Archive for February, 2016

DeepSec Video: How to Break XML Encryption – Automatically

February 10, 2016

XML is often the way to go when exchanging information between (business) entities. Since it is older than the widespread adoption of SSL/TLS, there is a special standard called XML Encryption Syntax and Processing. You can use XML encryption to encrypt any kind of data. So far, so good. But In recent years, XML Encryption […]

Tags: , , , ,
Posted in Conference, Security 2 Comments »

DeepSec Video: Hacking Cookies in Modern Web Applications and Browsers

February 9, 2016

Cookies are solid gold when it comes to security. Once you have logged in, your session is the ticket to enter any web application. This is why most web sites use HTTPS these days. The problem is that your browser and the web applications needs to store these bits of information. Enter cookie hacking. A […]

Tags: , , ,
Posted in Conference, Internet, Security Comments Off on DeepSec Video: Hacking Cookies in Modern Web Applications and Browsers

DeepSec Video: File Format Fuzzing in Android – Giving a Stagefright to the Android Installer

February 6, 2016

The Stagefright exploit haunts the Android platform. The vulnerability was published in Summer 2015. It gives attackers a way to infect Android smartphones by using multimedia files such as pictures, text, and videos. This is a perfect vector since most people will look at media instantly. Dr. Aleksandr Yampolskiy gave a presentation at DeepSec 2010 […]

Tags: , , , ,
Posted in Conference, Security 1 Comment »

DeepSec 2015 in Pictures: Very photograph. Many pixel. Wow.

February 5, 2016

„Documentation, or it did not happen!“ This is probably the unofficial motto of information technologists (and security/audit people around the globe). For your convenience we put some images from DeepSec 2015 online. Have a  look! Thanks to Joanna Pianka for the great pictures!

Tags: , ,
Posted in Administrivia, Conference, Pictures 1 Comment »

DeepSec Video: Cryptography Tools, Identity Vectors for “Djihadists”

February 5, 2016

Wherever and whenever terrorism, „cyber“, and cryptography (i.e. mathematics) meet, then there is a lot of confusion. The Crypto Wars 2.0 are raging as you read this article. Cryptography is usually the perfect scapegoat for a failure in intelligence. What about the facts? At DeepSec 2015 Julie Gommes talked about results of the studies done […]

Tags: , , , ,
Posted in Conference, Discussion, High Entropy, Internet Comments Off on DeepSec Video: Cryptography Tools, Identity Vectors for “Djihadists”

DeepSec Video: Chw00t: How To Break Out from Various Chroot Solutions

February 4, 2016

Information security borrows a lot of tools from the analogue world. Keys, locks, bars, doors, walls, or simply jails (to use a combination). Most operating systems support isolation of applications in various levels. You may call it change root (or chroot) or even jails environment. The containment is not perfect, but it helps to separate […]

Tags: , , ,
Posted in Conference, Security Comments Off on DeepSec Video: Chw00t: How To Break Out from Various Chroot Solutions

DeepSec Video: Building a Better Honeypot Network

February 3, 2016

„It’s a trap!“ is a well-known quote from a very well-known piece of science fiction. In information security you can use bait to attract malicious minds. The bait is called honeypot or honeynet (if you have a lot of honeypots tied together with network protocols). A honeypot allows you to study what your adversaries do […]

Tags: , , , ,
Posted in Conference, Security 4 Comments »

DeepSec Video: Advanced SOHO Router Exploitation

February 2, 2016

Routers are everywhere. They hold the networks together, Internet or not. Most small office/home office (SOHO) infrastructure features routers these days. Given the development cycles and rigorous QA cycles there have to be bugs in the firmware (apart from the vendor supplied backdoors). Lyon Yang (Vantage Point Security) held a presentation about a series of […]

Tags: , ,
Posted in Conference, Internet, Security 5 Comments »