Tag Archive

Putting the Context into the Crypto of Secure Messengers

Published on January 21, 2017 By lynx

Every once in a while the world of encrypted/secure/authenticated messaging hits the wall of usability. In the case for email Pretty Good Privacy (PGP) is an ancient piece of software. These days we have modern tools such as GnuPG, but the concept of creating keys, verifying identities (i.e. determining who is to trust), synchronising trust/keys […]

DeepSec2016 Talk: Security and Privacy in the Current E-Mobility Charging Infrastructure – Achim Friedland

Published on October 15, 2016 By sanna

The whole information technology strongly depends on electric power. Your servers will turn into expensive door stoppers once the power goes out. The same is true for your mobile devices and the hardware you use to get around. Hence there are efforts to extend the power grid to accommodate the demand of new and emerging […]

DeepSec Video: File Format Fuzzing in Android – Giving a Stagefright to the Android Installer

Published on February 6, 2016 By lynx

The Stagefright exploit haunts the Android platform. The vulnerability was published in Summer 2015. It gives attackers a way to infect Android smartphones by using multimedia files such as pictures, text, and videos. This is a perfect vector since most people will look at media instantly. Dr. Aleksandr Yampolskiy gave a presentation at DeepSec 2010 […]

DeepSec 2015 Talk: Bridging the Air-Gap: Data Exfiltration from Air-Gap Networks – Mordechai Guri & Yisroel Mirsky

Published on November 4, 2015 By sanna

Air does not conduct electricity, usually. Using air gaps between parts transporting electric power by high voltages is a standard method in electrical engineering. Similar strategies are used in information security. Compartmentalisation can be done by network components, logical/physical separation, solid walls, and space filled with air. The only threat you have to worry about […]

Security of Things – Dead Horses just get beaten with the Internet

Published on July 27, 2015 By lynx

What do NoSQL databases and cars have in common? You can find and freely access them by using the trusty Internet. Wired magazine has published a story about a remotely controlled Jeep Cherokee. Charlie Miller and Chris Valasek have found a way to use the properties of UConnect™ combined with (design) flaws to take full […]

Encrypted Messaging, Secure by Design – RedPhone and TextSecure for iOS

Published on February 2, 2015 By lynx

Encrypted communication is periodically in the news. A few weeks ago politicians asked companies and individuals all over the world to break the design of all secure communication. Demanding less security in an age where digital threats are increasing is a tremendously bad idea. Cryptographic algorithms are a basic component of information security. Encryption is […]

Encryption – A brand new „Feature“ for Cars

Published on February 2, 2015 By lynx

At DeepSec 2011 Constantinos Patsakis and Kleanthis Dellios held a presentation titled “Patching Vehicle Insecurities”. They pointed out that the car is starting to resemble more to a computer with mechanical peripherals (incase you haven’t seen their talk,  please do!). This is true for all types, not only the modern cars powered by electricity alone. […]

DeepSec 2013 Video: Using Memory, Filesystems And Runtime To App Pen iOS And Android

Published on February 26, 2014 By lynx

Your iOS or Android smartphone can do a lot. „There’s an app for that!“ is also true for information security. So what can you do? We have seen smartphones used as an attack platform for penetration testing. You can use them for wardriving, and, of course, for running malicious software (next to „normal“ software which […]

DeepSec 2013 Video: Bypassing Security Controls With Mobile Devices

Published on February 11, 2014 By lynx

Controls blocking the flow of data are an important tool of defence measures. Usually you need to enforce your organisation’s set of permissions. There are even fancy gadgets available to help you cope with data loss in terms of unauthorised access. This only works in controlled environments. Fortunately the modern IT policy allows intruders to […]

DeepSec 2013 Video: Uncovering your Trails – Privacy Issues of Bluetooth Devices

Published on February 3, 2014 By lynx

Devices with Bluetooth capabilities are all around us. We have all gotten used to it. Smartphones, laptops, entertainment electronics, gaming equipment, cars, headsets and many more systems are capable of using Bluetooth. Where security is concerned Bluetooth was subject to hacking and security analysis right from the start. Bluedriving, Bluejacking, cracking PIN codes, and doing […]

DeepSec 2013 Video: Cracking Open “Secure” Android Containers

Published on January 19, 2014 By lynx

Cell phones, especially the smart ones, become more and more part of your company’s infrastructure. These devices accumulate software (a.k.a. „apps“), authentication tokens, passwords, and a lot of data worthy of protection. While smartphone systems have their own protection mechanisms, not every one of them might work reliably. Chris John Riley explains in his presentation […]

DeepSec 2013 Talk: Bypassing Security Controls With Mobile Devices

Published on November 15, 2013 By lynx

How do you counter threats emerging from a new trend? Well, standard practice is to buy a new appliance, add-on, or similar magic trick. People do this currently with the trend of Bring Your Own Device (BYOD). Once you say yes to BYOD, you just gave Santa Claus (or your chief financial officer) more options […]

DeepSec 2013 Talk: Building The First Android IDS On Network Level

Published on November 13, 2013 By lynx

Being popular is not always a good thing and here’s why: As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. The threat to mobile devices, however, is not limited to rogue versions […]

DeepSec 2013 Talk: Mobile Fail: Cracking Open “Secure” Android Containers

Published on November 8, 2013 By lynx

Over the last few years the desire to have information at our fingertips whenever and wherever we want has driven us more and more towards mobile devices. The convenience of having our email, files and access codes available to us on our smartphones or tablets has given rise to a new problem… that of securing […]

DeepSec 2013 Workshop: Attacks On GSM Networks

Published on October 4, 2013 By lynx

Mobile phone networks have penetrated even the most remote areas of the Earth. You can send a tweet from Mount Everest if you like, the cell service is already there. In addition mobile phone networks feature 6 billion subscribers all over the world. Communication by mobile devices has entered the routine of daily life. It’s […]