Internet

Mythbusting: Anti-Virus Research considered dangerous

Posted by on August 18, 2017 at 11:31 am

Everyone doing research in information security or doing any work in this field takes some risks. Since most of the „cyber stuff“ is black magic to others not working in this context, there are a lot of problems and severe misunderstandings. The Crypto Wars still haven’t been decided in favour of mathematics. Real people prefer […]

Malicious Software explores new Business Models – Politics

Posted by on July 19, 2017 at 2:25 pm

Malicious software has become a major component of criminal business and geopolitics. In addition it is a convenient explanation for anything one does not want to investigate. Since code always come from somewhere you have to ask yourself many more questions when it comes to infected networks and compromised hosts. What is the agenda of […]

ROOTS 2017, DeepSec, and DeepINTEL Call for Papers are still open

Posted by on June 26, 2017 at 2:38 pm

Our wonderful world of technology is full of surprises, bugs, intentional weaknesses, adversaries, defenders, vendors, and users. Some software just got more lines of code instead of a decent audit or refactoring. Everything is turning smart, but no one knows what smart really means. Big Data is all the fashion, Big Knowledge still isn’t. So […]

Applied Crypto Hardening Project is looking for Help

Posted by on April 25, 2017 at 1:55 pm

Hopefully many of you know the Applied Crypto Hardening (ACH) project, also known as BetterCrypto.org. The project was announced at DeepSec 2013. The idea was (and is) to compile hands-on advice for system administrators, dev ops, developers, and others when it comes to selecting the right crypto configuration for an application. The BetterCrypto.org document covers […]

Putting the Context into the Crypto of Secure Messengers

Posted by on January 21, 2017 at 9:15 am

Every once in a while the world of encrypted/secure/authenticated messaging hits the wall of usability. In the case for email Pretty Good Privacy (PGP) is an ancient piece of software. These days we have modern tools such as GnuPG, but the concept of creating keys, verifying identities (i.e. determining who is to trust), synchronising trust/keys […]

Scanning for TR-069 is neither Cyber nor War

Posted by on November 30, 2016 at 10:53 pm

The Deutsche Telekom was in the news. The reason was a major malfunction of routers at the end of the last mile. Or something like that. As always theories and wild assumptions are the first wave. Apparently a modified Mirai botnet tried to gain access to routers in order to install malicious software. The attacks […]

DeepSec 2016 Talk: Obfuscated Financial Fraud Android Malware: Detection And Behavior Tracking – Inseung Yang

Posted by on November 9, 2016 at 8:15 am

In Korea in particular, hackers have distributed sophisticated and complex financial fraud android malware through various means of distribution, such as SMS phishing, Google play, compromised web servers and home routers (IoT). In some cases, both smartphone and PC users are targeted simultaneously. Inseung Yang and his team collect mobile android malware via an automated analysis […]

DeepSec2016 Talk: Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets – Gerhard Klostermeier

Posted by on November 3, 2016 at 3:45 pm

Wireless desktop sets have become more popular and more widespread in the last couple of years. From an attacker’s perspective, these radio-based devices represent an attractive target both allowing to take control of a computer system and to gain knowledge of sensitive data like passwords. Wireless transmissions offer attackers a big advantage: you don’t have […]

DeepSec 2016 Talk: Why Companies Must Control Their Data in the Era of IoT – and How To – Kurt Kammerer

Posted by on November 3, 2016 at 9:05 am

In his talk Kurt Kammerer addresses any company’s dilemma: The need for data sharing in the era of IoT while at the same time controlling access and ownership. In order to succeed in business, it is imperative to make data available to customers, suppliers and business partners. However, the explosion and the proclaimed free flow […]

DeepSec2016 Workshop: IoT Hacking: Linux Embedded, Bluetooth Smart, KNX Home Automation – Slawomir Jasek

Posted by on October 31, 2016 at 1:40 am

“The ongoing rise of the machines leaves no doubt – we have to face them”, says Slawomir Jasek, and adds: “It is hard not to agree with one of the greatest military strategists Sun Tzu: “If you know your enemies and know yourself, you will not be put at risk even in a hundred battles”. […]

DeepSec 2016 Talk: TLS 1.3 – Lessons Learned from Implementing and Deploying the Latest Protocol – Nick Sullivan

Posted by on October 19, 2016 at 8:01 am

Version 1.3 is the latest Transport Layer Security (TLS) protocol, which allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. TLS is the S in HTTPS. TLS was last changed in 2008, and a lot of progress has been made since then. CloudFlare […]

DeepSec 2016 Talk: Where Should I Host My Malware? – Attila Marosi

Posted by on October 18, 2016 at 9:15 am

The growth of IoT devices continues to raise questions about their role and impact on cybersecurity. Badly or poorly configured devices are easy targets for malicious actors. At first glance launching an attack against IoT devices seems challenging due to the diversity of their ecosystem, but actually an attack is very easy to execute. In his talk Attila Marosi […]

DeepSec 2016 Talk: Unveiling Patchwork – Gadi Evron

Posted by on October 17, 2016 at 11:15 am

Nation state attacks are very popular – in the news and in reality. High gain, low profile, maximum damage. From the point of information security it is always very insightful to study the anatomy of these attacks once they are known. Looking at ways components fail, methods adversaries use for their own advantage, and thinking […]

DeepSec 2016 Talk: Exploiting First Hop Protocols to Own the Network – Paul Coggin

Posted by on October 16, 2016 at 1:37 pm

At DeepSec 2016 Paul Coggin will focus on how to exploit a network by targeting the various first hop protocols. Attack vectors for crafting custom packets as well as a few of the available tools for layer 2 network protocols exploitation will be covered. Paul will provide you with defensive mitigations and recommendations for adding secure […]

Smart Homes are the battlefield of the future – DeepSec Conference examines the Internet of Things

Posted by on October 14, 2016 at 1:37 pm

The Internet of Things is knocking at your door. Many businesses and private individuals have already admitted IoT to their offices and homes, unfortunately often without knowing what they’ve let themselves in for. A naive belief in progress opens all gates, doors and windows to attackers. This is a serious matter. Therefore, DeepSec Conference will […]