Tag Archive

DeepSec Video: HackingTeam – How They Infected Your Android Device By 0days

Published on February 20, 2016 By lynx

Backdoors are very popular these days. Not only cybercrime likes extra access, governments like it too. There’s even a lucrative market for insecurity. You can buy everything your IT team defends against legally. Hacking Team is/was one of the companies supplying 0days along with intrusive software to take over client systems. Attila Marosi explained at […]

DeepSec Video: A Death in Athens – The inherent Vulnerability of “Lawful Intercept” Programs

Published on January 20, 2016 By lynx

In politics it is en vogue to create new words by connecting them. The words „cyber“ and „lawful“ come to mind. You can add „crime“ and „intercept(ion)“, and then you got something. Actually you can combine both of the latter words with the first two. Either combination makes sense if you take a look at […]

Debugging Information Security: Self Defence for Entrepreneurs

Published on November 5, 2015 By sanna

In our economy data leaks are a constant companion. That’s the impression one gets when reading the news. Customer portals, online shops, digital communications, plans of products, personnel data, and more can be found in department stores throughout the shadow economy. Blind faith in global networks has indeed suffered in recent years, but companies and […]

Special Screening of the Documentary “A Good American” during DeepSec 2015

Published on October 28, 2015 By lynx

Attendees of DeepSec 2015 will receive a special treat. We have been talking to Friedrich Moser, and he has agreed to show his documentary „A Good American“ on 20 November 2015 exclusively. The private screening will take place in Vienna. It starts at 2100 at the Burg Kino, known for showing „The Third Man“. „A […]

DeepSec 2015 Keynote: Can Societies manage the SIGINT Monster?

Published on October 27, 2015 By lynx

Gathering data has become very important in the past years. Everyone is talking about intelligence of all shades, few know what it actually means and how you do it properly (we got a workshop for that, if you are interested). Information security needs to anticipate threats and adapt the defences accordingly. The same is true […]

DeepSec 2015 Talk: A Death in Athens: The inherent Vulnerability of “lawful Intercept” Programs, and Why all Government authorized Backdoors are very dangerous – James Bamford

Published on October 22, 2015 By sanna

Some of you might remember the „Athens Affair“. In 2005 Ericsson found backdoors in the lawful interception systems of Vodafone Greece. The software on these modules was altered to successfully wiretap phone numbers without detection. When one of the tapped phones made or received a phone call, the exchange, or switch, sent a duplication of […]

Digital Naval Warfare – European Safe Harbor Decree has been invalidated

Published on October 8, 2015 By lynx

The global cargo traffic on the Internet needs to revise its routes. The Court of Justice of the European Union has declared the so-called „Safe Harbor“ agreement between the European Commission (EC) and US-American companies as invalid. The agreement was a workaround to export the EU Directive 95/46/EC on the protection of personal data to […]

I spy with my little Spy, something beginning with „Anti…“

Published on June 27, 2015 By lynx

Anti-virus software developers made the news recently. The Intercept published an article describing details of what vendors were targeted and what information might be useful for attackers. Obtaining data, no matter how, has its place in the news since 2013 when the NSA documents went public. The current case is no surprise. This statement is not […]

DeepINTEL 2015 – How to deal with (Industrial) Espionage

Published on May 15, 2015 By lynx

The DeepINTEL event in September will have a strong focus on a specific kind of intelligence. We will address the issue of espionage. Given the headlines of the past six months it is clear that companies are subject to spying. There is no need for euphemisms any more. Even with half of the information published […]

DeepSec 2014 Talk: A Myth or Reality – BIOS-based Hypervisor Threat

Published on September 24, 2014 By lynx

Backdoors are devious. Usually you have to look for them since someone has hidden or „forgotten“ them. Plus backdoors are very fashionable these days. You should definitely get one or more. Software is (very) easy to inspect for any rear entrances. Even if you don’t have access to the source code, you can deconstruct the […]

IT Security without Borders

Published on May 27, 2014 By lynx

U.S. government officials are considering to prevent Chinese nationals from attending hacking and IT security conferences by denying visas. The ideas is „to curb Chinese cyber espionage“. While this initiative has been widely criticised and the measure is very easy to circumvent, it doesn’t come as a surprise. Recent years have shown that hacking has […]

DeepSec 2013 Talk: Prism Break – The Value Of Online Identities

Published on November 1, 2013 By lynx

We all have identities. We use them on a daily basis in our off-line world. Colleagues greet us at work, because they know who we are. Of course our family members know who we are. When it comes to the digital life-style our identity becomes a lot more complex and diverse. Web shops know what […]

Crypto Wars by Black Boxes and Standards

Published on September 15, 2013 By lynx

Intelligence services go after cryptography. That’s the news you have probably read in the past weeks. That’s no surprise. They have been doing this for centuries. If your job is to intercept and analyse communication, then cryptography gets in your way (provided the target uses it properly). Intelligence services have been dealing with creating and […]

„Cyber Cyber Cyber“ revisited – Information Warfare

Published on July 5, 2013 By lynx

So far we haven’t commented on the ongoing season of the Game of Spooks miniseries. We wait for the break after the last episode – provided there is one. However we have written about information warfare and espionage in this blog. Enter secrets. During DeepSec 2012 the concept of „cyber war“ was heavily explored. Eventually […]

It’s the Smart Meters that matter – or is it?

Published on March 18, 2012 By lynx

Wired’s Danger Room has an article about how ubiquitous computing and smart homes are eagerly awaited by the CIA to turn your networked environment into a gigantic spy tool. CIA Director David Petraeus very much likes the „Internet of things” as an information gathering tool. Security researchers can’t wait, too. However they have a very […]