Archive for October, 2012

Zombies at the Hospital

October 31, 2012

It’s 31 October, so we have to talk about these zombies. You know them from the horror films. Dead, evil, and always hungry for brains (the latter also being true for any self-respecting HR department). Security researchers know a different kind of zombie. A zombie computer is a machine or device infected by a computer […]

Tags: , ,
Posted in High Entropy, Security Comments Off on Zombies at the Hospital

DeepSec 2012 Talk: The „WOW Effect“

October 24, 2012

If you have ever been in the position of analysing the remains of a compromised system, then you will probably know that a lot of forensic methods rely on data stored in file systems. Of course, you can always look at individual blocks, too, however sooner or later you will need the logical structure of […]

Tags: , , , ,
Posted in Conference Comments Off on DeepSec 2012 Talk: The „WOW Effect“

Groundhog Day (Not a Film Review)

October 20, 2012

Recently there was a re-run of the movie “Groundhog Day” on German TV and after a while I felt a familiar feeling: Our security efforts are a lot like the story. The protagonist is caught in something like a time-loop until he gets everything right. A previously cynical, disrespecting, arrogant and selfish news reporter wakes […]

Posted in High Entropy, Security 1 Comment »

DeepSec 2012 Keynote: We Came In Peace – They Don’t: Hackers vs. CyberWar

October 19, 2012

„Cyberwar“ is all the fashion these days. Everyone knows about it, everyone has capabilities, everyone has a military doctrine to deal with it. Sceptics make fun of it, politicians use it for election campaigns, security researchers wonder what’s new about it, „experts“ use it to beef up their CV, cybercrime yawns, journalists invent new words, […]

Tags: , , ,
Posted in Conference 3 Comments »

DeepSec 2012 Talk: I’m the guy your CSO warned you about

October 15, 2012

Social engineering has a bit of a soft touch. Mostly people think of it as “you can get into trouble by talking to strangers”, remember the “don’t talk to strangers” advice from their parents, dismiss all warnings and will get bitten by social security leaks anyway. You have to talk to people, right? You are […]

Tags: , , , ,
Posted in Conference Comments Off on DeepSec 2012 Talk: I’m the guy your CSO warned you about

DeepSec 2012 Talk: Passive IPS Reconnaissance and Enumeration – false positive (ab)use

October 14, 2012

Once you have a network, you will have intruders. You may already have been compromised. How do you know? Right, you use proper and hard to fool monitoring tools that will always detect good and evil. If you believe this statement, then you probably never heard of the dreaded false positive, commonly known as false […]

Tags: , , , ,
Posted in Conference Comments Off on DeepSec 2012 Talk: Passive IPS Reconnaissance and Enumeration – false positive (ab)use

DeepSec 2012 Talk: Own the Network – Own the Data

October 12, 2012

We all use networks every day. This is obvious when it comes to the Internet, but there are more networks if you use phones and other gadgets. Like it or not, these networks are a part of your infrastructure. Now you know, but attackers (and security people) knew this before. So, what can happen to […]

Tags: , ,
Posted in Conference Comments Off on DeepSec 2012 Talk: Own the Network – Own the Data

DeepSec 2012 Workshop: Web Application Penetration Testing

October 11, 2012

If eyes are the window to your soul, then web applications are the gateways to your heart. Of course this is only a figure of speech, but once you take a look at security incidents and the role of web applications, then you get the idea of the analogy. Web applications are everywhere. It’s not […]

Tags: , , ,
Posted in Conference, Training Comments Off on DeepSec 2012 Workshop: Web Application Penetration Testing

High Availability is not Redundancy

October 11, 2012

This is about the “A” in the CIA triad of security: Confidentiality, Integrity, Availability Just recently I was a witness of an incident where the failure of a perceived redundant system caused an outage of more than 5 hours of the central IT services of a multinational/intercontinental enterprise. Vital services like VoIP calls and conference […]

Tags: , ,
Posted in High Entropy, Odd 1 Comment »

DeepSec 2012 Talk: The Interim Years of Cyberspace – Security in a Domain of Warfare

October 6, 2012

In case you haven’t heard about it yet, officially that is, welcome to the fifth domain! As with space and other environments, the networked world has been discovered by various forces and groups for their advantage. The past years have shown that whatever happens in Cyberspace, doesn’t always stay in Cyberspace. It’s not always about […]

Tags: , , , ,
Posted in Conference Comments Off on DeepSec 2012 Talk: The Interim Years of Cyberspace – Security in a Domain of Warfare

DeepSec 2012 Talk: Evolution of E-Money

October 5, 2012

The concept of electronic money has been around long before BitCoin entered the stage. The main characteristic is its electronic storage and exchange. This is both convenient and dangerous since digital goods can be stolen by copying data or cracking codes, depending on the design of the e-money system (which often will involve cryptographers). Jon […]

Tags: , , ,
Posted in Conference Comments Off on DeepSec 2012 Talk: Evolution of E-Money

DeepSec 2012 Talk: The Vienna Programme – A Global Strategy for Cyber Security

October 5, 2012

In case you ever felt frustrated by the countless ways digital systems can fail, you should consider listening to Stefan Schumacher‘s talk about a global strategy for cyber security. It’s not about silver bullets or throwing rings into volcanoes, it’s meant as a roadmap leading to an improved security level in our digital landscape. Information […]

Tags: , , , ,
Posted in Conference Comments Off on DeepSec 2012 Talk: The Vienna Programme – A Global Strategy for Cyber Security

DeepSec 2012 Workshop: Social Engineering Testing for IT Security Professionals

October 2, 2012

Social engineering has been big in the news yet again this year.  In September, security researchers discovered an attack against Germany’s chipTAN banking system, in which bank customers were tricked into approving fraudulent transfers from their own accounts. In August, tech journalist Mat Honan had his digital life erased, as hackers social engineered Apple and […]

Tags: , , ,
Posted in Conference, Training Comments Off on DeepSec 2012 Workshop: Social Engineering Testing for IT Security Professionals