Security

The Future of Entangled Security States – Quantum Computing Conference in Berlin

Posted by on May 25, 2017 at 9:30 am

Quantum computing is a fashionable term these days. Some IT news articles are talking about post-quantum cryptography, qbits, and more quantum stuff. If you don’t know how the terms relate to each other, what entangled states in quantum physics are, and what everything has to do with computing, then you will have a hard time […]

Biometrics and Failures in understanding Security – Copy & Paste Iris Scans

Posted by on May 23, 2017 at 4:51 pm

Biometrics has an irresistible attraction. Simply by mentioning the fact that you can measure parts (or surfaces) of the body and convert them to numbers a lot of people are impressed out of their mind. Literally. In theory biometric information serves as a second set of data to be used for any purposes. A common […]

Wannacry, Code Red, and „Cyber“ Warfare

Posted by on May 14, 2017 at 9:17 pm

Society and businesses increasingly rely on networked infrastructure. This is not news. Worms that used networks to spread to new hosts in order to infect them is also not news. Code Red did this back in 2001. There is a new worm going around. Its name is Wannacry, and it is allegedly based on published […]

DeepSec welcomes SEC Consult as Sponsor for 2017!

Posted by on May 12, 2017 at 7:45 am

Testing products, production code, security measures, or the overall security of infrastructure is hard work. The typical needs in term of information technology for a company or an organisation has become a variety of components that need to be maintained and hardened against attacks. The devil is in the details. In order to find critical […]

DeepSec welcomes Digital Guardian as Sponsor for 2017

Posted by on May 11, 2017 at 2:42 pm

No event can be done with supporters, and so we welcome Digital Guardian as sponsor for the upcoming DeepSec 2017 conference! If you have data in your organisation, then you might be interested in talking to Digital Guardian’s experts, because they know a lot about what data does, where it lives, what endpoints really are, […]

Putting the Science into Security – Infosec with Style

Posted by on January 27, 2017 at 9:00 am

The world of information security is full of publications. It’s like being in a maze of twisted little documents, all of them alike. Sometimes these works of art lack structure, deep analysis, or simply reproducibility. Others are perfectly researched, contain (a defence of) arguments, proofs of concept, and solid code or documentation to make a point. […]

DeepSec 2016 Talk: Obfuscated Financial Fraud Android Malware: Detection And Behavior Tracking – Inseung Yang

Posted by on November 9, 2016 at 8:15 am

In Korea in particular, hackers have distributed sophisticated and complex financial fraud android malware through various means of distribution, such as SMS phishing, Google play, compromised web servers and home routers (IoT). In some cases, both smartphone and PC users are targeted simultaneously. Inseung Yang and his team collect mobile android malware via an automated analysis […]

DeepSec 2016 Keynote: Security in my Rear-View Mirror – Marcus J. Ranum

Posted by on November 8, 2016 at 5:30 pm

Everything that’s old is new again, and if you work in security long enough, you’ll see the same ideas re-invented and marketed as the new new thing. Or, you see solutions in search of a problem, dusted off and re-marketed in a new niche. At this year’s DeepSec conference the keynote will be given by Marcus Ranum, who set […]

DeepSec 2016 Talk: Systematic Fuzzing and Testing of TLS Libraries – Juraj Somorovsky

Posted by on November 8, 2016 at 2:56 pm

In his talk Juraj Somorovsky presents TLS-Attacker, a novel framework for evaluating the security of TLS libraries. Using a simple interface, TLS-Attacker allows security engineers to create custom TLS message flows and arbitrarily modify TLS message contents in order to test the behavior of their TLS libraries. Based on TLS-Attacker, he and his team first developed a two-stage TLS fuzzing approach. […]

DeepSec2016 Talk: Smart Sheriff, Dumb Idea: The Wild West of Government Assisted Parenting – Abraham Aranguren & Fabian Fäßler

Posted by on November 4, 2016 at 8:35 am

Would you want to let your kids discover the darker corners of the Internet without protection? Wouldn’t it be handy to know what they do online, to be alerted when they search for dangerous keywords and to be able to control what websites they can visit and even when they play games? Worry no longer, […]

DeepSec2016 Talk: Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets – Gerhard Klostermeier

Posted by on November 3, 2016 at 3:45 pm

Wireless desktop sets have become more popular and more widespread in the last couple of years. From an attacker’s perspective, these radio-based devices represent an attractive target both allowing to take control of a computer system and to gain knowledge of sensitive data like passwords. Wireless transmissions offer attackers a big advantage: you don’t have […]

DeepSec 2016 Talk: Assessing the Hacking Capabilities of Institutional and Non-institutional Players – Stefan Schumacher

Posted by on November 3, 2016 at 12:45 pm

Cyberwar, Cyberterror and Cybercrime have been buzzwords for several years now. Given the correct context, using cyber has merits. However Cyber-Headlines are full with Cyber-Reports about Cyber-Incidents, Cyber-Hacking and Cyber-Cyber in general. However, that whole discussion does not only suffer from sensationalism of journalists and bloggers, there are also some fundamental problems, says Stefan Schumacher. […]

DeepSec 2016 Talk: Why Companies Must Control Their Data in the Era of IoT – and How To – Kurt Kammerer

Posted by on November 3, 2016 at 9:05 am

In his talk Kurt Kammerer addresses any company’s dilemma: The need for data sharing in the era of IoT while at the same time controlling access and ownership. In order to succeed in business, it is imperative to make data available to customers, suppliers and business partners. However, the explosion and the proclaimed free flow […]

DeepSec 2016 Talk: Insider Threat: Profiling, Intent and Motivations of White Collar Offenders – Ulrike Hugl

Posted by on October 31, 2016 at 8:45 am

Malicious insider threat is not only a security- or technical-oriented issue, mainly it’s a behavioural one, says Prof. Ulrike Hugl. Insiders are so-called ‘trusted’ or privileged employees, very often with legitimate access to the organization’s systems, and they are hard to catch. Furthermore, it is difficult to find appropriate predictive factors and prevention and detection […]

DeepSec2016 Workshop: IoT Hacking: Linux Embedded, Bluetooth Smart, KNX Home Automation – Slawomir Jasek

Posted by on October 31, 2016 at 1:40 am

“The ongoing rise of the machines leaves no doubt – we have to face them”, says Slawomir Jasek, and adds: “It is hard not to agree with one of the greatest military strategists Sun Tzu: “If you know your enemies and know yourself, you will not be put at risk even in a hundred battles”. […]