Tag Archive

Putting the Science into Security – Infosec with Style

Published on January 27, 2017 By lynx

The world of information security is full of publications. It’s like being in a maze of twisted little documents, all of them alike. Sometimes these works of art lack structure, deep analysis, or simply reproducibility. Others are perfectly researched, contain (a defence of) arguments, proofs of concept, and solid code or documentation to make a point. […]

FHOÖ supports DeepSec 2016 Conference!

Published on November 1, 2016 By lynx

We are glad to announce that the University of Applied Sciences Upper Austria supports the DeepSec 2016 conference! Their motto teaching and learning with pleasure – researching with curiosity fits perfectly to information security. Their courses cover more than just computer science. If you are interested in engineering, economics, management, media, communications, environment, or energy, […]

DeepSec 2016 Talk: TLS 1.3 – Lessons Learned from Implementing and Deploying the Latest Protocol – Nick Sullivan

Published on October 19, 2016 By sanna

Version 1.3 is the latest Transport Layer Security (TLS) protocol, which allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. TLS is the S in HTTPS. TLS was last changed in 2008, and a lot of progress has been made since then. CloudFlare […]

Firmware Threats – House of Keys

Published on September 10, 2016 By lynx

SEC Consult, our long-term supporter, has updated a report on the use of encryption keys in firmware. These hardcoded cryptographic secrets pose a serious threat to information security. The report features 50 different vendors and has some interesting statistics. The results were coordinated with CERT/CC in order to inform the vendors about the problem. The […]

Deep Sec2016 Talk: DROWN – Breaking TLS using SSLv2 – Nimrod Aviram

Published on September 5, 2016 By sanna

In the past years encrypted communication has been subject to intense scrutiny by researchers. With the advent of Transport Layer Security (TLS) Internet communication via HTTP became a lot more secure. Its predecessor Secure Sockets Layer (SSL) must not be used any more. The real world has its own ideas. SSLv2 and SSLv3 is still […]

Intelligence on the Silver Screen: A Good American Kickstarter Campaign

Published on July 21, 2016 By lynx

Surveillance has a bad reputation. No one likes to be watched. Yet infosec researchers, sysadmins, and developers talk a lot about log files. We need to watch stuff for various reasons. You got your mail logs, diagnostic messages, performance metrics, network addresses, and more painstakingly sorted by timestamps and maybe geolocation. Log data is part […]

BSides London 2016 – Schedule

Published on June 4, 2016 By lynx

In case you haven’t noticed, the London BSides schedule is up. The Rookie track starts right with the most important part of information security – opsec. Behaviour is on a par with expensive security hardware and your favourite protection software. Wearables, video games, hidden data, malware mythbusting, and more follow next. The main schedule features […]

The Didactic Side of Information Security

Published on May 18, 2016 By lynx

Explaining complicated topics with a lot of dependencies is hard. Even the operation of devices such as computers, telephones, or cloud(ed) applications can’t be described in a few sentences. Well, you can, if you use the tried and true lie-to-children method coined by Jack Cohen and Ian Stewart. If you really want to dive into […]

Reminder: DeepINTEL 2016 – Call for Papers – Beat Big Data and Full Take with Brains

Published on March 15, 2016 By lynx

We already published a Call for Papers for the upcoming DeepINTEL 2016. Here are some thoughts to get your creativity going. Standard solutions and off-the-shelf products to solve your security needs are remains from the 1990s. Everything else has gone smart, and that’s how you have to address security problems in the future. NSA director […]

DeepSec Video: Remote Browser-Based Fingerprinting of Local Network Devices

Published on March 2, 2016 By lynx

Reconnaissance is first, then comes the attack. This is why fingerprinting devices is the first step. Manfred Kaiser (Josef Ressel Zentrum) explained at DeepSec 2015 how this can be done by the local web browser(s) in the locally connected network segment. Manfred discusses remote device fingerprinting techniques for SOHO routers and other network-connected devices offering […]

DeepSec Video: HORNET – High-speed Onion Routing at the Network Layer

Published on February 22, 2016 By lynx

Given that reconnaissance is the first step of a successful attack, anonymity has become more important than ever. The Invisible Internet Project (I2P) and the TOR project are prominent tools to protect against prying eyes (five or more). TOR is widely used. Users of anonymity services will notice that the price for extra protection is […]

DeepSec Video: Not so Smart – On Smart TV Apps

Published on February 18, 2016 By lynx

„Smart“ follows the footsteps of „cyber“. Everything is smart nowadays. The problem is that using smart in this context just means a combination of „Turing complete“ and „connected to the Internet“. That’s it. This is a pretty low barrier for calling something „smart“. t DeepSec 2015 Markus Niemietz held a presentation about the state of […]

DeepSec Video: Extending a Legacy Platform Providing a Minimalistic, Secure Single-Sign-On-Library

Published on February 17, 2016 By lynx

Even if you are not running a mainframe you probably have some old applications which you still need and whose code you cannot lift into the present (technology-wise). This is something you need to address. Despite decades of security research and authentication standards there’s still a vast amount of systems with custom solutions and embedded […]

DeepSec Video: Measuring the TOR Network

Published on February 13, 2016 By lynx

A lot of people use TOR for protecting themselves and others. Fortunately the TOR network is almost all around us. But what does it do? How can you get access to metrics? TOR is an anonymisation network and by design doesn’t know anything about its users. However, the question about the structure of the user […]

DeepSec Video: How to Break XML Encryption – Automatically

Published on February 10, 2016 By lynx

XML is often the way to go when exchanging information between (business) entities. Since it is older than the widespread adoption of SSL/TLS, there is a special standard called XML Encryption Syntax and Processing. You can use XML encryption to encrypt any kind of data. So far, so good. But In recent years, XML Encryption […]