Stories

DeepSec 2013 Video: Top 10 Security Mistakes In Software (Development)

Posted by on February 8, 2014 at 8:23 am

Everybody makes mistakes. It’s no surprise that this statement applies to software development, too. When you deal with information security it is easy to play the blame game and say that the application developers must take care to avoid making mistakes. But how does software development work? What are the processes? What can go wrong? […]

DeepSec 2013 Video: Trusted Friend Attack – (When) Guardian Angels Strike

Posted by on February 6, 2014 at 8:23 am

We live in a culture where everybody can have thousands of friends. Social media can catapult your online presence into celebrity status. While your circle of true friends may be smaller than your browser might suggest, there is one thing that plays a crucial role when it comes to social interaction: trust. Did you ever […]

DeepSec 2013 Video: Auditing Virtual Appliances – An Untapped Source Of 0-days

Posted by on February 5, 2014 at 8:23 am

Appliances are being sold and used as security devices. The good thing about these gadgets is an improvement of your security (usually, YMMV as the Usenet folks used to write). The bad thing about inserting an unknown amount of code into your defence system are the yet to be discovered flaws in its logic. In […]

DeepSec 2013 Talk: Supply Chain – The Exposed Flank

Posted by on November 15, 2013 at 2:24 pm

Securing your own perimeter is the prime task IT security teams are worried about. However there is Murphy’s Law of Firewalls, too. Given a sufficient amount of time, business requirements will pierce a lot of holes in your firewall and your defences. Once you work with suppliers, you will have to deal with their perimeters […]

DeepSec 2013 Talk: Risk Assessment For External Vendors

Posted by on November 6, 2013 at 8:23 am

No man is an island. If this is true for every single one of us, then it is also true for companies. Modern enterprises have business to business (B2B) relations. They are at the centre of a network of suppliers and other vendors. Information flows between the players since they need to exchange data. What […]

DeepSec 2013 Talk: Trusted Friend Attack – Guardian Angels Strike

Posted by on November 5, 2013 at 9:23 am

Have you ever forgotten a password? It’s a safe bet to assume a yes. Sometimes we forget things. When it comes to logins there is usually a procedure to restore access and change the forgotten password to a known new one. This Forgot Your Password functionality is built into many applications. The mechanism is to […]

DeepSec 2013 Talk: Easy Ways To Bypass Anti-Virus Systems

Posted by on October 31, 2013 at 7:22 pm

The Joys of Detecting Malicious Software Malicious software is all around us. It permeates the Internet by riding on data transmissions. Once you communicate, you risk getting in touch with malware (another name for malicious software). This is why every single one of us, be it individual, company or organisation, runs anti-virus software. The idea […]

DeepSec 2013 Workshop: Hands On Exploit Development (Part 2)

Posted by on October 21, 2013 at 1:55 am

Unless you buy ready-made exploits or do security research (you know, the tedious task of testing systems and code, findings bugs and assessing their impact) you may wonder where they come from. To show you how to exploit a vulnerability and how to get to an exploit, we have asked Georgia Weidman for an example. […]

DeepSec 2013 Talk: Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Oddities

Posted by on October 19, 2013 at 12:38 pm

The SANS Institute offers the article The History and Evolution of Intrusion Detection in its Reading Room. The article was published in 2001. It starts with the phrase „during the past five years…“. We now have 2013. Why is it important to examine the history of a technology which certainly is well established and widely deployed […]

Alien Technology in our Datacenters

Posted by on November 5, 2012 at 9:20 pm

Sometimes when I watch administrators at work, especially when I start to ask questions, I get an uneasy feeling: “this is not right”. As it turns out many of the people who maintain, manage and configure IT or communication equipment don’t understand the technology they are using. At least not in depth. Mostly they have […]

Wireless (Wi-Fi) Security Interview

Posted by on August 20, 2012 at 8:57 pm

Today we had a visit from an Austrian television crew to answer some short questions about wireless security. It’s too bad that journalists always look for „hackers“ who „hack something“. While we had no idea what they were talking about, we delivered a short summary of wireless security. For most of you this is old […]

What is a Hacker Tool and how do you ban it?

Posted by on April 25, 2012 at 11:37 am

What exactly is a hacker tool? The answer to this question depends on who you ask. To McGyver it would probably everything, to a hacker it would be any suitable tool and to a politician it would be anything that cannot be easily understood. The English Wikipedia has no entry on hacker tool. So what […]

Let’s talk about War

Posted by on April 17, 2012 at 12:55 pm

Extreme situations, entropy eruptions and unforeseen problems caused by complex interactions between a plethora of components are prime story material. You can use it in (science) fiction, you can use for breaking news, you can use it for scaring your children, you can use it for advertising and you can use it when talking about […]

Simple Questions, Security Design, Details and Assumptions

Posted by on April 3, 2012 at 12:23 am

A few days ago we received a call from a journalist who was researching for an article about a system about parking place management. Motorists have a hard time finding a place to park in busy urban areas. This is why Austrian researchers thought of fitting street lamps with cameras that monitor parking areas. The […]

DeepSec 365 Conference Track and Disinformation

Posted by on April 2, 2012 at 3:42 am

We admit. We could not resist. Bazinga! Writing articles to be published on 1 April is fun, and you probably should not read any news on this day (or blog articles or anything, don’t even talk to people until 2 April). If you consider the disinformation practised on All Fools’ Day and connect it to […]