0702, 2014

DeepSec 2013 Video: Malware Datamining And Attribution

René Pfeiffer/ February 7, 2014/ Conference, Security

Popular culture totally loves forensics (judging by the number of TV shows revolving around the topic). When it comes to software a detailed analysis can be very insightful. Most malicious software isn’t written from scratch. Some components are being reused, some are slightly modified (to get past the pesky anti-virus filters). This means that (your) malware has distinct features which can be used for attribution and further analysis. In his talk at DeepSec 2013 Michael Boman explained what you do with malicious software in order to extract information about its origins. Use the traces of its authors to attribute malware to a a individual or a group of individuals. It gives you an idea about the threats you are exposed to and is a good supplement to your risk assessment.

0602, 2014

DeepSec 2013 Video: Trusted Friend Attack – (When) Guardian Angels Strike

René Pfeiffer/ February 6, 2014/ Conference, Internet, Security, Stories

We live in a culture where everybody can have thousands of friends. Social media can catapult your online presence into celebrity status. While your circle of true friends may be smaller than your browser might suggest, there is one thing that plays a crucial role when it comes to social interaction: trust. Did you ever forget the password to your second favourite social media site? If so, how did you recover or reset it? Did it work, and were you really the one who triggered the „lost password“ process? In a world where few online contacts can meet each other it is difficult for a social media site to verify that the person requesting a new password is really the individual who holds the account. Facebook has introduced Trusted Friends to facilitate the identity

Read More

0502, 2014

DeepSec 2013 Video: Auditing Virtual Appliances – An Untapped Source Of 0-days

René Pfeiffer/ February 5, 2014/ Conference, Security, Stories

Appliances are being sold and used as security devices. The good thing about these gadgets is an improvement of your security (usually, YMMV as the Usenet folks used to write). The bad thing about inserting an unknown amount of code into your defence system are the yet to be discovered flaws in its logic. In the old days you have to do some reverse engineering in order to find these bugs. Modern technology bring you the Magic of the „Cloud“™ – virtual appliances! Since everything runs under a hypervisor nowadays, your appliances have been turned into binary images which can be moved around and started anywhere you like. At DeepSec 2013 Stefan Viehböck of SEC Consult spoke about the advantages of virtual appliances and their benefit for security analysis. It seems the „Cloud“ has

Read More

0402, 2014

DeepSec 2013 Video: The Economics Of False Positives

René Pfeiffer/ February 4, 2014/ Conference, Discussion, Security

Once you set up alarm systems, you will have to deal with false alarms. This is true for your whole infrastructure, be it digital or otherwise. When it comes to intrusion detection systems (IDS) you will have to deal with false positives. Since you want to be notified of any anomalies, you cannot ignore alarms. Investigating false alarms creates costs and forces you to divert efforts from other tasks of your IT infrastructure. In turn attackers can use false positives against you, if they know how to trigger them and use them in heaps. Where do you draw the line? In his presentation at DeepSec 2013 Gavin ‘Jac0byterebel’ Ewan (of Alba13 Research Labs) introduced an interesting approach to deal with false positives: „…Taking false positive figures from a number of real business entities ranging

Read More

0302, 2014

DeepSec 2013 Video: Uncovering your Trails – Privacy Issues of Bluetooth Devices

René Pfeiffer/ February 3, 2014/ Conference, Security

Devices with Bluetooth capabilities are all around us. We have all gotten used to it. Smartphones, laptops, entertainment electronics, gaming equipment, cars, headsets and many more systems are capable of using Bluetooth. Where security is concerned Bluetooth was subject to hacking and security analysis right from the start. Bluedriving, Bluejacking, cracking PIN codes, and doing more stuff severely strained the security record. Either people have forgotten Bluetooth’s past, ignore it, or have it turned off. At DeepSec 2013 Verónica Valeros and Sebastián García held a presentation which revisits the information Bluetooth devices transmit into their environment. They developed a suite to do Bluedriving more efficiently and shared their findings with the DeepSec audience. If you think Bluetooth is not a problem any more, you should take a look at their talk.