Archive for October, 2011

0zapftis revisited – 0ktoberfest for Security Researchers

October 11, 2011

The CCC analysis of the malicious software bought and used by the German government has put our blog schedule and RSS reading habits out of balance. Frankly our necks hurts because we constantly shake our heads since the PDF of the analysis was published. We have talked to journalists who showed interested in the design […]

Tags: , , ,
Posted in High Entropy, Odd 2 Comments »

Talk: Identity X.0 – Securing the Insecure

October 10, 2011

Identities are important. You might already know this, but in the times of heavily meshed web applications and users moving between different web sites keeping track of a client’s identity can be difficult. Moreover it’s not just about identities but also about transporting account/user attributes by various protocols and standards between various applications. You might […]

Tags: , , ,
Posted in Conference Comments Off on Talk: Identity X.0 – Securing the Insecure

Analysis of Governmental Malware

October 9, 2011

There is a ongoing discussion about the use of malicious software for criminal investigations. German and Austrian agencies use the term „Online-Durchsuchung“ (online search) or „Quellen-Telekommunikationsüberwachung“ (source telecommunications surveillance) for investigative measures that cover the source of telecommunication messages (which is usually a suspect’s computer or telephone). In context with malicious software used for this […]

Tags: , , ,
Posted in Odd, Security, Stories Comments Off on Analysis of Governmental Malware

Talk: Human Factors Engineering for IT Security

October 7, 2011

Members of IT staff love acronyms such as RTFM, PEBKAC, PICNIC and ID-10T error. These will often be mentioned when human factors are playing a key role. If you dig deeper and analyse typical situations where human errors are involved, then you will have to deal with user interfaces (UIs) and technical documentation. It’s easy […]

Tags: ,
Posted in Conference 1 Comment »

Of Web Apps, Smartphones and Data Leaks

October 6, 2011

Just digging through the backlog of the past days. Someone shot me a quick link to a web site showing an administrative interface. I failed to see the significance right away, because the link was sent by chat with an URL obfuscator shortener. I know discovered the corresponding blog post to this issue. Coincidentally I […]

Tags: , , ,
Posted in High Entropy Comments Off on Of Web Apps, Smartphones and Data Leaks

Talk: Armageddon Redux – The Changing Face of the Infocalypse

October 6, 2011

DeepSec has a tradition of holding a „night talk“. This is the last talk on the first day, just before the Speaker’s Dinner. Don’t let the expectation of good Austrian food fool you. Morgan Marquis-Boire will serve you an appetiser which may be hard to digest: Armageddon Redux The talk is a follow-up on Morgan’s Fear, […]

Tags: , ,
Posted in Conference, High Entropy Comments Off on Talk: Armageddon Redux – The Changing Face of the Infocalypse

Talk: Alerting, Reminding, Reminding, Reminding and Releasing Vulnerability

October 5, 2011

Some of you have first-hand experience with the discussions around full disclosure. Enumerating Bugtraq moderated by Aleph One, SecurityFocus and the full-disclosure mailing list is a heavily condensed view of the problem. The term full disclosure actually originates from the problems locksmiths had with weaknesses of locks. The discussion is over a hundred years old […]

Tags: , , ,
Posted in Conference Comments Off on Talk: Alerting, Reminding, Reminding, Reminding and Releasing Vulnerability

Talk: Ground BeEF – Cutting, devouring and digesting the legs off a Browser

October 4, 2011

Web browsers have turned into industrial standard software. There’s no office, no company, no network, no client any more that does not use web browsers for at least one task. Any attacker can safely assume that browser software will be present in most target networks. Sadly browser security has not kept up with the spread […]

Tags: , , , ,
Posted in Conference 1 Comment »

Talk: Patching Vehicle Insecurity

October 1, 2011

The good old car has turned into a high-tech computing device. Researchers of the Freie Universität Berlin have recently tested a car without a driver. Scientists sat in the back seat while the car travelled 80 km in total on roads through Berlin and Brandenburg. An advertisement of a car company proudly touts: The road […]

Tags: , ,
Posted in Conference Comments Off on Talk: Patching Vehicle Insecurity