Archive for November, 2016

Scanning for TR-069 is neither Cyber nor War

November 30, 2016

The Deutsche Telekom was in the news. The reason was a major malfunction of routers at the end of the last mile. Or something like that. As always theories and wild assumptions are the first wave. Apparently a modified Mirai botnet tried to gain access to routers in order to install malicious software. The attacks […]

Tags: , , , ,
Posted in Discussion, High Entropy, Internet 3 Comments »

Disclosures, Jenkins, Conferences, and the Joys of 0Days

November 17, 2016

DeepSec 2016 was great. We have slightly recovered and deal with the aftermath in terms of administrivia. As announced on Twitter, we would like to publish a few thoughts on the remote code execution issue found by Matthias Kaiser. He mentioned the possibility in this presentation titled Java Deserialization Vulnerabilities – The Forgotten Bug Class. […]

Tags: , , ,
Posted in Conference, Discussion, High Entropy 4 Comments »

DeepSec 2016 – expect 48 Hours of Failures and Fixes in Information Security

November 10, 2016

The conference part of DeepSec 2016 has officially started. During the workshops we already discussed a lot of challenges (to phrase it lightly) for infrastructure and all kinds of software alike. The Internet of Things (IoT) has only delivered major flaws and gigantic Distributed Denial of Service attacks so far. There is even a worm […]

Tags: , , ,
Posted in Conference, Discussion 2 Comments »

Screening of “A Good American” in Vienna with Bill Binney

November 9, 2016

There will be a screening of the documentary A Good American in Vienna tomorrow. We highly recommend watching this film, even if you are not directly connected to information security. Threat intelligence has far-reaching consequences, and in the case of the world’s biggest intelligence agency it also affects you. A Good American will be shown […]

Tags: , ,
Posted in Discussion, High Entropy, Security Intelligence 1 Comment »

DeepSec 2016 Talk: Obfuscated Financial Fraud Android Malware: Detection And Behavior Tracking – Inseung Yang

November 9, 2016

In Korea in particular, hackers have distributed sophisticated and complex financial fraud android malware through various means of distribution, such as SMS phishing, Google play, compromised web servers and home routers (IoT). In some cases, both smartphone and PC users are targeted simultaneously. Inseung Yang and his team collect mobile android malware via an automated analysis […]

Tags: , , , , , , ,
Posted in Conference, Development, Internet, Report, Security Comments Off on DeepSec 2016 Talk: Obfuscated Financial Fraud Android Malware: Detection And Behavior Tracking – Inseung Yang

DeepSec 2016 Keynote: Security in my Rear-View Mirror – Marcus J. Ranum

November 8, 2016

Everything that’s old is new again, and if you work in security long enough, you’ll see the same ideas re-invented and marketed as the new new thing. Or, you see solutions in search of a problem, dusted off and re-marketed in a new niche. At this year’s DeepSec conference the keynote will be given by Marcus Ranum, who set […]

Tags: , , ,
Posted in Conference, Discussion, Security, Stories 3 Comments »

DeepSec 2016 Talk: Systematic Fuzzing and Testing of TLS Libraries – Juraj Somorovsky

November 8, 2016

In his talk Juraj Somorovsky presents TLS-Attacker, a novel framework for evaluating the security of TLS libraries. Using a simple interface, TLS-Attacker allows security engineers to create custom TLS message flows and arbitrarily modify TLS message contents in order to test the behavior of their TLS libraries. Based on TLS-Attacker, he and his team first developed a two-stage TLS fuzzing approach. […]

Tags: , , , , , ,
Posted in Conference, Development, Security 15 Comments »

DeepSec2016 Talk: Smart Sheriff, Dumb Idea: The Wild West of Government Assisted Parenting – Abraham Aranguren & Fabian Fäßler

November 4, 2016

Would you want to let your kids discover the darker corners of the Internet without protection? Wouldn’t it be handy to know what they do online, to be alerted when they search for dangerous keywords and to be able to control what websites they can visit and even when they play games? Worry no longer, […]

Tags: , , , , ,
Posted in Conference, Legal, Security, Stories 2 Comments »

DeepSec 2016: Social Engineering remains the most dangerous Threat to Companies – DeepSec offers a Workshop on the Defence of social Manipulation as part of IT

November 3, 2016

If you follow the news on information security, you see superlative after superlative. Millions of passwords were stolen. Hundreds of thousands of cameras suddenly became tools for blackmail. Countless data got copied unauthorized. Often, after a few paragraphs, your read about technical solutions that should put a stop to these burglaries. Therefore one forgets that […]

Tags: , , , ,
Posted in Conference, Press, Schedule, Training Comments Off on DeepSec 2016: Social Engineering remains the most dangerous Threat to Companies – DeepSec offers a Workshop on the Defence of social Manipulation as part of IT

IT-SeCX 2016: Talk about Relationship between Software Development and IT Security

November 3, 2016

The IT-SeCX 2016 event takes place on 4 November at the St. Pölten University of Applied Sciences LLC. It’s a night of security talks, held by various speakers from the industry, academic world, and other institutions. We will give a presentation exploring the relationship between the fine art of software development and the dark art […]

Posted in Discussion, Veranstaltung Comments Off on IT-SeCX 2016: Talk about Relationship between Software Development and IT Security

DeepSec2016 Talk: Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets – Gerhard Klostermeier

November 3, 2016

Wireless desktop sets have become more popular and more widespread in the last couple of years. From an attacker’s perspective, these radio-based devices represent an attractive target both allowing to take control of a computer system and to gain knowledge of sensitive data like passwords. Wireless transmissions offer attackers a big advantage: you don’t have […]

Tags: , , , , ,
Posted in Conference, Internet, Security Comments Off on DeepSec2016 Talk: Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets – Gerhard Klostermeier

DeepSec 2016 Talk: Assessing the Hacking Capabilities of Institutional and Non-institutional Players – Stefan Schumacher

November 3, 2016

Cyberwar, Cyberterror and Cybercrime have been buzzwords for several years now. Given the correct context, using cyber has merits. However Cyber-Headlines are full with Cyber-Reports about Cyber-Incidents, Cyber-Hacking and Cyber-Cyber in general. However, that whole discussion does not only suffer from sensationalism of journalists and bloggers, there are also some fundamental problems, says Stefan Schumacher. […]

Tags: , , , , ,
Posted in Conference, Security, Security Intelligence Comments Off on DeepSec 2016 Talk: Assessing the Hacking Capabilities of Institutional and Non-institutional Players – Stefan Schumacher

DeepSec 2016 Talk: Why Companies Must Control Their Data in the Era of IoT – and How To – Kurt Kammerer

November 3, 2016

In his talk Kurt Kammerer addresses any company’s dilemma: The need for data sharing in the era of IoT while at the same time controlling access and ownership. In order to succeed in business, it is imperative to make data available to customers, suppliers and business partners. However, the explosion and the proclaimed free flow […]

Tags: , , , , ,
Posted in Conference, Internet, Interview, Security 1 Comment »

Why you should attend DeepSec 2016 – Last Call

November 2, 2016

There are many reasons to go to DeepSec this year. It doesn’t matter if you worked on your presentation slides on the way to work, got hacked by a nation state, own a smart device, defused cyber weapons, or simply fight the T-Virus in a hospital. The DeepSec conference is the place to be for […]

Posted in Conference 5 Comments »

FHOÖ supports DeepSec 2016 Conference!

November 1, 2016

We are glad to announce that the University of Applied Sciences Upper Austria supports the DeepSec 2016 conference! Their motto teaching and learning with pleasure – researching with curiosity fits perfectly to information security. Their courses cover more than just computer science. If you are interested in engineering, economics, management, media, communications, environment, or energy, […]

Tags: ,
Posted in Conference Comments Off on FHOÖ supports DeepSec 2016 Conference!