OpenPGP.conf is calling for Content

René Pfeiffer/ July 30, 2016/ Call for Papers, Conference, Security

If you don’t know what PGP means (or GPG), you should consult your favourite search engine. While it has a bad reputation for its usability, it is a lot more useful than the rumours might suggest (please attend your local CryptoParty chapter for more details). This is why the German Unix Users Group organises an OpenPGP.conf event. It takes place on 8/9 September 2016 in Cologne, Germany. The Call for Papers is still running, so  be quick and submit. The international conference, initiated by Werner Koch, maintainer of the free OpenPGP implementation Gnu Privacy Guard (GnuPG), and organized by the German Unix Users Group Association introduces the subject of confidential and untampered with communication including, but not limited to security aware users, IT managers and architects responsible for security objectives, software developers who plan to

Read More

A Perspective on Code and Components – assert(), don’t assume()

René Pfeiffer/ July 21, 2016/ Development, Discussion, High Entropy

Have you ever looked closely at the tools you use on a daily basis? Taking things apart and putting them back together is an integral part of understanding the universe. Scientists do it all of the time (well, at least some do, there are things that can’t be put together easily once taken apart). So lets focus on components and how they interact. ASN.1 and libraries that deal with it are popular components. Few people get a kick out of ASN.1, so they use code that does it. It’s just an example for parts that handle data being sent to and received from other systems. We live in a networked world, so communication is a crucial part of modern software. So to use business lingo: Most software works by delegating tasks to third-party code.

Read More

Intelligence on the Silver Screen: A Good American Kickstarter Campaign

René Pfeiffer/ July 21, 2016/ Discussion, High Entropy, Security Intelligence

Surveillance has a bad reputation. No one likes to be watched. Yet infosec researchers, sysadmins, and developers talk a lot about log files. We need to watch stuff for various reasons. You got your mail logs, diagnostic messages, performance metrics, network addresses, and more painstakingly sorted by timestamps and maybe geolocation. Log data is part of information technology. It gets interesting once you store, process and mine this data. Some people like to collect it all and do all kinds of Big Data stuff with it. Others filter out the relevant bits of information and work with that. Opinion is divided, results may vary. Enter A Good American, the documentary which was screened in Vienna during the DeepSec 2015 conference. It has been shown all over the world. The film itself is fully funded,

Read More

Call for Papers – DeepSec 2016 – Reminder

René Pfeiffer/ July 15, 2016/ Call for Papers, Conference

The Call for Papers for DeepSec 2016 ends on 31 July 2016. If you have some top content, a new way to break the Internet of Things, a piece of code that lets the director of the FBI sweat (for whatever reasons), then let us know. Basically anything that breaks stuff, melts networks/applications/hardware, or singes the fur off things is a good choice (see isic for the original quote). Despite the Internet of Things not being yours it can be 0wned any way. Have a go and tell us! In case you are inclined to teaching we also host top quality workshops, just before the conference. If you got material to keep a group of nerds, pentesters, and people worried about the state of information security busy, then drop us your abstract. See you

Read More

The Internet of Threats revisited

René Pfeiffer/ July 14, 2016/ Communication, High Entropy, Internet

Everyone is talking about the Internet of Things. Connecting household applications (yes, applications, appliances is so 1990s) to a network hasn’t been more fun than now. Also measuring things is great. Today most sensors are deployed to generate endless streams of data because we can, not because there is a need for it. And I haven’t even talked about the information security aspect yet. Let’s take a step back into 1995/1996. Those were the days of the first browser wars. Jamie Zawinski has a quote of the Law of Software Envelopment on his web site. Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can. The proof of concept was undertaken by creating the Netscape Mail and News client. Processing email once

Read More