Author Archive

Biometrics and Failures in understanding Security – Copy & Paste Iris Scans

May 23, 2017

Biometrics has an irresistible attraction. Simply by mentioning the fact that you can measure parts (or surfaces) of the body and convert them to numbers a lot of people are impressed out of their mind. Literally. In theory biometric information serves as a second set of data to be used for any purposes. A common […]

Tags: , ,
Posted in High Entropy, Security No Comments »

Disinformation Warfare – Attribution makes you Wannacry

May 16, 2017

After the Wannacry malware wreaked havoc in networks, ticket vending machines, companies, and hospitals the clean-up has begun. This also means that the blame game has started. The first round of blame was distributed between Microsoft and the alleged inspiration for the code. The stance on vulnerabilities of security researchers is quite clear. Weaknesses in […]

Tags: , , ,
Posted in Discussion, High Entropy, Security Intelligence No Comments »

Wannacry, Code Red, and „Cyber“ Warfare

May 14, 2017

Society and businesses increasingly rely on networked infrastructure. This is not news. Worms that used networks to spread to new hosts in order to infect them is also not news. Code Red did this back in 2001. There is a new worm going around. Its name is Wannacry, and it is allegedly based on published […]

Tags: , , , ,
Posted in High Entropy, Security No Comments »

DeepSec welcomes SEC Consult as Sponsor for 2017!

May 12, 2017

Testing products, production code, security measures, or the overall security of infrastructure is hard work. The typical needs in term of information technology for a company or an organisation has become a variety of components that need to be maintained and hardened against attacks. The devil is in the details. In order to find critical […]

Tags: , ,
Posted in Conference, Security No Comments »

DeepSec welcomes Digital Guardian as Sponsor for 2017

May 11, 2017

No event can be done with supporters, and so we welcome Digital Guardian as sponsor for the upcoming DeepSec 2017 conference! If you have data in your organisation, then you might be interested in talking to Digital Guardian’s experts, because they know a lot about what data does, where it lives, what endpoints really are, […]

Tags: , , , ,
Posted in Conference, Security No Comments »

Call for Papers: 1st Reversing and Offensive-Oriented Trends Symposium (ROOTs) 2017

May 1, 2017

ROOTs 2017 The first Reversing and Offensive-Oriented Trends Symposium (ROOTs) 2017 opens its call for papers. ROOTs is the first European symposium of its kind. ROOTS aims to provide an industry-friendly academic platform to discuss trends in exploitation, reversing, offensive techniques, and effective protections. Submissions should provide novel attack forms, describe novel reversing techniques or […]

Tags: , , , ,
Posted in Call for Papers, Conference No Comments »

DeepINTEL Update, Science First Campaign, Early Birds, and other News

April 28, 2017

The Easter break is over. We didn’t sleep (much), and we did not look for Easter eggs in software either. Instead we did a bit of work behind the scenes. DeepSec 2017 will have some more content due to the co-hosted ROOTs workshop. The full call for papers will be ready on 1 May 2017. […]

Tags: , , , ,
Posted in Administrivia, Conference No Comments »

Applied Crypto Hardening Project is looking for Help

April 25, 2017

Hopefully many of you know the Applied Crypto Hardening (ACH) project, also known as BetterCrypto.org. The project was announced at DeepSec 2013. The idea was (and is) to compile hands-on advice for system administrators, dev ops, developers, and others when it comes to selecting the right crypto configuration for an application. The BetterCrypto.org document covers […]

Tags: , ,
Posted in High Entropy, Internet No Comments »

SS8 – Replacement for Insecure Signalling System No. 7 (SS7) Protocol revealed

April 1, 2017

The ageing SS7 protocol has reached it’s end of life. Security experts around the world have criticised vulnerabilities a long time ago. SS7 even facilitated unsolicited surveillance attacks. What’s more, it has its own talks at the annual Chaos Communication Congress – which is a clear sign of fail if there is more than one presentation […]

Tags: ,
Posted in High Entropy No Comments »

DeepINTEL / DeepSec News for 2017 and Call for Papers

March 27, 2017

Changing code, layout or designs have something in common – deadlines. But you cannot rush creativity, and so the new design of the DeepSec web site took some time. The old design has served us well. We basically did not change much and used it since 2007. The new design follows the stickers we use […]

Tags: , , ,
Posted in Administrivia, Call for Papers, Conference Comments Off on DeepINTEL / DeepSec News for 2017 and Call for Papers

Submit your Talk – Call for Papers for BSidesLondon

March 14, 2017

The Call for Papers for BSidesLondon is still running! If you haven’t submitted your talk yet, please do! The deadline is 27 March 2017. Don’t miss it! The Wonderful World of Cyber is full of stuff to talk about. There is broken software all over the Internet (of Things). 0days await. Infrastructure is ready to […]

Tags: , ,
Posted in Call for Papers Comments Off on Submit your Talk – Call for Papers for BSidesLondon

Putting the Science into Security – Infosec with Style

January 27, 2017

The world of information security is full of publications. It’s like being in a maze of twisted little documents, all of them alike. Sometimes these works of art lack structure, deep analysis, or simply reproducibility. Others are perfectly researched, contain (a defence of) arguments, proofs of concept, and solid code or documentation to make a point. […]

Tags: , , , ,
Posted in Discussion, Security Comments Off on Putting the Science into Security – Infosec with Style

The Sound of „Cyber“ of Zero Days in the Wild – don’t forget the Facts

January 26, 2017

The information security world is full of buzzwords. This fact is partly due to the relationship with information technology. No trend goes without the right amount of acronyms and leetspeaktechnobabble. For many decades this was not a problem. A while ago the Internet entered mainstream. Everyone is online. The digital world is highly connected. Terms […]

Tags: , ,
Posted in Discussion, High Entropy Comments Off on The Sound of „Cyber“ of Zero Days in the Wild – don’t forget the Facts

Putting the Context into the Crypto of Secure Messengers

January 21, 2017

Every once in a while the world of encrypted/secure/authenticated messaging hits the wall of usability. In the case for email Pretty Good Privacy (PGP) is an ancient piece of software. These days we have modern tools such as GnuPG, but the concept of creating keys, verifying identities (i.e. determining who is to trust), synchronising trust/keys […]

Tags: , , ,
Posted in Communication, Discussion, Internet Comments Off on Putting the Context into the Crypto of Secure Messengers

DeepSec Administrivia for 2017, the Year of the Cyber

January 20, 2017

2017 is in full swing, and it didn’t wait long. December was full of „hacking“ news. It seems digital war(e)fare knows no break. We will address some of the issues in a series of blog articles. Also we have uploaded the DeepSec 2016 videos to Vimeo. Attendees and speaker will get access before we publish […]

Tags: , ,
Posted in Administrivia, Conference Comments Off on DeepSec Administrivia for 2017, the Year of the Cyber