Archive for October, 2014

DeepSec 2014 Talk: Build Yourself a Risk Assessment Tool

October 29, 2014

„The only advice I might give to everyone who is responsible for information security is that it is never about a tool or a methodology“, says Vlado Luknar. The never-ending quest for the “best” tool or methodology is a futile exercise. In the end it is you, the security specialist, who adds the most value […]

Tags: , , ,
Posted in Conference, Interview 1 Comment »

DeepSec 2014 Talk: Cloud-based Data Validation Patterns… We need a new Approach!

October 28, 2014

Data validation threats (e.g. sensitive data, injection attacks) account for the vast majority of security issues in any system, including cloud-based systems. Current methodology in nearly every organisation is to create data validation gates. But when an organisation implements a cloud-based strategy, these security-quality gates may inadvertently become bypassed or suppressed. Everyone relying on these […]

Tags: , , , ,
Posted in Conference, Interview Comments Off on DeepSec 2014 Talk: Cloud-based Data Validation Patterns… We need a new Approach!

DeepSec 2014 Talk: Safer Six – IPv6 Security in a Nutshell

October 20, 2014

The Internet Protocol Version 6 (IPv6) is the successor to the currently main IP Version 4 (IPv4). IPv6 was designed to address the need for more addresses and for a better routing of packets in a world filled with billions of networks and addresses alike. Once you decide to develop a new protocol, you have […]

Tags: , , , , ,
Posted in Conference, Internet, Interview 2 Comments »

DeepSec 2014 Workshop: Hacking Web Applications – Case Studies of Award-Winning Bugs

October 14, 2014

The World Wide Web has spread vastly since the 1990s. Web technology has developed a lot of methods, and the modern web site of today has little in common with the early static HTML shop windows. The Web can do more. A lot of applications can be accessed by web browsers, because it is easier […]

Tags: , , ,
Posted in Conference, Training 4 Comments »

DeepSec 2014 Workshop: Understanding x86-64 Assembly for Reverse Engineering and Exploits

October 14, 2014

Assembly language is still a vital tool for software projects. While you can do a lot much easier with all the high level languages, the most successful exploits still use carefully designed opcodes. It’s basically just bytes that run on your CPU. The trick is to get the code into position, and there are lots […]

Tags: , , , ,
Posted in Training 1 Comment »

RandomPic XSA-108

October 2, 2014

What a couple of Infosec people thought about XSA-108. Apparently some were a little bit disappointed that XSA-108 affects “only” HVM. Sorry, not another catastrophy, not another heartbleed, Shellshock or something in this class. Only a vulnerability which potentially allows access to other VMs. Anyway, time for an update! (Idea shamelessly stolen from aloria)

Posted in High Entropy, RandomPic Comments Off on RandomPic XSA-108