Air Interface

October 16, 2011

Scapy is the „Swiss Army tool“ among security software. Scapy is a powerful interactive packet manipulation program. It is used for scanning, probing, testing software implementations, tracing network packets, network discovery, injecting frames, and other tasks. So it’s a security power tool useful for a lot of tasks in security research. Wouldn’t it be nice […]

Tags: , , , ,
Posted in Conference Comments Off on Talk: Extending Scapy by a GSM Air Interface

Talk: Design and Implementation of a Secure Encryption-Layer for Skype Voice-Calls

October 14, 2011

You probably use communication tools that transport the voice/messaging data over the Internet. We’re not speaking about e-mail, but about recent software of the information age – Skype. Skype is widely used for audio/video chats around the world. Its security is shrouded in proprietary mystery and many urban legends exist. In 2006 Philippe Biondi and […]

Tags: , , ,
Posted in Conference Comments Off on Talk: Design and Implementation of a Secure Encryption-Layer for Skype Voice-Calls

Mobile Phone Calls as Security Risk

October 13, 2011

Do you rely on your mobile phone? Do you frequently call someone or get called? Do you transmit messages or data across mobile phone networks? Maybe you shouldn’t unless you use additional security layers since mobile phone networks must be regarded as a security risk. Karsten Nohl of Security Research Labs has taken a look […]

Tags: , , , ,
Posted in Conference, Security Comments Off on Mobile Phone Calls as Security Risk

Workshop: Social Engineering for IT Security Professionals

October 12, 2011

Social Engineering has been around for a long time and predates the Internet. The method of the Nigerian scams today dates back to the 16th century. It is much more widespread today. Social networking sites supply attackers with a rich source of information. They may even get hold of confidential information without any effort (as […]

Tags: , ,
Posted in Conference Comments Off on Workshop: Social Engineering for IT Security Professionals