High Entropy

Mythbusting: Anti-Virus Research considered dangerous

Posted by on August 18, 2017 at 11:31 am

Everyone doing research in information security or doing any work in this field takes some risks. Since most of the „cyber stuff“ is black magic to others not working in this context, there are a lot of problems and severe misunderstandings. The Crypto Wars still haven’t been decided in favour of mathematics. Real people prefer […]

Decline of the Scientific Method: New (Austrian) “Trojan” Law without Technical Expertise

Posted by on August 3, 2017 at 2:27 pm

The Crypto Wars are still raging despite everyone relying on secure communication. Everyone means everyone. The good thing is that mathematics still works, even though some people wouldn’t want it to. The latest cryptographic review comes from Amber Rudd, the current UK Home Secretary. She said recently: “Real people often prefer ease of use and […]

Unicorns in the Wild – Information Security Skills and how to achieve them

Posted by on July 27, 2017 at 12:22 pm

Everyone talks about information security, countering „cyber“ threats, endless feats of hackers gone wrong/wild, and more epic stories. Once you have realised that you are reading the news and not a script for a TV series, you are left with one question: What are information security skills? The next question will probably be: How do […]

BSidesLondon 2017 – Sharing is indeed Caring

Posted by on June 20, 2017 at 12:11 pm

When airport security meets information security it’s usually BSidesLondon time. It was a great experience. And since DeepSec sponsors the Rookie Track we had a very tough decision to make. It’s really hard to pick a winner. A lot of presentations were excellent, and the presenters made the most out of the 15 minutes. The […]

Biometrics and Failures in understanding Security – Copy & Paste Iris Scans

Posted by on May 23, 2017 at 4:51 pm

Biometrics has an irresistible attraction. Simply by mentioning the fact that you can measure parts (or surfaces) of the body and convert them to numbers a lot of people are impressed out of their mind. Literally. In theory biometric information serves as a second set of data to be used for any purposes. A common […]

Disinformation Warfare – Attribution makes you Wannacry

Posted by on May 16, 2017 at 11:31 am

After the Wannacry malware wreaked havoc in networks, ticket vending machines, companies, and hospitals the clean-up has begun. This also means that the blame game has started. The first round of blame was distributed between Microsoft and the alleged inspiration for the code. The stance on vulnerabilities of security researchers is quite clear. Weaknesses in […]

Wannacry, Code Red, and „Cyber“ Warfare

Posted by on May 14, 2017 at 9:17 pm

Society and businesses increasingly rely on networked infrastructure. This is not news. Worms that used networks to spread to new hosts in order to infect them is also not news. Code Red did this back in 2001. There is a new worm going around. Its name is Wannacry, and it is allegedly based on published […]

Applied Crypto Hardening Project is looking for Help

Posted by on April 25, 2017 at 1:55 pm

Hopefully many of you know the Applied Crypto Hardening (ACH) project, also known as BetterCrypto.org. The project was announced at DeepSec 2013. The idea was (and is) to compile hands-on advice for system administrators, dev ops, developers, and others when it comes to selecting the right crypto configuration for an application. The BetterCrypto.org document covers […]

SS8 – Replacement for Insecure Signalling System No. 7 (SS7) Protocol revealed

Posted by on April 1, 2017 at 2:37 am

The ageing SS7 protocol has reached it’s end of life. Security experts around the world have criticised vulnerabilities a long time ago. SS7 even facilitated unsolicited surveillance attacks. What’s more, it has its own talks at the annual Chaos Communication Congress – which is a clear sign of fail if there is more than one presentation […]

The Sound of „Cyber“ of Zero Days in the Wild – don’t forget the Facts

Posted by on January 26, 2017 at 11:40 am

The information security world is full of buzzwords. This fact is partly due to the relationship with information technology. No trend goes without the right amount of acronyms and leetspeaktechnobabble. For many decades this was not a problem. A while ago the Internet entered mainstream. Everyone is online. The digital world is highly connected. Terms […]

Scanning for TR-069 is neither Cyber nor War

Posted by on November 30, 2016 at 10:53 pm

The Deutsche Telekom was in the news. The reason was a major malfunction of routers at the end of the last mile. Or something like that. As always theories and wild assumptions are the first wave. Apparently a modified Mirai botnet tried to gain access to routers in order to install malicious software. The attacks […]

Disclosures, Jenkins, Conferences, and the Joys of 0Days

Posted by on November 17, 2016 at 1:37 pm

DeepSec 2016 was great. We have slightly recovered and deal with the aftermath in terms of administrivia. As announced on Twitter, we would like to publish a few thoughts on the remote code execution issue found by Matthias Kaiser. He mentioned the possibility in this presentation titled Java Deserialization Vulnerabilities – The Forgotten Bug Class. […]

Screening of “A Good American” in Vienna with Bill Binney

Posted by on November 9, 2016 at 11:05 am

There will be a screening of the documentary A Good American in Vienna tomorrow. We highly recommend watching this film, even if you are not directly connected to information security. Threat intelligence has far-reaching consequences, and in the case of the world’s biggest intelligence agency it also affects you. A Good American will be shown […]

Of Clouds & Cyber: A little Story about Wording in InfoSec

Posted by on September 5, 2016 at 5:15 pm

In case you ever received a message about our calls for papers, you may have noticed that we do not like the word cyber. Of course we know that it is used widely. Information security experts are divided if it should be used. Some do it, some reject it, some don’t know what to do […]

Information Warfare: “Breaking News” considered harmful

Posted by on August 31, 2016 at 4:13 pm

Eight years ago the stocks of UAL took a dive. Apparently a six year old news article resurfaced via Google. Googlebot, which is used to index news sites, confused one of the most popular web articles of The Sun-Sentinel with breaking news. The story contained the words United Airlines Files for Bankruptcy. Unfortunately a software […]