Archive for July, 2020

Administrivia: DeepSec Mailing Lists and last Call for our CfPs

July 25, 2020

Summer is always a bad time for getting things done. Usually people are on holiday, sweat, relax, or travel for recreation. Things are different due to the Covid-19 precautions. Unfortunately our Call for Papers ends on 31 July 2020. This means we have to remind you about the deadline. We plan to publish the schedule […]

Tags: , ,
Posted in Administrivia, Conference No Comments »

Press Release: Digital Infrastructure should integrate Malware

July 22, 2020

The German government wants to force Internet providers to install malicious software and intercept network traffic. Since the 1990s, there has been a constant struggle between authorities and security experts. One side wants to make digital infrastructure, especially data transport and communication, as secure as possible for business and society. The other side constantly strives […]

Tags: , , , ,
Posted in Conference, Press, Security No Comments »

Translated Article: EU Council of Ministers discusses Back Doors in Encryption again

July 21, 2020

EU-Ministerrat diskutiert wieder Hintertüren in Verschlüsselung by Erich Moechel for fm4.ORF.at Gilles de Kerchove, EU’s anti-terror coordinator, is once again working against secure encryption per se. Since these new demands by law enforcement officials on the EU Council of Ministers are nowhere openly accessible, this confidential Council document is published in full by FM4. The corona virus […]

Tags: , , , , ,
Posted in Security, Stories No Comments »

Token Hijacking via PDF – Dawid Czagan

July 20, 2020

PDF files are everywhere and they can be used to hack your web application. Imagine that the attacker prepares a malicious PDF file which steals sensitive data from a user. The PDF file is uploaded to the web application, the user reads this PDF file, and finally sensitive data is exfiltrated from the user’s browser. […]

Tags: , , , , ,
Posted in Training No Comments »

Translated Article: US bill against Secure Encryption of Chats

July 17, 2020

US-Gesetzesentwurf gegen sichere Verschlüsselung von Chats by Erich Moechel for fm4.ORF.at A new US law on “Access by law enforcement officers to encrypted data” is intended to force chat providers such as Signal or WhatsApp to incorporate back doors into their security architectures. In the United States, a bill is on its way to the Senate that […]

Tags: , , , , , , , , , ,
Posted in Internet, Security, Stories No Comments »

Press Release: Digitalisation without Information Security has no Future

July 15, 2020

DeepSec conference warns of unsafe software and insufficient knowledge of professionals. The months in which we had to learn to deal with the effects of various quarantine measures on our everyday lives have decisively emphasized the importance of information technology. Although the Internet has long been an integral part of work and everyday life in […]

Tags: , , , ,
Posted in Conference, Development, Discussion No Comments »

Administrivia: DeepSec/DeepINTEL/ROOTS Speaker Benefits extended to 2021

July 8, 2020

The Call for Papers of DeepSec, DeepINTEL, and ROOTS have a deadline. DeepSec and DeepINTEL have set he first deadline to 31 July 2020. We will accept submissions after this date, but everyone who submitted before the deadline will be reviewed first. Since all speakers are entitled to benefits which depend on their presence at […]

Tags: , ,
Posted in Call for Papers, Conference No Comments »

Bypassing CSP via ajax.googleapis.com – Dawid Czagan

July 7, 2020

Content Security Policy (CSP) is the number one defensive technology in modern web applications. Many developers add ajax.googleapis.com to CSP definitions, because they use libraries from this very popular CDN in their web applications. The problem is that it completely bypasses the CSP and obviously you don’t want that to happen. Since CSP should be […]

Tags: , , , ,
Posted in Training No Comments »

Exploiting Race Conditions – Dawid Czagan

July 1, 2020

A race condition attack is one of the most dangerous and underestimated attacks on modern web applications. It’s related to concurrency and multithreading.  As a result of this attack an attacker, who has $1000 in his bank account, can transfer way more than $1000 from his bank account. This is just one example, but it […]

Tags: , , ,
Posted in Training No Comments »

Lectures on Information Security

July 1, 2020

It’s time for an editorial to end our premature Covid-19 induced Summer break. We (as in the staff behind DeepSec/DeepINTEL) were busy with projects, preparations, following the news about the pandemic, and collecting information for our event(s) in November. Personally I have been involved in teaching for decades. The past months have shifted the focus […]

Tags: , , ,
Posted in Discussion, High Entropy No Comments »