About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.

1102, 2012

Thoughts about “Offensive Security Research”

René Pfeiffer/ February 11, 2012/ Discussion, Security

Ever since information relevant for security was published, there have been discussions about how to handle this information. Many remember the full/no/responsible disclosure battles that frequently erupt. There is a new term on stage. Its name is „offensive security research“. The word „offensive“ apparently refers to the intent to attack IT systems. „Security“ marks the connection, and „research” covers anyone being too curious. This is nothing new, this is just the old discussion about disclosure in camouflage. So there should be nothing to worry about, right? Let’s look at statements from Adobe’s security chief Brad Arkin. At a security analyst summit Mr. Arkin claimed that his goal is not to find and fix every security bug. Instead his strategy is to „drive up the cost of writing exploits“ he explained. According to his keynote

Read More

1002, 2012

DeepSec 2012 – Call for Papers

René Pfeiffer/ February 10, 2012/ Administrivia, Conference

The Finux Tech Weekly episode containing an interview with MiKa and me beats our announcement of the Call for Papers by 4 hours, but here’s the text. Enjoy! DeepSec 2012 “Sector 6” – Call for Papers We are looking for talks and trainings for the DeepSec In-Depth Security Conference 2012 (“Sector 6”). We invite researchers, developers, auditors and everyone else dealing with information security to submit their work. We offer slots for talks and workshops, and we encourage everyone working on projects to present their results and findings. Please visit our updated website for more details about the venue, the schedule and information about our past conferences: https://deepsec.net/ The DeepSec offers a mix of different topics and aspects like current threats and vulnerabilities, social engineering and psychological aspects as well as security management and

Read More

2901, 2012

Getting your Perception right – Security and Collaboration

René Pfeiffer/ January 29, 2012/ Discussion, Security

If all security-related events were not connected and could be analysed with a closed system in mind, getting security measures right would be much easier. Technicians will probably yawn at this fact, but networks connect a lot of different stuff (think „series of tubes“ and many points between them). In turn this means that you can use this for your own advantage and talk to others on the network, too! This surprising conclusion is often forgotten despite the use of the term „Internet community“ and developers working together on intrusion detection signatures, malware analysis and other projects. Stefan Schumacher talked about cooperative efforts to establish an international cyber defence strategy at DeepSec 2011. Securing infrastructure and implementing a proper defence in depth doesn’t rely on technical solutions alone. You need to establish procedures for

Read More

2201, 2012

Interaction between Security and Hierarchies

René Pfeiffer/ January 22, 2012/ Security

You all know hierarchies. You use them, you work within them and you are probably part of one. This is also true for IT staffers or even freelancers dealing with security issues. Usually there is a team/project leader, a CEO, a CIO and all kinds of specialists from other departments (if the company or organisation is bigger). While the „chain of command“ may not be important during daily routine, it is tremendously critical when incidents happen or when the infrastructure is prepared against compromise. More often than not security-aware admins and developers experience the „override by pointy haired boss“ effect. Checks and balances are great, the budget might confirm this, but once you deviate from routine there’s the nasty blame game. That’s when hierarchies turn to bite you in the back. Time spent on

Read More

1801, 2012

DeepSec.net is on Strike!

René Pfeiffer/ January 18, 2012/ Administrivia, Internet

You have probably heard of the Stop Online Piracy Act (SOPA) and its chilling effects on the Internet and all its users. „The originally proposed bill would allow the U.S. Department of Justice, as well as copyright holders,to seek court orders against websites accused of enabling or facilitating copyright infringement. “ (quote taken from the Wikipedia article)  SOPA is a major security risk for it advocates to change the DNS zones for specific domains. Blocking would be done by DNS, so the bill compromises the Internet’s infrastructure. Speaking from the view of security researchers we would like to quote the white paper written by Steve Crocker and Dan Kaminsky: From an operational standpoint, a resolution failure from a nameserver subject to a court order and from a hacked nameserver would be indistinguishable. Users running

Read More

0901, 2012

Intelligent Security and DeepSec Events in 2012

René Pfeiffer/ January 9, 2012/ Administrivia

After the Christmas break we are back and continue to plan DeepSec events for 2012. Judging from the news on Twitter and the web there’s ample demand to look behind the scenes and to question „well-established facts“ or myths. We could have skipped vacation and kept on blogging throughout Christmas and New Year’s Eve. There was the Stratfor hack, Anonymous activity, rumours about back doors in operating systems, leaked anti-virus source code and hacking military networks. 2012 starts right where 2011 left off. And we haven’t even watched most of the 28C3 videos! So we will have two major DeepSec events in 2012. There’s the DeepSec 2012 in November (we’re currently fixing the exact date) and there will be a second event in Summer. More details follow in the course of next week when

Read More

0112, 2011

Water Plants, Cyberwar, and Scenario Fulfillment

René Pfeiffer/ December 1, 2011/ High Entropy, Security, Stories

While we refuse to add a Cyberwar category to this blog, we want to explore this shady topic with a story. Do you recall the water plant hack a few weeks ago? According to news floating around in the Internet an US-American water plant in Illinois suffered from a security breach together with a failed water pump. Apparently attackers took the pump out by applying a well-tried IT technique called „Have you tried to turn it off and on again?“. So in theory this is a full-scale Cyberwar incident that puts all of our infrastructure at risk – plus you can add the magical acronym SCADA when talking about it, thus lowering the room temperature a few degrees and imposing the well-tried fear and awe effect on your audience. While industrial control systems remain

Read More

2411, 2011

DeepSec 2011 – Video Interviews

René Pfeiffer/ November 24, 2011/ Press

A video team from Golem, one of Germany’s largest IT news web sites, did some interviews at DeepSec 2011. We already mentioned the interview with Sharon Conheady and Stefan Schumacher. There’s a new video available. It’s an interview with Constantinos Patsakis about the security and the automotive industry. Modern cars rely heavily on computer systems and data buses, but they lack mechanisms to control access to different components by different users. Constantinos and Kleanthis Dellios discussed this problem in their talk at DeepSec 2011 and suggested solutions to this problem. Watch the video and listen to the interview. Video: Interview C. Patsakis Sicherheit in Autos (3:08) Harald Welte, who conducted the „Attacking GSM“ training with Dieter Spaar at DeepSec 2011, gave an interview about the state of security in the GSM network. Video: Interview Harald

Read More

2411, 2011

DeepSec 2011 Conference Network Observations

René Pfeiffer/ November 24, 2011/ Security, Stories

All of you who attended DeepSec 2011 know that we had a Wall of Sheep at the conference. We set it up by copying packets via the Netfilter TEE target from the router to the Wall of Sheep box (note to self: never ever mirror broadcast or multicast packets). We only displayed logins and the number of characters of the password, all data was processed and stored in RAM. The display was only accessible from the conference network. On the first day of the conference we did not announced the Wall, we only encouraged everyone to use secure protocols and not to use services that send sensitive data unprotected. We even set up posters and flyers warning to use the conference network (the reason were other events at the venue taking place in parallel).

Read More

2211, 2011

Articles about DeepSec 2011

René Pfeiffer/ November 22, 2011/ Conference, Press

We have some more articles for you. Apparently the talks of our speakers raised a few eyebrows. Most of the articles are in German. Dradio: Das sichere Auto ist ein Mythos Interview with Mariann Unterluggauer about impressions from DeepSec 2011 and the myth of automobile security. Dradio: Nur scheinbare Datensicherheit This is a second article published on the Deutschlandfunk web site features Duncan’s talk and bugs in security software. Ö1: Können Hacker Autos fernsteuern? „Can hackers remotely control cars?“ Well, given the current design and lack of security they probably will do so in time for DeepSec 2012. Ö1: Make Cyberpeace, not Cyberwar. Ein Bericht von der DeepSec The topic of cyber warfare is still hot. Wie Terroristen verschlüsseln – Digitale Spuren kaum verwischt The Neuer Zürcher Zeitung (NZZ) has a comment about Duncan’s

Read More

1811, 2011

Thanks for attending DeepSec 2011!

René Pfeiffer/ November 18, 2011/ Conference

The DeepSec 2011 has ended. We enjoyed meeting all of you and hope to have fulfilled our role as a catalyst. We had some great talks, great discussions, and shared thoughts, insights and different views concerning security and insecurity alike. We hope your professional paranoia doesn’t keep you from getting sleep. We will follow the press coverage in our blog and link to articles. Golem has produced video interviews which will be published soon. Our own video team will retreat to the rendering farm and post-process the raw video data. As soon as we have collected all slides from our speakers, we will put them to the archive (and publish the link). We thank all the speakers for the superb material they presented! Without talks there would be no DeepSec at all. We thank

Read More

1811, 2011

First Press Coverage of DeepSec 2011

René Pfeiffer/ November 18, 2011/ Conference, Press

The first articles about DeepSec 2011 are online. Most of them are in German, so you might want to use Google Translate for it. In addition Golem will publish video interviews with selected speakers soon (we will tell you as soon as they are available). Wie Terroristen verschlüsseln Duncan Campbell talks about encryption and compares it to the real world. There have been a lot of rumours about terrorist groups using modern encryption. The reality looks a bit different. Tools like PGP are around, but some groups still rely on substitution and transposition ciphers. Managing keys of modern cryptography and handling the tools isn’t as easy as changing clothes. Procedures, procedures, procedures, ask the auditors. Das Streben nach dem Cyber-Weltfrieden Stefan Schumacher illustrates the concept of cyber-peace described in his talk yesterday. Everyone invests

Read More

1111, 2011

Talk: Advances in IDS and Suricata

René Pfeiffer/ November 11, 2011/ Conference

Intrusion Detection Systems were very much in demand over 10 years ago. The widely known Snort IDS software is a prominent tool. Other vendors have their own implementations and you can readily buy or download thousands of rules distributed in various rule sets. Cranking up the sensitivity will then easily give you more alerts than you will ever be able process sensibly. This is the mindset that settles once they hear „IDS“ or „IPS“. We don’t think this view is still true. That’s why Victor Julien and Eric Leblond, Open Information Security Foundation, will talk about Advances in IDS and Suricata at DeepSec 2011. You have probably heard of Suricata, the next generation intrusion detection engine. Development of Suricata started in 2008 and war first released as stable in December 2009. Past DeepSec conferences featured

Read More

0811, 2011

Conference Network Survival Guide for DeepSec 2011

René Pfeiffer/ November 8, 2011/ Administrivia

For all of you who frequently visits „hacking hot spots“ this should be familiar. For all others who blindly trust the Net it should be a wake-up call. Here’s a short and probably incomplete check-list in case you are preparing for DeepSec 2011 or any other event with a public Internet access (the CCC has a more complete list on their event web site). Secure your operating system (vendor and type doesn’t matter). Backup your data. Do run a firewall or a similar filter on your device (vendor and type doesn’t matter). The hostile network starts right at your antenna or Ethernet jack (again regardless of vendor and layer 1 technology). Try to use a VPN tunnel to a trusted network (such as your company or home network). Tunnel all traffic through your VPN

Read More