Tag Archive

Endangered Species: Full Disclosure in Information Security

Published on November 6, 2015 By sanna

History, fictive or real, is full of situations where doubts meet claims. Nearly every invention, every product will be eyed critically, analysed, and tested. There are even whole magazines fully dedicated to this sport, be it for example, consumer protection, reviews of computer games or the car of the year. When it comes to testing […]

DeepSec 2015 Keynote: Can Societies manage the SIGINT Monster?

Published on October 27, 2015 By lynx

Gathering data has become very important in the past years. Everyone is talking about intelligence of all shades, few know what it actually means and how you do it properly (we got a workshop for that, if you are interested). Information security needs to anticipate threats and adapt the defences accordingly. The same is true […]

Digital Naval Warfare – European Safe Harbor Decree has been invalidated

Published on October 8, 2015 By lynx

The global cargo traffic on the Internet needs to revise its routes. The Court of Justice of the European Union has declared the so-called „Safe Harbor“ agreement between the European Commission (EC) and US-American companies as invalid. The agreement was a workaround to export the EU Directive 95/46/EC on the protection of personal data to […]

DeepINTEL 2015 – How to deal with (Industrial) Espionage

Published on May 15, 2015 By lynx

The DeepINTEL event in September will have a strong focus on a specific kind of intelligence. We will address the issue of espionage. Given the headlines of the past six months it is clear that companies are subject to spying. There is no need for euphemisms any more. Even with half of the information published […]

DeepSec 2014 Talk: Build Yourself a Risk Assessment Tool

Published on October 29, 2014 By sanna

„The only advice I might give to everyone who is responsible for information security is that it is never about a tool or a methodology“, says Vlado Luknar. The never-ending quest for the “best” tool or methodology is a futile exercise. In the end it is you, the security specialist, who adds the most value […]

DeepSec 2014 Talk: Build Yourself a Risk Assessment Tool

Published on September 10, 2014 By lynx

All good defences start with some good ideas. The is also true for information security. DeepSec 2014 features a presentation by Vlado Luknar who will give you decent hints and a guideline on how to approach the dreaded risk assessment with readily available tools. We have kindly asked Vlado to give you a detailed teaser […]

DeepSec 2013 Video: Future Banking And Financial Attacks

Published on February 24, 2014 By lynx

Predicting the future is very hard when it comes to information technology. However in terms of security analysis it is vital to keep your head up and try to anticipate what attackers might try next. You have to be as creative as your adversaries when designing a good defence. This is why we invited Konstantinos […]

DeepSec 2013 Video: Risk Assessment For External Vendors

Published on February 19, 2014 By lynx

CIOs don’t like words like „third party“ and „external vendor“. Essentially this means „we have to exchange data and possibly code with organisation that handle security differently“. Since all attackers go for the seams between objects, this is where you have to be very careful. The fun really starts once you have to deal with […]

DeepSec 2013 Talk: Future Banking And Financial Attacks

Published on November 7, 2013 By lynx

Hey, you! Want to know a secret? Your adversaries are after money. Taken the „cyber shoot-outs“ of governments aside, no sophisticated attack happens without economical benefits. Attackers don’t care where the money comes from. However they care for efficiency. They do not compromise web server after web server to hope for some loot which can […]

DeepSec 2013 Talk: Risk Assessment For External Vendors

Published on November 6, 2013 By lynx

No man is an island. If this is true for every single one of us, then it is also true for companies. Modern enterprises have business to business (B2B) relations. They are at the centre of a network of suppliers and other vendors. Information flows between the players since they need to exchange data. What […]

DeepSec 2013 Workshop: Developing and Using Cybersecurity Threat Intelligence

Published on September 26, 2013 By lynx

The arsenal of components you can use for securing your organisation’s digital assets is vast. The market offers a sheer endless supply of application level gateways (formerly know as „firewalls“), network intrusion detection/prevention systems, anti-virus filters for any kind of platform (almost down to the refrigerator in the office), security tokens, biometrics, strong cryptography (just […]

Zombies at the Hospital

Published on October 31, 2012 By lynx

It’s 31 October, so we have to talk about these zombies. You know them from the horror films. Dead, evil, and always hungry for brains (the latter also being true for any self-respecting HR department). Security researchers know a different kind of zombie. A zombie computer is a machine or device infected by a computer […]

DeepSec 2012 Workshop: Strategic Thinking and Assessing Risk

Published on September 24, 2012 By lynx

We have begun to address the increasing demand for strategic thinking by staging the first DeepINTEL event in 2012. Since we strongly believe in the importance of the „big picture“, we offer a workshop on strategic thinking and assessing risk at DeepSec 2012, too. The training will be conducted by Richard Hanson, who has a […]

Take-Away Security Tools Probably Aren’t

Published on August 27, 2012 By lynx

You have probably read one of the many reviews of security tools published in the depths of the Internet. A lot of magazines feature articles with the headline „Top n Tools for $TASK“. While reviews are a nice way of being introduced to new things, especially tools and software, you have to be careful when […]

BYOD Madness

Published on May 7, 2012 By lynx

When it comes to computing we all like convenience, just like in other areas of personal or business life. It’s nice to use familiar tools. Provisioning is much easier for your IT department if your users bring their own hardware. So, let’s sprinkle this idyllic setting with some security in terms of malware protection, data […]