A video team from Golem, one of Germany’s largest IT news web sites, did some interviews at DeepSec 2011. We already mentioned the interview with Sharon Conheady and Stefan Schumacher. There’s a new video available. It’s an interview with Constantinos Patsakis about the security and the automotive industry. Modern cars rely heavily on computer systems and data buses, but they lack mechanisms to control access to different components by different users. Constantinos and Kleanthis Dellios discussed this problem in their talk at DeepSec 2011 and suggested solutions to this problem. Watch the video and listen to the interview. Video: Interview C. Patsakis Sicherheit in Autos (3:08) Harald Welte, who conducted the „Attacking GSM“ training with Dieter Spaar at DeepSec 2011, gave an interview about the state of security in the GSM network. Video: Interview Harald
All of you who attended DeepSec 2011 know that we had a Wall of Sheep at the conference. We set it up by copying packets via the Netfilter TEE target from the router to the Wall of Sheep box (note to self: never ever mirror broadcast or multicast packets). We only displayed logins and the number of characters of the password, all data was processed and stored in RAM. The display was only accessible from the conference network. On the first day of the conference we did not announced the Wall, we only encouraged everyone to use secure protocols and not to use services that send sensitive data unprotected. We even set up posters and flyers warning to use the conference network (the reason were other events at the venue taking place in parallel).
We have some more articles for you. Apparently the talks of our speakers raised a few eyebrows. Most of the articles are in German. Dradio: Das sichere Auto ist ein Mythos Interview with Mariann Unterluggauer about impressions from DeepSec 2011 and the myth of automobile security. Dradio: Nur scheinbare Datensicherheit This is a second article published on the Deutschlandfunk web site features Duncan’s talk and bugs in security software. Ö1: Können Hacker Autos fernsteuern? „Can hackers remotely control cars?“ Well, given the current design and lack of security they probably will do so in time for DeepSec 2012. Ö1: Make Cyberpeace, not Cyberwar. Ein Bericht von der DeepSec The topic of cyber warfare is still hot. Wie Terroristen verschlüsseln – Digitale Spuren kaum verwischt The Neuer Zürcher Zeitung (NZZ) has a comment about Duncan’s
Since DeepSec 2011 has ended and we still want to have a chat with you, let’s meet at the party! It takes place at the Metalab, a local hacker space next to the town hall. We have music, we have stuff to drink, we got access to the Intertubes, we got lots of nice people, and even more reasons to have some fun! Don’t miss it!
The DeepSec 2011 has ended. We enjoyed meeting all of you and hope to have fulfilled our role as a catalyst. We had some great talks, great discussions, and shared thoughts, insights and different views concerning security and insecurity alike. We hope your professional paranoia doesn’t keep you from getting sleep. We will follow the press coverage in our blog and link to articles. Golem has produced video interviews which will be published soon. Our own video team will retreat to the rendering farm and post-process the raw video data. As soon as we have collected all slides from our speakers, we will put them to the archive (and publish the link). We thank all the speakers for the superb material they presented! Without talks there would be no DeepSec at all. We thank
The first articles about DeepSec 2011 are online. Most of them are in German, so you might want to use Google Translate for it. In addition Golem will publish video interviews with selected speakers soon (we will tell you as soon as they are available). Wie Terroristen verschlüsseln Duncan Campbell talks about encryption and compares it to the real world. There have been a lot of rumours about terrorist groups using modern encryption. The reality looks a bit different. Tools like PGP are around, but some groups still rely on substitution and transposition ciphers. Managing keys of modern cryptography and handling the tools isn’t as easy as changing clothes. Procedures, procedures, procedures, ask the auditors. Das Streben nach dem Cyber-Weltfrieden Stefan Schumacher illustrates the concept of cyber-peace described in his talk yesterday. Everyone invests
Intrusion Detection Systems were very much in demand over 10 years ago. The widely known Snort IDS software is a prominent tool. Other vendors have their own implementations and you can readily buy or download thousands of rules distributed in various rule sets. Cranking up the sensitivity will then easily give you more alerts than you will ever be able process sensibly. This is the mindset that settles once they hear „IDS“ or „IPS“. We don’t think this view is still true. That’s why Victor Julien and Eric Leblond, Open Information Security Foundation, will talk about Advances in IDS and Suricata at DeepSec 2011. You have probably heard of Suricata, the next generation intrusion detection engine. Development of Suricata started in 2008 and war first released as stable in December 2009. Past DeepSec conferences featured
For all of you who frequently visits „hacking hot spots“ this should be familiar. For all others who blindly trust the Net it should be a wake-up call. Here’s a short and probably incomplete check-list in case you are preparing for DeepSec 2011 or any other event with a public Internet access (the CCC has a more complete list on their event web site). Secure your operating system (vendor and type doesn’t matter). Backup your data. Do run a firewall or a similar filter on your device (vendor and type doesn’t matter). The hostile network starts right at your antenna or Ethernet jack (again regardless of vendor and layer 1 technology). Try to use a VPN tunnel to a trusted network (such as your company or home network). Tunnel all traffic through your VPN
While UK is preparing for war we’ll try something completely different at DeepSec 2011. We will talk about peace („cyber-peace“ to be exact). The ill-defined term cyber-war is haunting media, security communities, politics and the military for a while now. We already had talks about this at past DeepSec conferences. Cybersecurity is currently a big hype even in mainstream media like the Frankfurter Allgemeine Zeitung, The Guardian or The New Yorker. Exploits and Vulnerabilities like Stuxnet or the German Trojan Rootkit for Lawful Interception are discussed in prime time news. Hackers like the Chaos Computer Club offer technical advice to the German Parliament and the highest court, the Federal Constitutional Court. Due to the constant work of security experts, researchers and hackers (including some really cool media fnords and stints), the level of security
DeepSec 2011: Techniques de cryptage des cellules terroristes, espionnage GSM, piratage informatique
Du 15 au 18 novembre 2011, la cinquième édition de la conférence DeepSec réunira les plus grands spécialistes internationaux de la sécurité des réseaux et du piratage autour du thème de la sécurité informatique. Les principaux sujets abordés: techniques de cryptage des cellules terroristes, sécurité des systèmes de communication mobiles et de leurs utilisateurs et enfin, infrastructures de sécurité de la prochaine génération numérique. “Nous avons voulu, cette année encore, aborder des thématiques passionnantes et sujettes à controverse. Les sept workshops et les trente-quatre interventions de la conférence concernent directement ou indirectement une grande partie de la population” explique René Pfeiffer, organisateur du DeepSec. “C’est le cas notamment des tentatives de piratage constatées sur les réseaux GSM. C’est également le cas des problèmes de sécurité rencontrés sur IPv6 (Internet Protocol version 6), un protocole
If you believe that computer security is all about having the right tools and an expert staff, then you are mistaken. Never forget why you have computers in the first place – because of your business. Mikhail Utin will shed light on the corporate side of security by talking about laws, compliance and real life (full title of his talk is US experience – laws, compliance and real life – when everything seems right but does not work). While information security can be improved in a number of ways, one powerful approach is continually overlooked by security researchers. This approach constitutes a collective effort by masses of computer users, where each individual has a very limited understanding of information security and is frequently forced to improve security by various laws and regulations. Pressure coming from
Mobile phones have caught up on the malware side. Your phone can most probably now be infected by malicious software and be part of a botnet in the worst case. How do you analyse compromised devices? Do you have the right tools at hand? Maybe you don’t need any tools for you won’t find anything. Sheran A. Gunasekera explains in his talk Defeating BlackBerry Malware & Forensic Analysis at DeepSec 2011 how the forensic analysis of malware can be defeated. In the recent years, more prominence has been given to BlackBerry malware either in the wild or to commercially available kinds. Traditionally, using signature based malware scanners have been the way to detect and remove these malicious programs. Most smartphones can be fitted with anti-virus/-malware scanners these days. However Sheran will look at a different