Internet

DeepSec2016 Talk: The (In)Security or Sad State of Online Newspapers – Ashar Javed

Posted by on October 8, 2016 at 9:30 am

Web sites are simply, one might think. The client requests a page, the server sends it, the layout is applied, and your article appears. This is a heavy simplification. It worked like this back in 1994. Modern web sites are much more complex. And complexity attracts curious minds. Usually that’s what gets you into trouble. […]

DeepSec2016 Talk: Behavioral Analysis from DNS and Network Traffic – Josh Pyorre

Posted by on October 4, 2016 at 1:12 pm

What’s in a name? A rose? The preparation for an attack? Or simply your next web page you will be looking at? The Domain Name System (DNS) has gone a long way from replacing text lists of hosts to a full directory service transporting all kinds of queries. DNS even features a security protocol for […]

DeepSec 2016 Talk: 802.11 Complexity. An Introduction to 802.11 Protocol Chaos – Andrés Blanco

Posted by on September 20, 2016 at 6:15 pm

Do you remember the days of Wired Equivalent Privacy (WEP)? One might almost say security design was bad back then. The question is: Has it really improved? Proper encryption and authentication is only a part of the design. In the case of wireless networking there is a whole lot more to consider. Shooting clients off […]

Deep Sec2016 Talk: DROWN – Breaking TLS using SSLv2 – Nimrod Aviram

Posted by on September 5, 2016 at 1:37 pm

In the past years encrypted communication has been subject to intense scrutiny by researchers. With the advent of Transport Layer Security (TLS) Internet communication via HTTP became a lot more secure. Its predecessor Secure Sockets Layer (SSL) must not be used any more. The real world has its own ideas. SSLv2 and SSLv3 is still […]

DeepSec 2016 Workshop: Hacking Web Applications – Case Studies of award-winning Bugs in Google, Yahoo!, Mozilla and more – Dawid Czagan

Posted by on September 2, 2016 at 9:01 am

Have you been to the pictures lately? If so, what’s the best way to attack an impenetrable digital fortress? Right, go for the graphical user interface! Or anything exposed to the World Wide Web. The history of web applications is riddled with bugs that enable attackers to do things they are not supposed to. We […]

The Internet of Threats revisited

Posted by on July 14, 2016 at 1:12 pm

Everyone is talking about the Internet of Things. Connecting household applications (yes, applications, appliances is so 1990s) to a network hasn’t been more fun than now. Also measuring things is great. Today most sensors are deployed to generate endless streams of data because we can, not because there is a need for it. And I […]

DeepSec Video: Remote Browser-Based Fingerprinting of Local Network Devices

Posted by on March 2, 2016 at 8:15 am

Reconnaissance is first, then comes the attack. This is why fingerprinting devices is the first step. Manfred Kaiser (Josef Ressel Zentrum) explained at DeepSec 2015 how this can be done by the local web browser(s) in the locally connected network segment. Manfred discusses remote device fingerprinting techniques for SOHO routers and other network-connected devices offering […]

DeepSec Video: DDoS – Barbarians at the Gate(way)

Posted by on February 23, 2016 at 8:01 am

Unfortunately the Internet doesn’t follow the rules of economic theory. Unlimited growth is a myth best kept for feeding your unicorns. Of course, the Internet has grown, but the mathematics and physics behind network flows stay the same. If your pipe is full, then you are going nowhere. This is why Distributed Denial of Service […]

DeepSec Video: HORNET – High-speed Onion Routing at the Network Layer

Posted by on February 22, 2016 at 8:15 am

Given that reconnaissance is the first step of a successful attack, anonymity has become more important than ever. The Invisible Internet Project (I2P) and the TOR project are prominent tools to protect against prying eyes (five or more). TOR is widely used. Users of anonymity services will notice that the price for extra protection is […]

DeepSec Video: illusoryTLS – Nobody But Us. Impersonate,Tamper and Exploit

Posted by on February 15, 2016 at 9:15 am

Cryptographic backdoors are a timely topic often debated as a government matter to legislate on. At the same time, they define a space that some entities might have practically explored for intelligence purposes, regardless of the policy framework. The Web Public Key Infrastructure (PKI) we daily rely on provides an appealing target for attack. The […]

DeepSec Video: Measuring the TOR Network

Posted by on February 13, 2016 at 9:15 am

A lot of people use TOR for protecting themselves and others. Fortunately the TOR network is almost all around us. But what does it do? How can you get access to metrics? TOR is an anonymisation network and by design doesn’t know anything about its users. However, the question about the structure of the user […]

DeepSec Video: Hacking Cookies in Modern Web Applications and Browsers

Posted by on February 9, 2016 at 2:01 pm

Cookies are solid gold when it comes to security. Once you have logged in, your session is the ticket to enter any web application. This is why most web sites use HTTPS these days. The problem is that your browser and the web applications needs to store these bits of information. Enter cookie hacking. A […]

DeepSec Video: Cryptography Tools, Identity Vectors for “Djihadists”

Posted by on February 5, 2016 at 8:35 am

Wherever and whenever terrorism, „cyber“, and cryptography (i.e. mathematics) meet, then there is a lot of confusion. The Crypto Wars 2.0 are raging as you read this article. Cryptography is usually the perfect scapegoat for a failure in intelligence. What about the facts? At DeepSec 2015 Julie Gommes talked about results of the studies done […]

DeepSec Video: Advanced SOHO Router Exploitation

Posted by on February 2, 2016 at 4:00 pm

Routers are everywhere. They hold the networks together, Internet or not. Most small office/home office (SOHO) infrastructure features routers these days. Given the development cycles and rigorous QA cycles there have to be bugs in the firmware (apart from the vendor supplied backdoors). Lyon Yang (Vantage Point Security) held a presentation about a series of […]

DeepSec Video: Cyber Cyber Cyber Warfare: Mistakes from the MoDs

Posted by on January 28, 2016 at 8:15 am

The  word cyber has entered the information security circus a couple of years ago. It should have been long gone according to its creator William Gibson. Meanwhile everything has developed into something being cyber – CSI, war, politics, security, homes, cars, telephones, and more. Inventing new words helps to distract. Distraction is what Raoul Chiesa […]