Archive for January, 2016

DeepSec Video: 50 Shades of WAF – Exemplified at Barracuda and Sucuri

January 30, 2016

Sometimes your endpoint is a server (or a couple thereof). Very often your server is a web server. A lot of interesting, dangerous, and odd code resides on web servers these days. In case you have ever security-tested web applications, you know that these beasts are full of surprises. Plus the servers get lots of […]

Tags: , , , , ,
Posted in Conference, Security Comments Off on DeepSec Video: 50 Shades of WAF – Exemplified at Barracuda and Sucuri

DeepSec Video: Temet Nosce – Know thy Endpoint Through and Through; Processes to Data

January 29, 2016

Endpoint security is where it all starts. The client is the target most attackers go after. Once you have access there (let’s say by emailing cute cat videos), you are in. Compromised systems are the daily routine of information security. Even without contact  with the outside world, you have to think about what happens next. […]

Tags: , , , ,
Posted in Conference 5 Comments »

DeepSec Video: Cyber Cyber Cyber Warfare: Mistakes from the MoDs

January 28, 2016

The  word cyber has entered the information security circus a couple of years ago. It should have been long gone according to its creator William Gibson. Meanwhile everything has developed into something being cyber – CSI, war, politics, security, homes, cars, telephones, and more. Inventing new words helps to distract. Distraction is what Raoul Chiesa […]

Tags: , , ,
Posted in Conference, Internet, Security 2 Comments »

DeepSec Video: The German Data Privacy Laws and IT Security

January 27, 2016

Data protection and information security are often seen as different species. Why? Where is the difference between protection, defence, security, and offence? There are a lot of relations between the terms. Stefan Schumacher (Magdeburger Institut für Sicherheitsforschung) gave a presentation at DeepSec 2015 on how to link privacy with security: „Hesse introduced the first data […]

Tags: , , , ,
Posted in Conference, Discussion, Legal, Schedule 2 Comments »

Last Chance to See: RuhrSec Early Bird Tickets

January 26, 2016

If you have no money but some time to spare, you should head over to the RuhrSec ticket shop and get yourself some freshly issued Early Bird tickets! Our friends in Bochum have a decent schedule for you. Inevitably  the Internet of Things gets broken (again), you hear more about TLS v1.3, caches get a […]

Tags: , , , ,
Posted in Administrivia, Conference 9 Comments »

DeepSec Video: Deactivating Endpoint Protection Software in an Unauthorized Manner

January 26, 2016

The information technology world is full of fancy words that re-invent well-known and well-understood terms. Everyone is talking about the endpoint these days. Endpoint is the trusty old client in disguise. Plus the end in endpoint doesn’t means that something ends there. From the information security point of view all your troubles actually start there. […]

Tags: , , ,
Posted in Conference, Security 2 Comments »

DeepSec Video: Bridging the Air-Gap – Data Exfiltration from Air-Gap Networks

January 25, 2016

Isolation is a prime ingredient of information security. The air-gap is the best way to isolate systems. Only wireless communication can transport data across these gaps. Apart from Wi-Fi the signals of mobile radio communication are very common. At DeepSec we have seen a lot of hacking when it comes to mobile phones and their […]

Tags: , , , ,
Posted in Conference, Security 6 Comments »

DeepSec Video: Yes, Now YOU Can Patch That Vulnerability Too!

January 24, 2016

Once you got software, you most probably got yourself some decent bugs. Software vulnerabilities are everywhere. They come with the code. Managing patches and changes is they way of handling these weaknesses. At DeepSec 2015 Mitja Kolsek spoke about a new way of addressing vulnerabilities: „Software vulnerabilities are likely the biggest problem of information security, […]

Tags: , , , ,
Posted in Conference, Security 6 Comments »

DeepSec Video: A Case Study on the Security of Application Whitelisting

January 21, 2016

Application whitelisting is a method where you create a baseline selection of software on a system. You then freeze the state, and after this point any code not being part of your original „white list“ is considered dangerous and blocked from execution. In theory this should prevent the execution of malware and therefore protect against […]

Tags: , ,
Posted in Conference, Discussion, Security 3 Comments »

DeepSec Video: A Death in Athens – The inherent Vulnerability of “Lawful Intercept” Programs

January 20, 2016

In politics it is en vogue to create new words by connecting them. The words „cyber“ and „lawful“ come to mind. You can add „crime“ and „intercept(ion)“, and then you got something. Actually you can combine both of the latter words with the first two. Either combination makes sense if you take a look at […]

Tags: , , , , , ,
Posted in Conference, Discussion 2 Comments »

DeepSec 2015 Videos are being published!

January 20, 2016

As you may have noticed, we have sorted out the problems with the DeepSec 2015 recordings. Handling heavy multimedia files isn’t for the faint of heart – especially if one forgets to turn off the Twitter notifications while uploading broken video files. We have fixed this. Apparently the new uploader code took us (and our […]

Tags: , ,
Posted in Administrivia, Conference 9 Comments »

Here be Dragons – SIGINT won’t go away in 2016 (or later)

January 20, 2016

The new year is a couple of weeks old. Not much has changed from the perspective of information security. The word „cyber“ is still alive and kicking (just as the „cloud“ is, despite Safe Harbour not being safe any more). Crypto is being used as a scapegoat for major intelligence failures – again and again. […]

Tags: , , ,
Posted in Conference 1 Comment »