Hacking Transportation Devices – 0wning Cars!

René Pfeiffer/ March 17, 2011/ Security, Stories

Last Summer we published a short article about an experimental study of modern car sensors systems and their security. Researches took a modern car, connected to the internal data bus and tried to do some hacking. They were able to manipulate on-board systems up to controlling the brakes and the engines. The study shows that once you have access to the (internal) network, you can do things that were most probably never anticipated by the designers. Arguably the risks of these kind of attacks is rather low – for now. However if you think about the Internet, software working in networked environments or the plethora of devices that can be connected to computers, then the number of attack vectors increases. This is not breaking news. You can see this trend in the wonderful world

Read More

Reminder: Mind2Mind Event I/2011 – „Wir werden Sie belauschen!“

René Pfeiffer/ March 16, 2011/ Communication, Veranstaltung

This is a short reminder of our local Mind2Mind event about the technology means of espionage in companies and organisations. The talk will be held by Wolfgang K. Meister of VOXCOM (and will be in German). Mr. Meister will address eavesdropping devices, microphones, attacks on telephone communication (VoIP, ISDN, analogue, 2G/3G), peculiarities of mobile phone networks and attacks on Internet communication, local computer systems and IT infrastructure. He will also discuss countermeasures. Dies ist eine kurze Erinnerung an unseren lokalen Mind2Mind Event „Wir werden Sie belauschen!“, der die Technologie von Spionage und Lauschangriff an Unternehmen und Organisationen beleuchtet. Der am Abend stattfindende Vortrag von Herrn Wolfgang K. Meister der Firma VOXCOM beschäftigt sich mit Wanzen, Mikrofonen, Aufnahme von Körperschall, Funk, Angriffen auf Telefone (VoIP, ISDN, analog, 2G/3G), Eigenheiten von Mobilfunknetzwerken und Attacken auf IKT

Read More

DeepSec 2011 – Call for Papers out soon

René Pfeiffer/ March 14, 2011/ Administrivia, Conference

We’re currently working on the Call for Papers for DeepSec 2011. The conference will take places from 15 to 18 November 2011, so you might want to save this date and mark it in your calendar. Mobile gadgets, the wonderful world of app stores filled with mal- and software, infrastructure and information war(rez)fare are top on the list of Things To Watch Out For™. We will sum up what we’re after in the CfP published on our new web site.

Rare Catastrophic Events and Infrastructure

René Pfeiffer/ March 12, 2011/ High Entropy

Most security administrators have to deal with risks and their management. If you read the news, then you will hear about lots of things that can go wrong for a multitude of reasons. A common tactic to get the required budget for securing infrastructure is to collect some horror stories and present them to management. Basically this is a polite form of blackmail. It might work, but there’s already enough fear and uncertainty spread through various media channels and word of mouth (or both). Now if you’re really interested in more stories about the End of your Data Days, why not go for earthquakes and global warming? Asteroids will do fine, too. But seriously, there’s some real thoughts behind this idea. The Internet is not strongly bound by geographical boundaries. The data of most

Read More