DeepINTEL Update, Science First Campaign, Early Birds, and other News

René Pfeiffer/ April 28, 2017/ Administrivia, Conference

The Easter break is over. We didn’t sleep (much), and we did not look for Easter eggs in software either. Instead we did a bit of work behind the scenes. DeepSec 2017 will have some more content due to the co-hosted ROOTs workshop. The full call for papers will be ready on 1 May 2017. We will publish the text here on this blog, and email it to interested researchers. In the meantime the DeepSec 2017 Call for Papers is waiting patiently for your submission. In case you haven’t noticed, the DeepSec and DeepINTEL ticket shops are online. Please book your ticket as early as possible! Every year so far we had some people at our conference who were very sad because their favourite training was not available. If you book early you’ll help us to secure

Read More

Applied Crypto Hardening Project is looking for Help

René Pfeiffer/ April 25, 2017/ High Entropy, Internet

Hopefully many of you know the Applied Crypto Hardening (ACH) project, also known as BetterCrypto.org. The project was announced at DeepSec 2013. The idea was (and is) to compile hands-on advice for system administrators, dev ops, developers, and others when it comes to selecting the right crypto configuration for an application. The BetterCrypto.org document covers far more protocols than HTTPS. OpenSSH, OpenVPN, IPsec, and more topics are described in the PDF guide. The project is run by volunteers. This is where you come in. The ACH project needs more volunteers to keep going. New GNU/Linux distributions are around the corner (the apt store never sleeps). Some vendors really do upgrade their code base. Libraries change and bleed less. Algorithms get tested, improved, and re-evaluated. The field of cryptography is moving forward, as it should.

Read More

SS8 – Replacement for Insecure Signalling System No. 7 (SS7) Protocol revealed

René Pfeiffer/ April 1, 2017/ High Entropy

The ageing SS7 protocol has reached it’s end of life. Security experts around the world have criticised vulnerabilities a long time ago. SS7 even facilitated unsolicited surveillance attacks. What’s more, it has its own talks at the annual Chaos Communication Congress – which is a clear sign of fail if there is more than one presentation dealing with inherent design failures. It’s time to put SS7 to rest. Since the 1970s the requirements for signalling have clearly changed. It’s not only about telephones any more. SS8, its successor, features a brand new design and fixes the many shortcomings of SS7. New technologies such as blockchain, artificial intelligence, crowd routing, social signalling, full “tapping”, and deep state connections are now part of the core functions. Furthermore, SS8 is completely in harmony with Big Data, because it offers a

Read More