DeepSec 2017 Talk: Essential Infrastructure Interdependencies: Would We Be Prepared For Significant Interruptions? – Herbert Saurugg

Sanna/ September 29, 2017/ Conference

How would your day look without electrical power? Given the fact that we rely on information technology every single minute of our lives (well, mostly), this would be a very dark outlook indeed. Knocking out the power grid is a tactic used by the military. They have even special tools for disabling power lines and transformer stations. Progress has enabled network access for power plants and other parts of the grid. It’s not all about hacking stuff. There is a lot more involved when it comes to critical infrastructure, and this is why we have asked Herbert Saurugg, a renowned specialist on this topic, to conduct a presentation at DeepSec 2017. Cyber Security and Critical Infrastructure Protection (CIP) are major topics almost everywhere. Its priority has also increased during recent years because of rising

Read More

DeepSec 2017 Talk: Uncovering And Visualizing Botnet Infrastructure And Behavior – Andrea Scarfo & Josh Pyorre

Sanna/ September 28, 2017/ Conference, Internet

When you read about information security, then you might get the impression that there are lots of nameless threats Out There™. Especially when it comes to networked malicious software, i.e. malware, that forms robot armies, the picture gets a lot more vague and foggy. So you need to get some details to sharpen your view. There are some means how to do this, and you will be told at DeepSec 2017 by Andrea Scarfo and Josh Pyorre. How much information about a botnet can one find using a single IP address, domain name or indicator of compromise (IOC)? What kind of behavior can be determined when looking at attacker and victim infrastructure? In an attempt to discover and analyze the infrastructure behind large-scale malware activity, Andrea and Josh began their research with known indicators

Read More

DeepSec 2017 Talk: Next-Gen Mirai Botnet – Balthasar Martin & Fabian Bräunlein

Sanna/ September 27, 2017/ Conference, Internet, Security

While you were living in a cave, devices took over the world and got connected to the network. This is the state of affairs we live in right now. As long as nothing happens we don’t notice anything about it. The Mirai (未来) botnet changed this all of a sudden. Consumer devices were drafted into an army of bots. Thanks to the proliferation of networked devices such as cameras, home routers, and others the botnet was very successful. The code was designed to run on embedded devices and is even online for inspection. Let’s take a look at how to improve Mirai. Badly secured embedded devices enabled the largest DDoS attack on critical networks seen to date: The Mirai attacks in 2016 were largely pegged on Internet-exposed telnet with default credentials. While such telnet

Read More

DeepSec 2017 Schedule Update, Review Status, Disputes, and Trainings

René Pfeiffer/ September 26, 2017/ Administrivia, Conference, High Entropy

The DeepSec 2017 schedule is still preliminary. We are almost done, and we have a small update. Some of you have noticed that the schedule featured a training about mobile security. The outline as shown as in the schedule was identical to a different course from a different trainer. We received a complaint, we got the course materials to compare, and it turned out that only the outline of the workshop as shown online was identical, and the original table of contents was not part of the submission we received during the call for papers. The dispute has been settled. The trainer has apologised to the creator of the original table of contents. Nevertheless the trainer has asked to withdraw his submission. This means we will try to replace the slot in the schedule

Read More

DeepSec 2017 Early Bird Tariff ends on 25 September

René Pfeiffer/ September 22, 2017/ Administrivia, Conference

The early bird tariff for DeepSec 2017 (and ROOTS) ends on 25 September 2017. We recommend buying your ticket now. Save some money! In addition we ask you to book the workshop you want to visit as early as possible! Every year we see sad faces, because the workshop of your choice had to be cancelled. Our trainers need a minimum number of attendees. Some trainers need to catch flights and spend good parts of a whole day travelling. They can’t come to Vienna if the minimum number of trainees is not met. So do yourself a favour, make up your mind now, and book the training you want to have. In case you cannot use online payment, let us know. We can invoice the ticket to you directly, if needed. Just drop us

Read More

Workshops, Trainings, Talks: DeepSec and ROOTS Schedule Update

René Pfeiffer/ September 20, 2017/ Administrivia, Conference

As you might have noticed, the DeepSec schedule is not complete yet. Furthermore the ROOTS schedule is not published at all. The reason for this are the still pending reviews. The major part concerns ROOTS. ROOTS is an academic workshop where academic publications are presented. There has been some confusion about the term workshop. In the context of ROOTS this means presentations. This is why we have replaced the word workshops on the DeepSec web site and in (hopefully) all texts with the word training. Trainings are the two-day, well, trainings in advance of the DeepSec conference days. ROOTS features presentations, also called workshops in ROOTS-context, as does the DeepSec conference (on the conference days). So we have trainings (the two-day training courses; one, the ARM exploit laboratory is for three days, be careful)

Read More

44CON revisited: Secure Design in Software is still a new Concept

René Pfeiffer/ September 20, 2017/ High Entropy, Interview, Security

We have been to 44CON, and we returned with lots of ideas and scary news about the state of security in devices and applications. Given the ever spreading Internet of Things (IoT) you can see why connecting random devices via a network with no second thoughts about design, updates, or quality control is a bad idea. Don Bailey illustrated this perfectly in the keynote titled The Internet of Us. His presentation touched all of information security, but IoT featured a prominent role. We are really surrounded by the Internet of SIM cards (sadly which we cannot call IoS). This opens up a new perspective and demystifies the IoT hype. You should watch Matt Wixey’s talk Hacking invisibly and silently with light and sound as soon as the videos are published. Matt discussed hardware hacking

Read More