About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.

0202, 2015

Encryption – A brand new „Feature“ for Cars

René Pfeiffer/ February 2, 2015/ Internet, Security, Stories

At DeepSec 2011 Constantinos Patsakis and Kleanthis Dellios held a presentation titled “Patching Vehicle Insecurities”. They pointed out that the car is starting to resemble more to a computer with mechanical peripherals (incase you haven’t seen their talk, please do!). This is true for all types, not only the modern cars powered by electricity alone. But there is more. Modern cars are connected to networks (i.e. the Internet or the mobile phone network). This means that your method of transportation is part of the dreaded Internet of Things. Given the design flaws we have seen in talks given at DeepSec, there is no surprise that this is a breeding ground for major trouble. The Allgemeiner Deutscher Automobil-Club (ADAC), a German motoring association, discovered a lapse in the communication between BMW cars and the servers

0102, 2015

Reminder for the DeepINTEL Call for Papers

René Pfeiffer/ February 1, 2015/ Administrivia, Call for Papers

At the opening of DeepSec 2014 we announced the next DeepINTEL to be in Spring 2015. We have now finalised the date. DeepINTEL 2015 will take place on 11 / 12 May 2015, and it will be held in Vienna. The call for papers, already announced at the opening of last year’s DeepSec, is still open. We are looking for your submissions. Since we want to address security intelligence, we like to know everything about threats, risk assessment, metrics that give you an idea what you really see, forensics, and improvements on the way to detect and defend. We are definitely not interested in presentations about the cyber hype. We want to hear about real sabotage, real compromised systems; you know, reality and all that. Please make sure to send your ideas to cfp

3101, 2015

DeepSec 2015 is coming – save the Date!

René Pfeiffer/ January 31, 2015/ Administrivia, Conference, Mission Statement

We are back from our break. We have been busy behind the scenes. The video recordings of DeepSec 2014 have been fully post-processed. The video files are currently on their way to our Vimeo account. The same goes for the many photographs that were taken by our photographer at the conference. We are preparing a selection to publish some impressions from the event. The dates for DeepSec 2015 and DeepINTEL 2015 have been finalised. DeepSec will be on 17 to 20 November 2015. DeepINTEL will be on 11 and 12 May 2015. The Call for Papers for DeepSec will be open soon. You can send your submissions for DeepINTEL by email to us (use either cfp at deepsec dot net or deepsec at deepsec dot net, the latter has a public key for encrypted

1912, 2014

DeepSec 2014 Video – “The Measured CSO”

René Pfeiffer/ December 19, 2014/ Discussion, Schedule, Stories

The first recording of DeepSec 2014 has finished post-processing. Just in time for the holidays we have the keynote presentation by Alex Hutton ready for you. Despite its title “The Measured CSO” the content is of interest for anyone dealing with information security. Alex raises questions and gives you lots of answers to think about. Don’t stay in the same place. Keep moving. Keep thinking.

1512, 2014

Post-DeepSec 2014 – Slides, Pictures, and Videos

René Pfeiffer/ December 15, 2014/ Conference

We would like to thank everyone who attended DeepSec 2014! Thanks go to all our trainers and speakers who contributed with their work to the conference! We hope you enjoyed DeepSec 2014, and we certainly like to welcome you again for DeepSec 2015! You will find the slides of the presentations on our web site. Some slides are being reviewed and corrected. We will update the collection as soon as we get new documents. The video recordings are in post-processing and will be available via our Vimeo channel. We will start publishing the content soon. The pictures our photographer took during the conference are being post-processed too. We will publish a selection on our Flickr site.

2011, 2014

DeepSec 2014 Opening – Would you like to know more?

René Pfeiffer/ November 20, 2014/ Conference, High Entropy

DeepSec 2014 is open. Right now we start the two tracks with all the presentations found in our schedule. It was hard to find a selection, because we received a lot of submissions with top quality content. We hope that the talks you attend give you some new perspectives, fresh information, and new ideas how to protect your data better. Every DeepSec has its own motto. For 2014 we settled for a quote from the science-fiction film Starship Troopers. The question Would you like to know more? is found in the news sections portrayed in the film. It captures the need to know about vulnerabilities and how to mitigate their impact on your data and infrastructure. Of course, we want to know more! This is why we gather at conferences and talk to each

2011, 2014

BIOS-based Hypervisor Threats

René Pfeiffer/ November 20, 2014/ Discussion, High Entropy, Security

The DeepSec 2014 schedule features a presentation about (hidden) hypervisors in server BIOS environments. The research is based on a Russian analysis of a Malicious BIOS Loaded Hypervisor (conducted between 2007 and 2010) and studies published by the University of Michigan in 2005/2006 as well as 2012/2013. The latter publications discuss the capabilities of a Virtual-Machine Based Rootkits and Intelligent Platform Management Interface (IPMI) / Baseboard Management Controller (BMC) vulnerabilities. Out-of-band management is sensitive to attacks when not properly protected. In the case of IPMI and BMC the management components also play a role on the system itself since they can access the server hardware, being capable to control system resources. Combining out-of-band components with a hypervisor offers ways to watch any operating system running on the server hardware. Or worse. It’s definitely something

1511, 2014

DeepSec 2014 Talk: Why IT Security Is ████ed Up And What We Can Do About It

René Pfeiffer/ November 15, 2014/ Conference, High Entropy

Given the many colourful vulnerabilities published (with or without logo) and attacks seen in the past 12 months, one wonders if IT Security works at all. Of course, 100% of all statistics are fake, and only looking at the things that went wrong gives a biased impression. So what’s ████ed up with IT Security? Are we on course? Can we improve? Is it still possible to defend the IT infrastructure? Stefan Schumacher, director of the Magdeburger Institut für Sicherheitsforschung (MIS), will tell you what is wrong with information security and what you (or we) can do about it. He writes about his presentation in his own words: Science is awesome. You aren’t doing science in infosec. Why not? Seems to be the overriding message of @0xKaishakunin #AusCERT2014 This was one tweet about my talk

1511, 2014

New Article for the DeepSec Proceedings Publication

René Pfeiffer/ November 15, 2014/ Conference, Security

In cooperation with the Magdeburger Institut für Sicherheitsforschung (MIS) we publish selected articles covering topics of past DeepSec conferences. The publication offers an in-depth description which extend the conference presentation and includes a follow-up with updated information. Latest addition is Marco Lancini’s article titled Social Authentication: Vulnerabilities, Mitigations, and Redesign. High-value services have introduced two-factor authentication to prevent adversaries from compromising accounts using stolen credentials. Facebook has recently released a two-factor authentication mechanism, referred to as Social Authentication (SA). We designed and implemented an automated system able to break the SA, to demonstrate the feasibility of carrying out large-scale attacks against social authentication with minimal effort on behalf of an attacker. We then revisited the SA concept and propose reSA, a two-factor authentication scheme that can be easily solved by humans but is robust

1211, 2014

DeepSec 2014 Talk: The IPv6 Snort Plugin

René Pfeiffer/ November 12, 2014/ Conference, Internet

The deployment of the new Internet Protocol Version 6 (IPv6) is gathering momentum. A lot of applications now have IPv6 capabilities. This includes security software. Routers and firewall systems were first, now there are also plugins and filters available for intrusion detection software such as Snort. Martin Schütte will present the IPv6 Snort Plugin at DeepSec 2014. We have asked him to give us an overview of what to expect. Please tell us the top 5 facts about your talk! Main research for my talk was done in 2011. I am quite surprised (and a little bit frightened) by how little the field of IPv6 security has developed since then. It is often easier to build attack tools than to defend against them. But to improve IPv6 network security we urgently need more detection

2010, 2014

DeepSec 2014 Talk: Safer Six – IPv6 Security in a Nutshell

René Pfeiffer/ October 20, 2014/ Conference, Internet, Interview

The Internet Protocol Version 6 (IPv6) is the successor to the currently main IP Version 4 (IPv4). IPv6 was designed to address the need for more addresses and for a better routing of packets in a world filled with billions of networks and addresses alike. Once you decide to develop a new protocol, you have the chance to avoid all the mistakes of the past. You can even design security features from the start. That’s the theory. In practice IPv6 has had its fair share of security problems. There has been a lot of research, several vulnerabilities have been discussed at various security conferences. DeepSec 2014 features a presentation called Safer Six – IPv6 Security in a Nutshell held by Johanna Ullrich of SBA Research, a research centre for information security based in Vienna.

1410, 2014

DeepSec 2014 Workshop: Hacking Web Applications – Case Studies of Award-Winning Bugs

René Pfeiffer/ October 14, 2014/ Conference, Training

The World Wide Web has spread vastly since the 1990s. Web technology has developed a lot of methods, and the modern web site of today has little in common with the early static HTML shop windows. The Web can do more. A lot of applications can be accessed by web browsers, because it is easier in terms of having a client available on most platforms. Of course, sometimes things go wrong, bugs bite, and you might find your web application and its data exposed to the wrong hands. This is where you and your trainer Dawid Czagan come in. We offer you a Web Application Hacking training at DeepSec 2014. Have you ever thought of hacking web applications for fun and profit? How about playing with authentic, award-winning bugs identified in some of the

1410, 2014

DeepSec 2014 Workshop: Understanding x86-64 Assembly for Reverse Engineering and Exploits

René Pfeiffer/ October 14, 2014/ Training

Assembly language is still a vital tool for software projects. While you can do a lot much easier with all the high level languages, the most successful exploits still use carefully designed opcodes. It’s basically just bytes that run on your CPU. The trick is to get the code into position, and there are lots of ways to do this. In case you are interested, we can recommend the training at DeepSec held by Xeno Kovah, Lead InfoSec Engineer at The MITRE Corporation. Why should you be interested in assembly language? Well, doing reverse engineering and developing exploits is not all you can do with this knowledge. Inspecting code (or data that can be used to transport code in disguise) is part of information security. Everyone accepts a set of data from the outside

2509, 2014

DeepSec 2014 Workshop: Suricata Intrusion Detection/Prevention Training

René Pfeiffer/ September 25, 2014/ Conference, Internet, Training

Getting to know what’s going on is a primary goal of information security. There is even a name for it: intrusion detection. And there are tools to do this. That’s the easy part. Once you have decided you want intrusion detection or intrusion prevention, the implementation part becomes a lot more difficult. Well, if you need help with this issue, there is a two-day workshop for you at DeepSec 2014 – the Suricata Training Event. Suricata is a high performance Network Intrusion Detection System (IDS), Intrusion Prevention System (IPS) and Network Security Monitoring engine. It can serve pretty much all your needs. It’s Open Source (so it cannot be bought and removed from the market) and owned by a very active community. Suricata is managed by the non-profit foundation; the Open Information Security Foundation

2409, 2014

DeepSec 2014 Talk: A Myth or Reality – BIOS-based Hypervisor Threat

René Pfeiffer/ September 24, 2014/ Conference, High Entropy

Backdoors are devious. Usually you have to look for them since someone has hidden or „forgotten“ them. Plus backdoors are very fashionable these days. You should definitely get one or more. Software is (very) easy to inspect for any rear entrances. Even if you don’t have access to the source code, you can deconstruct the bytes and eventually look for suspicious parts of the code. When it comes to hardware, things might get complicated. Accessing code stored in hardware can be complex. Besides it isn’t always clear which one of the little black chips holds the real code you are looking for. Since all of our devices we use every days runs on little black chips (the colour doesn’t matter, really), everyone with trust issues should make sure that control of these devices is

About René Pfeiffer

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: