Archive for February, 2012

Security in the Trenches (or how to get dirty and stay clean)

February 27, 2012

Sometimes you have to get dirty, sometimes it’s fun to get dirty. No it’s not what might come to mind, it’s about the dirty business of information security: you have to break things to see if they are secure enough and to learn about weak points. But what to break? Your own systems? Someone else’s […]

Tags: , ,
Posted in Security, Stories Comments Off on Security in the Trenches (or how to get dirty and stay clean)

About the fineprint in Software patents (Motorola vs. Apple)

February 24, 2012

Recently Motorola sued Apple because of Patent EP0847654 and Apple deactivated the push function for e-mails. Only on mobile platforms. Only for iCloud and MobileMe. Only within the borders of Germany. See http://support.apple.com/kb/TS4208. What happened? While everyone in the blogosphere is ranting about e-mail pushing being patented etc. I dared to search for the original […]

Tags:
Posted in High Entropy, Internet Comments Off on About the fineprint in Software patents (Motorola vs. Apple)

Five Million, quick and easy!

February 19, 2012

A good friend and former colleague of mine asked me recently, whether I could give him a tip how to make 5M quick and easy. My answer was “Nothing I could think of which doesn’t involve a lot of nasty things and imply a long stay in jail”. But that’s not what I wanted to […]

Tags:
Posted in High Entropy, Odd, Security Intelligence Comments Off on Five Million, quick and easy!

DeepINTEL 2012 – Security Intelligence Call for Papers

February 17, 2012

We already gave some hints on our security intelligence event we are planning for end of Summer. We now have a date and a venue: DeepINTEL will be held on September 3rd and 4th near Salzburg in Austria. This single track two day event addresses mainly critical infrastructure, state organizations (administrative and law enforcement), accredited […]

Tags: , , , ,
Posted in Administrivia, Security Intelligence 4 Comments »

Of CAs, DLP, CSRs, MITM, inspection and compliance

February 16, 2012

Writing about certificate authorities is slowly turning into beating dead horses. We have seen a couple of security breaches at CAs in the past. We have witnessed security researchers turning to SSL/TLS. Fairly recently researchers have put RSA keys to the test and found common prime factors in thousands of keys. Now we have a […]

Tags: , ,
Posted in Discussion, Security Comments Off on Of CAs, DLP, CSRs, MITM, inspection and compliance

Thoughts about “Offensive Security Research”

February 11, 2012

Ever since information relevant for security was published, there have been discussions about how to handle this information. Many remember the full/no/responsible disclosure battles that frequently erupt. There is a new term on stage. Its name is „offensive security research“. The word „offensive“ apparently refers to the intent to attack IT systems. „Security“ marks the […]

Tags: ,
Posted in Discussion, Security 1 Comment »

DeepSec 2012 – Call for Papers

February 10, 2012

The Finux Tech Weekly episode containing an interview with MiKa and me beats our announcement of the Call for Papers by 4 hours, but here’s the text. Enjoy! DeepSec 2012 “Sector 6” – Call for Papers We are looking for talks and trainings for the DeepSec In-Depth Security Conference 2012 (“Sector 6”). We invite researchers, […]

Tags: ,
Posted in Administrivia, Conference Comments Off on DeepSec 2012 – Call for Papers