Archive for January, 2014

DeepSec 2013 Video: Effective IDS Testing – The OSNIF’s Top 5

January 30, 2014

Intrusion detection systems can be a valuable defence mechanism – provided you deploy them correctly. While there are some considerations to your deployment process, these devices or software installations require some more thought before you choose a specific implementation. Testing might be a good idea. If you want to detect intruders, then it would be […]

Tags: , ,
Posted in Conference, Security 5 Comments »

DeepSec supports BSidesLondon – join the Rookie Track!

January 29, 2014

The next BSidesLondon on 29 April will feature a Rookie Track again. We are glad to support the event with a ticket to DeepSec 2014 and two accommodations at our conference hotel for the best rookie delivering a presentation. We will also be present at BSidesLondon to get in touch with you (and to watch […]

Tags: ,
Posted in Administrivia, Conference 1 Comment »

DeepSec 2013 Video: Hacking Medical Devices

January 29, 2014

Modern technology expands into various areas of our lives all by its own. Medical facilities also use networks and networked devices. This makes sense since monitoring vital signs creates data you want to transport to your staff. Regardless of the technology used, once you expose the device to the outside world it needs to be […]

Tags: , , , ,
Posted in Conference, Security 2 Comments »

DeepSec 2013 Video: Building The First Android IDS On Network Level

January 28, 2014

Did you know that you can do more than playing Angry Birds on your smartphone? You can get attacked for example. Since your smart phone is Turing complete, you can do what you want. Jaime Sánchez presented the first Android Intrusion Detection System at DeepSec 2013. Mobile malware and threats are clearly on the rise, […]

Tags: , , ,
Posted in Conference 2 Comments »

DeepSec 2013 Video: Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Oddities

January 27, 2014

Ever since intrusion detection systems were put into operation, attackers have found ways to evade discovery. So what can you expect from the wonderful tools that are designed to detect intrusions? If you are looking for metrics which can easily compared and have a connection to your typical production environment, then you are mistaken. There […]

Tags: , , , , ,
Posted in Conference, Security 4 Comments »

DeepSec 2013 Video: Cracking Open “Secure” Android Containers

January 19, 2014

Cell phones, especially the smart ones, become more and more part of your company’s infrastructure. These devices accumulate software (a.k.a. „apps“), authentication tokens, passwords, and a lot of data worthy of protection. While smartphone systems have their own protection mechanisms, not every one of them might work reliably. Chris John Riley explains in his presentation […]

Tags: , , , ,
Posted in Conference 9 Comments »

DeepSec 2013 Video: Cracking And Analyzing Apple iCloud Protocols

January 17, 2014

The „Cloud“ has been advertised as the magic bullet of data management. Basically you put all your precious eggs into one giant basket, give it to someone else, and access your data from everywhere – provided you have a decent Internet connection. Since someone else is now watching over your data, you do not always […]

Tags: , , , ,
Posted in Conference 3 Comments »

DeepSec 2013 Video: spin – Static Instrumentation For Binary Reverse-Engineering

January 15, 2014

Reverse engineering is a fundamental tool of information security research. The news coverage of the past year have given black boxes a bad name. David Guillen Fandos introduces methods for binary reverse-engineering in his presentation at DeepSec 2013. Binary instrumentation is used for performance evaluation, CPU emulation, tracing, and profiling. It can also be used […]

Tags: , , ,
Posted in Conference Comments Off on DeepSec 2013 Video: spin – Static Instrumentation For Binary Reverse-Engineering

DeepSec 2013 Video – Relax Everybody: HTML5 Is Securer Than You Think

January 14, 2014

A lot of tags have been created since the 1980s when the foundation of the modern World Wide Web was born. HTML5 is being deployed on servers around the world. Just like the many 802.11xyz wireless standards it is being used before the stable standard has been released by the W3C. Moving targets attract all […]

Tags: , , ,
Posted in Conference 3 Comments »

DeepSec 2013 Video: Psychology of Security – a Research Programme

January 13, 2014

The DeepSec 2013 keynote presentation featured the cultural background of China in order to better understand the news about impending „cyber doom“. The past year has shown that you need a lot more than hands-on information security if you want to make sense of incidents. Next to history and culture there is psychology. In his […]

Tags: , , ,
Posted in Conference 1 Comment »

Applied Crypto Hardening (ACH) Project

January 2, 2014

DeepSec 2013 featured a talk about the Applied Crypto Hardening (ACH) project. In the wake of the discussion about attacks on cryptography itself and implementations of cryptographic standards almost every aspect of encrypted communication needs to be reviewed. Since system administrators, developers, and other IT staff usually has not the same expertise as crypto experts, […]

Tags: , , ,
Posted in Communication, Security Comments Off on Applied Crypto Hardening (ACH) Project