Internet

DeepSec 2016 Talk: 802.11 Complexity. An Introduction to 802.11 Protocol Chaos – Andrés Blanco

Posted by on September 20, 2016 at 6:15 pm

Do you remember the days of Wired Equivalent Privacy (WEP)? One might almost say security design was bad back then. The question is: Has it really improved? Proper encryption and authentication is only a part of the design. In the case of wireless networking there is a whole lot more to consider. Shooting clients off […]

Deep Sec2016 Talk: DROWN – Breaking TLS using SSLv2 – Nimrod Aviram

Posted by on September 5, 2016 at 1:37 pm

In the past years encrypted communication has been subject to intense scrutiny by researchers. With the advent of Transport Layer Security (TLS) Internet communication via HTTP became a lot more secure. Its predecessor Secure Sockets Layer (SSL) must not be used any more. The real world has its own ideas. SSLv2 and SSLv3 is still […]

DeepSec 2016 Workshop: Hacking Web Applications – Case Studies of award-winning Bugs in Google, Yahoo!, Mozilla and more – Dawid Czagan

Posted by on September 2, 2016 at 9:01 am

Have you been to the pictures lately? If so, what’s the best way to attack an impenetrable digital fortress? Right, go for the graphical user interface! Or anything exposed to the World Wide Web. The history of web applications is riddled with bugs that enable attackers to do things they are not supposed to. We […]

The Internet of Threats revisited

Posted by on July 14, 2016 at 1:12 pm

Everyone is talking about the Internet of Things. Connecting household applications (yes, applications, appliances is so 1990s) to a network hasn’t been more fun than now. Also measuring things is great. Today most sensors are deployed to generate endless streams of data because we can, not because there is a need for it. And I […]

DeepSec Video: Remote Browser-Based Fingerprinting of Local Network Devices

Posted by on March 2, 2016 at 8:15 am

Reconnaissance is first, then comes the attack. This is why fingerprinting devices is the first step. Manfred Kaiser (Josef Ressel Zentrum) explained at DeepSec 2015 how this can be done by the local web browser(s) in the locally connected network segment. Manfred discusses remote device fingerprinting techniques for SOHO routers and other network-connected devices offering […]

DeepSec Video: DDoS – Barbarians at the Gate(way)

Posted by on February 23, 2016 at 8:01 am

Unfortunately the Internet doesn’t follow the rules of economic theory. Unlimited growth is a myth best kept for feeding your unicorns. Of course, the Internet has grown, but the mathematics and physics behind network flows stay the same. If your pipe is full, then you are going nowhere. This is why Distributed Denial of Service […]

DeepSec Video: HORNET – High-speed Onion Routing at the Network Layer

Posted by on February 22, 2016 at 8:15 am

Given that reconnaissance is the first step of a successful attack, anonymity has become more important than ever. The Invisible Internet Project (I2P) and the TOR project are prominent tools to protect against prying eyes (five or more). TOR is widely used. Users of anonymity services will notice that the price for extra protection is […]

DeepSec Video: illusoryTLS – Nobody But Us. Impersonate,Tamper and Exploit

Posted by on February 15, 2016 at 9:15 am

Cryptographic backdoors are a timely topic often debated as a government matter to legislate on. At the same time, they define a space that some entities might have practically explored for intelligence purposes, regardless of the policy framework. The Web Public Key Infrastructure (PKI) we daily rely on provides an appealing target for attack. The […]

DeepSec Video: Measuring the TOR Network

Posted by on February 13, 2016 at 9:15 am

A lot of people use TOR for protecting themselves and others. Fortunately the TOR network is almost all around us. But what does it do? How can you get access to metrics? TOR is an anonymisation network and by design doesn’t know anything about its users. However, the question about the structure of the user […]

DeepSec Video: Hacking Cookies in Modern Web Applications and Browsers

Posted by on February 9, 2016 at 2:01 pm

Cookies are solid gold when it comes to security. Once you have logged in, your session is the ticket to enter any web application. This is why most web sites use HTTPS these days. The problem is that your browser and the web applications needs to store these bits of information. Enter cookie hacking. A […]

DeepSec Video: Cryptography Tools, Identity Vectors for “Djihadists”

Posted by on February 5, 2016 at 8:35 am

Wherever and whenever terrorism, „cyber“, and cryptography (i.e. mathematics) meet, then there is a lot of confusion. The Crypto Wars 2.0 are raging as you read this article. Cryptography is usually the perfect scapegoat for a failure in intelligence. What about the facts? At DeepSec 2015 Julie Gommes talked about results of the studies done […]

DeepSec Video: Advanced SOHO Router Exploitation

Posted by on February 2, 2016 at 4:00 pm

Routers are everywhere. They hold the networks together, Internet or not. Most small office/home office (SOHO) infrastructure features routers these days. Given the development cycles and rigorous QA cycles there have to be bugs in the firmware (apart from the vendor supplied backdoors). Lyon Yang (Vantage Point Security) held a presentation about a series of […]

DeepSec Video: Cyber Cyber Cyber Warfare: Mistakes from the MoDs

Posted by on January 28, 2016 at 8:15 am

The  word cyber has entered the information security circus a couple of years ago. It should have been long gone according to its creator William Gibson. Meanwhile everything has developed into something being cyber – CSI, war, politics, security, homes, cars, telephones, and more. Inventing new words helps to distract. Distraction is what Raoul Chiesa […]

National-Security-in-the-Middle Attack – the Crypto Wars continue

Posted by on December 3, 2015 at 3:29 pm

National security has officially reached the SSL/TLS infrastructure – at least in Kazakhstan. The Google cache features an article published by the Kazakhtelecom JSC where the introduction of a so-called national security certificate for Internet users was proudly announced. We show you some parts of the original text for educational purposes, because we have never seen the announcement […]

Debugging Information Security: Self Defence for Entrepreneurs

Posted by on November 5, 2015 at 5:30 pm

In our economy data leaks are a constant companion. That’s the impression one gets when reading the news. Customer portals, online shops, digital communications, plans of products, personnel data, and more can be found in department stores throughout the shadow economy. Blind faith in global networks has indeed suffered in recent years, but companies and […]