Press Conference – Impressions and Links

René Pfeiffer/ November 27, 2010/ Press

We’ve got some news from yesterday’s press conference with Ivan Ristić (Qualys), Sharon Conheady (First Defence Information Security Ltd.) and Harald Welte (hmw-consulting) followed by a seven interviews with speakers was a great success. The spirit of DeepSec – bringing people (security experts and journalists in this case) together to talk to each other – was felt every second. Here are the first links to coverage in German media: “Unverschlüsselte Internet-Kommunikation ist fahrlässig” Deepsec 2010: Sicherheitskonferenz im Zeichen mobiler Systeme DeepSec: Faktor Mensch als Sicherheitslücke DeepSec 2010: Interview mit Sharon Conheady zum Thema Social Engineering Krieg von der Couch

The workshops have started!

René Pfeiffer/ November 23, 2010/ Administrivia

We’re near the end of the first day of workshops. We got a smooth start and the mood is great. Wi-Fi is up and running, we got a radio uplink with 32 MBit/s in both directions.¹ The GSM guys have their demonstration set-up up and running. We suspect the social engineering goes well (we can’t tell, we only see smiling faces and awfully nice persons in there). Our ISP enabled Marc to set-up the 6to4 tunnel for the IPv6 security/pentesting workshop. Mariano teaches his class how to determine if their (or your) business-critical SAP implementation is secure. If you are a really late booker, we still accept registrations for the conference, either by our online ticketing service or by ¹ When on site, look for ESSIDs DeepSec2010, DeepSec2010a, DeepSec2010g and DeepSec2010N (no encryption, bring

Read More

DeepSec: Mobile Radio Networks as Targets for Virtual Warfare

René Pfeiffer/ November 20, 2010/ Press

Vienna – The times when a mobile phone was used solely to make calls are long gone, now it’s all about making pictures and surfing the Internet. The groundbreaking success of the iPhone is just one example for the fact that mobile phones have long since outgrown their original use. Youths and adults use them every day  to get information about recent news, the weather or navigation for a future trip with the car. Having the new all-purpose information device by the hand has become a habit. But what happens if criminals or assassins attack the mobile phone network? Cyber War: Public Life in the Crosshairs “The GSM radio network is used by more than 200 countries and holds many spectacular flaws which we want to illustrate.”, explains René Pfeiffer, organiser of the international

Read More

Schedule is stable

René Pfeiffer/ November 19, 2010/ Schedule

The schedule of DeepSec 2010 has been declared stable¹. Unfortunately three speakers had to cancel their presence because of unforeseen reasons. We have managed to fill the slots, so that we have a full schedule and lots of issues to think about. The schedule on the web will now be frozen for print. Any further changes will always be reflected on our web site. We’re looking forward to see you all! ¹ We thought it would be a good idea since declaring code stable is common in software development. ☺

DeepSec: Vacance 2.0 – Risque accru de cambriolage lié aux annonces de départ en vacance sur les réseaux sociaux.

René Pfeiffer/ November 17, 2010/ Press

La conférence sur la sécurité informatique met en garde contre les risques liés aux notifications de départ. Au début des vacances de la Toussaint, beaucoup d’allemands ont parlé de leur projet de voyage sur internet , sans se rendre compte du danger d’une telle annonce. Les risques s’accentuent encore avec l’arrivée du nouveau service de localisation «facebook lieux». Les utilisateurs y indiquent, au moyen de leurs portables, le lieu où ils sont afin de tenir leurs contacts au courant. «Au moment des vacances, beaucoup d’entre eux se laissent aller à poster sur un blog, sur twitter ou Facebook. Révéler son lieu de vacance, par exemple sur Facebook Lieux, augmente d’autant les risques d’effraction chez soi» explique René Pfeiffer, organisateur de la conférence DeepSec qui aura lieu du 23 au 26 novembre 2010 à Vienne.

Read More

A Brief History of GSM A5/2 and 2G/3G Security

René Pfeiffer/ November 15, 2010/ Stories

MiKa and me shared some knowledge about the design flaws and the state of security in 2G/3G networks. The idea was to present an overview. Those networks have been shrouded in NDAs for too long. It is good to see that this is changing. Given the fact that millions of people use this technology on a daily basis, there should have been more publications and a deeper analysis many years ago. GSM features four A5 encryption algorithms. They are called A5/0, A5/1, A5/2 and A5/3. A5/0 is basically plaintext, because no encryption is used. A5/1 is the original A5 algorithm used in Europe. A5/2 is a weaker encryption algorithm created for export (the weakness is a design feature). A5/3 is a strong encryption algorithm created as part of the 3rd Generation Partnership Project. The

Read More

Conférence DeepSec: Focus sur la situation précaire de la sécurité du réseau mondial de téléphonie mobile.

René Pfeiffer/ November 12, 2010/ Press

33 interventions et 8 workshops par des experts internationaux en sécurité informatique. La conférence internationale DeepSec sur la sécurité rassemblera à Vienne, du 23 au 26 novembre 2010, l’élite mondiale dans le domaine de la sécurité des réseaux et du hacking. Cette année, l’accent sera porté sur la sécurité des systèmes mobiles et de leurs utilisateurs ainsi que sur l’infrastructure de la prochaine génération. Les sociétés d’informatique et de sécurité, les usagers, les responsables d’administrations, les chercheurs, la communauté hacker se verront à nouveau offrir la chance de participer à une programmation abondante comprenant 33 interventions et 8 workshops. «Nous sommes très heureux de permettre à tant d’experts d’échanger, pour la quatrième fois, leurs expériences et leurs idées autour du thème essentiel de la sécurité des technologies de l’information» nous explique René Pfeiffer, organisateur

Read More