Archive for November, 2013

DeepINTEL 2014 – 3rd Security Intelligence Conference – Call for Papers is open!

November 21, 2013

Good news everyone, there will be a DeepINTEL conference in 2014, and we are looking for presentations! DeepINTEL 2014 will be held in September at the same location as in 2013. This single track two day event addresses mainly critical infrastructure, state organizations (administrative and law enforcement), accredited CERTs, finance organizations and trusted parties and […]

Tags: , ,
Posted in Administrivia, Call for Papers, Security Intelligence Comments Off on DeepINTEL 2014 – 3rd Security Intelligence Conference – Call for Papers is open!

The DeepSec 2013 Conference – „Secrets, Failures, and Visions“

November 21, 2013

Welcome to the DeepSec 2013 In-Depth Security Conference! The seventh DeepSec has just started. We welcome everyone at the conference venue and everyone else Out There™ connected by networks. If you have a Twitter account, make use of the hashtag #DeepSec. We will have an eye on tweets throughout the conference. So if you have […]

Tags:
Posted in Conference 2 Comments »

Last Changes to DeepSec 2013 Schedule

November 19, 2013

Unfortunately we had to change our DeepSec 2013 schedule again. We promise that this will be the last changes before the conference starts (or a certain Murphy will get a talk slot). Marcus Ranum couldn’t make it to DeepSec. He apologised, and there really is no way he could have made it. We will invite […]

Tags: ,
Posted in Administrivia, Conference Comments Off on Last Changes to DeepSec 2013 Schedule

DeepSec 2013 Talk: Bypassing Security Controls With Mobile Devices

November 15, 2013

How do you counter threats emerging from a new trend? Well, standard practice is to buy a new appliance, add-on, or similar magic trick. People do this currently with the trend of Bring Your Own Device (BYOD). Once you say yes to BYOD, you just gave Santa Claus (or your chief financial officer) more options […]

Tags: , , ,
Posted in Conference, Security 1 Comment »

DeepSec 2013 Talk: Supply Chain – The Exposed Flank

November 15, 2013

Securing your own perimeter is the prime task IT security teams are worried about. However there is Murphy’s Law of Firewalls, too. Given a sufficient amount of time, business requirements will pierce a lot of holes in your firewall and your defences. Once you work with suppliers, you will have to deal with their perimeters […]

Tags: , ,
Posted in Conference, Security, Stories 1 Comment »

DeepSec 2013 Talk: Building The First Android IDS On Network Level

November 13, 2013

Being popular is not always a good thing and here’s why: As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. The threat to mobile devices, however, is not limited to rogue versions […]

Tags: , , , ,
Posted in Conference, Development, Security 3 Comments »

DeepSec 2013 Talk: Malware Datamining And Attribution

November 13, 2013

The production of code leaves traces in the final binary. There can be debugging symbols present, which give you a lot of information. Maybe the binary has some commonly used libraries or functions. A lot of fingerprinting can be done with software. Why is this of interest? Well, there is the attribution problem of attacks […]

Tags: , , ,
Posted in Conference, Security 2 Comments »

DeepSec 2013 Talk: My Name Is Hunter, Ponmocup Hunter

November 12, 2013

Defending one’s own resources against malicious software is daily business for information security professionals. Usually you deploy a range of measures and try to minimise the risk. It may or may not work, depending if you have to fear the mysterious Advanced Persistent Threat (APT). APTs are highly targeted, very stealthy and can greatly impact […]

Tags: , , ,
Posted in Conference, Security Comments Off on DeepSec 2013 Talk: My Name Is Hunter, Ponmocup Hunter

DeepSec 2013 Talk: Cultural Learning Of China To Make Benefit Glorious Profession Of Infosec

November 11, 2013

If something happens in your network, it’s an established custom to blame it on China. This approach is tried and true among the Chief Information Officers (CIOs) who have some explaining to do. Throw in the inevitable Advanced Persistent Threat (APT) and you are set. No more explanations necessary. Why is that? Well, most people […]

Tags: , , , ,
Posted in Communication, Conference, Security Intelligence Comments Off on DeepSec 2013 Talk: Cultural Learning Of China To Make Benefit Glorious Profession Of Infosec

DeepSec 2013 Talk (U21): The Dark Side of the Internet

November 10, 2013

You may have heard of background radiation. It’s the kind of ionizing radiation you are exposed when wandering around on this planet. The sources are radioactive isotopes in the air, the soil, our food, and the water. In addition there is cosmic radiation from outer space. So even without artificial radiation sources you will have […]

Tags: , , , ,
Posted in Conference, Internet Comments Off on DeepSec 2013 Talk (U21): The Dark Side of the Internet

DeepSec 2013 Talk: CSRFT – A Cross Site Request Forgeries Toolkit

November 9, 2013

Cross Site Request Forgery (CSRF) is a real threat to web users and their sessions. To quote from the OWASP web site: „CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.“ Combined with social engineering this is a very effective attack […]

Tags: , , , ,
Posted in Conference, Security Comments Off on DeepSec 2013 Talk: CSRFT – A Cross Site Request Forgeries Toolkit

DeepSec 2013 Talk: Mobile Fail: Cracking Open “Secure” Android Containers

November 8, 2013

Over the last few years the desire to have information at our fingertips whenever and wherever we want has driven us more and more towards mobile devices. The convenience of having our email, files and access codes available to us on our smartphones or tablets has given rise to a new problem… that of securing […]

Tags: , , , ,
Posted in Conference, Security 4 Comments »

DeepSec 2013 Talk: Future Banking And Financial Attacks

November 7, 2013

Hey, you! Want to know a secret? Your adversaries are after money. Taken the „cyber shoot-outs“ of governments aside, no sophisticated attack happens without economical benefits. Attackers don’t care where the money comes from. However they care for efficiency. They do not compromise web server after web server to hope for some loot which can […]

Tags: , , , ,
Posted in Conference, Security 2 Comments »

DeepSec 2013 Talk: Risk Assessment For External Vendors

November 6, 2013

No man is an island. If this is true for every single one of us, then it is also true for companies. Modern enterprises have business to business (B2B) relations. They are at the centre of a network of suppliers and other vendors. Information flows between the players since they need to exchange data. What […]

Tags: , , , ,
Posted in Conference, Security, Stories 1 Comment »

No more Early Birds! No Regular! Get your DeepSec 2013 tickets now!

November 5, 2013

If you like to attend DeepSec 2013, here’s your last chance. Space is getting crowded and the ticket sale enters the last minute tariff! For everyone interested in booking tickets for the workshops, now is the time! Don’t wait for others to fill your seat. You have been warned. In case you are still deciding, […]

Tags: ,
Posted in Administrivia, Conference 3 Comments »