Last Reminder – the DeepSec 2015 Call for Papers closes today!

René Pfeiffer/ July 30, 2015/ Call for Papers, Conference

Take advantage of our Call for Papers! We can’t believe that all the devices, networks, services, and shiny things around us are completely secure. Once it got Wi-Fi, a SIM card, memory, or a processor there is bound to be an accident. It’s not just hunting rifles, jeeps, currencies, experts, and airplanes that can be hacked. There is more. Tell us! Don’t let the IT crowd of today repeat the mistakes of our ancestors. Submit a two-day training and help to save some souls! We are especially interested in secure application development, intrusion detection/prevention, penetration testing, crypto & secure communication, mobiles devices, the Internet of Things, security intelligence, wireless hacking (Wi-Fi, mobile networks, …), forensics, and your workshop that really knocks the socks off our attendees! Drop your training submission into our CfP manager!

Read More

New MJS Article: Why Anti-Virus Software Fails

René Pfeiffer/ July 30, 2015/ Security

What is your first impulse when you see a fence? Well, we can’t speak for you, but we like to look for weak spots, holes, and ways to climb it. The same is true for filters of all kinds. Let’s see what one can do to bypass them. Anti-virus software is a good example. At DeepSec 2014 Daniel Sauder explained how malware filters/detectors fail. Daniel was kind to provide an article for the special edition „In Depth Security – Proceedings of the DeepSec Conferences“: „Based on my work about antivirus evasion techniques, I started using antivirus evasion techniques for testing the effectivity of antivirus engines. I researched the internal  functionality of antivirus products, especially the implementation of heuristics by sandboxing and emulation and succeeded in evasion of these. A result of my research are

Read More

Security of Things – Dead Horses just get beaten with the Internet

René Pfeiffer/ July 27, 2015/ High Entropy, Internet, Security

What do NoSQL databases and cars have in common? You can find and freely access them by using the trusty Internet. Wired magazine has published a story about a remotely controlled Jeep Cherokee. Charlie Miller and Chris Valasek have found a way to use the properties of UConnect™ combined with (design) flaws to take full control of the vehicle . The threat is real since the car was attacked remotely by using a network connection. UConnect™ was formerly known as MyGIG™, and systems are available since 2007. It’s basically your entertainment system on steroids with added telemetry, internal commands, and network capabilities. Hacking cars by attacking the entertainment system was already discussed at DeepSec 2011. This is the next level, because cars have now their own IP addresses (and no firewall apparently). NoSQL databases are very

Read More