About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.

1511, 2010

A Brief History of GSM A5/2 and 2G/3G Security

René Pfeiffer/ November 15, 2010/ Stories

MiKa and me shared some knowledge about the design flaws and the state of security in 2G/3G networks. The idea was to present an overview. Those networks have been shrouded in NDAs for too long. It is good to see that this is changing. Given the fact that millions of people use this technology on a daily basis, there should have been more publications and a deeper analysis many years ago. GSM features four A5 encryption algorithms. They are called A5/0, A5/1, A5/2 and A5/3. A5/0 is basically plaintext, because no encryption is used. A5/1 is the original A5 algorithm used in Europe. A5/2 is a weaker encryption algorithm created for export (the weakness is a design feature). A5/3 is a strong encryption algorithm created as part of the 3rd Generation Partnership Project. The

Read More

1211, 2010

Conférence DeepSec: Focus sur la situation précaire de la sécurité du réseau mondial de téléphonie mobile.

René Pfeiffer/ November 12, 2010/ Press

33 interventions et 8 workshops par des experts internationaux en sécurité informatique. La conférence internationale DeepSec sur la sécurité rassemblera à Vienne, du 23 au 26 novembre 2010, l’élite mondiale dans le domaine de la sécurité des réseaux et du hacking. Cette année, l’accent sera porté sur la sécurité des systèmes mobiles et de leurs utilisateurs ainsi que sur l’infrastructure de la prochaine génération. Les sociétés d’informatique et de sécurité, les usagers, les responsables d’administrations, les chercheurs, la communauté hacker se verront à nouveau offrir la chance de participer à une programmation abondante comprenant 33 interventions et 8 workshops. «Nous sommes très heureux de permettre à tant d’experts d’échanger, pour la quatrième fois, leurs expériences et leurs idées autour du thème essentiel de la sécurité des technologies de l’information» nous explique René Pfeiffer, organisateur

Read More

1210, 2010

Thoughts about Secure Communication and Wiretapping

René Pfeiffer/ October 12, 2010/ Communication

Secure communication is a very important cornerstone of modern network design and corporate infrastructure. The need to communicate securely is part of everyday life. Businesses, political groups, individuals, governments, non-governmental organisations, and many others use secure communication. The basic idea is that you put a decent portion of trust into the way you exchange messages. Typically the message is only seen by the sender and the recipient. Many take this property of message exchange for granted, but you have to use suitable protocols to meet this goal. Secure communication protocols usually use encryption or steganography to protect and hide the transported messages. Anyone intercepting the data transmission must not be able to decode the original message(s) sent. This is the idea, and when designing secure protocols there is no way around it. Some use

Read More

1409, 2010

Vacation 2.0 and its Disadvantages

René Pfeiffer/ September 14, 2010/ Security

Imagine you are the CEO of a small company. You have some days off. You relax, buy a newspaper and have a coffee. After browsing through the news and financial section you stumble upon a full-page advertising of your own company. The text reads: Dear world, our office is completely deserted. No one’s working at the moment. The rooms are completely unattended. No one will pick up the phone. Only the security guards will walk by and superficially check the door handles. Although the doors are tightly locked and the windows are (probably) closed, you can be sure that no one will enter the office space until INSERT_DATE. So if you want to try picking our locks and rearranging the furniture, feel free. You can take what you want. The coffee machine is plugged

Read More

0709, 2010

DeepSec conference focuses on the precarious security situation in the world-wide mobile phone network

René Pfeiffer/ September 7, 2010/ Press

DeepSec 2010 features 33 talks and 8 workshops by international experts Vienna, 31 August 2010. The international security conference DeepSec brings together the world’s elite in network security and hacking in Vienna from 23 to 26 November 2010. This year, the conference focuses on the security of mobile systems and their users, as well as on the next-generation infrastructure. IT and security companies, users, officials, researchers and the hacker community have the opportunity to take part in the conference with 33 talks and 8 workshops scheduled this year. “We are happy to offer for the fourth time so many experts the chance to exchange ideas and experiences on the most important security issues of everyday IT work in our modern days”, says René Pfeiffer, organiser of DeepSec. Live attacks on iPhone through a weak

Read More

2008, 2010

Schedule for DeepSec 2010 published

René Pfeiffer/ August 20, 2010/ Schedule

Reviewing the submissions took us a while longer than anticipated. The reason was the high-quality content you submitted. We had to make some tough decisions and could have easily filled three or four days of In-Depth security talks and many more workshops. We hope that the schedule we published yesterday satisfies your interest and gives some CIOs something to think about. We tackle the security of the GSM network (which is failing, as was reported at DeepSec 2009 already). We also show you how to probe the security of GSM networks (there’s a whole two-day workshop if you want to dive into the gory details). Watch out for remote binary planting! Just yesterday Mitja Kolsek reveiled that about 200 Microsoft Windows applications are vulnerable to remote code execution. We deal with SAP security by

Read More

1108, 2010

CfP revision is almost done

René Pfeiffer/ August 11, 2010/ Administrivia, Schedule

We’re almost finished with the review of presentations and trainings submitted via the Call for Papers form. Everyone will get a notification during the next couple of days. You really sent us a lot of high-quality content, and we are proud to set the stage for your research results. Some vendors might not be as happy as we, but let’s see what happens. Expect the preliminary schedule soon.

0208, 2010

Sneak Preview – your cellphone can be tapped

René Pfeiffer/ August 2, 2010/ Schedule, Security

You probably have a cellphone. Your company might even provide an additional one. Your boss most certainly uses a cellphone. What do you use it for? Do you share details about your private life via phone conversations? Did you ever talk to a business partner about confidential offers? Do you rely on cellphone when it comes to important messages? If so you might be interested in hearing some news about the state of security of mobile networks. Most of them are broken, outdated or both when it comes to security. Details of the security issues have been presented at DeepSec 2009 by Karsten Nohl. During Defcon18 in Las Vegas a security researcher successfully faked several attendees’ cell phones into connecting to his phony GSM base station during a live demonstration that had initially raised

Read More

2807, 2010

How to secure Wireless Networks

René Pfeiffer/ July 28, 2010/ Security

You have probably followed the news and heard about AirTight Networks’ demonstration of the WPA2 design flaw. What does this mean for operators of wireless networks? Do you have to care? Do you feel threatened? Is there a way to feel better again? First take a look what the design flaw means and what the attack looks like. Hole 196 means that „an insider can bypass WPA2 private key encryption and authentication to sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those Wi-Fi devices”. So an attacker has to be authenticated before she can use the exploit. This does not mean that „WPA2” is compromised entirely (yet). It just means that we (maybe) deal with a design flaw. Attacking „WPA2”

Read More

1707, 2010

In-Depth Security Conference DeepSec Tackles Mobile Data Assaults

René Pfeiffer/ July 17, 2010/ Press

Vienna – it’s the 4th time that the international IT security conference DeepSec calls the world’s elite from the sectors Network-Security and Hacking together. From the 23rd until the 26th of November 2010 the conference focuses on mobile security (for users and gadgets alike) and Next Generation Infrastructure. „After the success of DeepSec 2009 we try once again to present exciting and controversial topics.  It’s our aim as a neutral platform to bring Hacker-Community, IT- and Security companies, users, government agencies and researchers together to interact and exchange experience and thoughts in workshops and talks.”, prompts René Pfeiffer – one of DeepSec’s organisers. The call for papers is still going until the 31st of July and young security researchers can register for  special support in this year’s U21 programme (U21 means under 21 years

Read More

0107, 2010

Sneak Preview – Workshop about Advanced PHP Security

René Pfeiffer/ July 1, 2010/ Schedule

Our CfP ends on 31 July 2010, so we start publishing information about some of the submissions in advance. We got the confirmation from Laurent Oudot, founder of TEHTRI-Security, concerning the Advanced PHP Hacking training. The workshop will deal with breaking into PHP environments, methods of attackers once they are inside, defense against intruders and real hack simulations. This is a hands-on exercise guided by TEHTRI Security experts. Everyone running, developing or auditing PHP web applications should attend. Knowing how attacks work is the first step of avoiding them. When it comes to web applications, there is no silver bullet. You have to deal with the hosting environment, known about possible vulnerabilities, learn about the tools attackers use and then you can tune your defenses. Code analysis, filters, fuzzing, NIDS and hardening alone are

Read More

2406, 2010

Native Code Protection and Security

René Pfeiffer/ June 24, 2010/ Development, Internet

The Mozilla vice president of products announced that Firefox doesn’t need to run native code anymore when it comes to plugins. The idea is called crash protection for it aims to keep the web browser alive when a plugin fails to run correctly. At the same time the magical words about the future being in the hands of (open) web standards and HTML5 are uttered. What does this imply in terms of security? Is there any benefit? The thought of having more reliable web browsers is certainly tempting. It is also true that overloading the browser with plugins increases the „angle of attack” to the point of stalling or most probably catching some malware floating around on the Web. The message seems to be that seperating vulnerable plugins from the browser doesn’t rule out

Read More

1906, 2010

Call for Papers – Reminder

René Pfeiffer/ June 19, 2010/ Schedule

Our Call for Papers is still running until 31 July 2010. We already have some very interesting talk and workshop submissions. Two experts cover the black magic of the last mile and network backbones. Clearly this is critical infrastructure and is often neglected when implementing security measures. Few administrators put their firewalls in front of the ISP’s modem. There are attacks against infrastructure. Wireless networks illustrate this problem very well. Strangely when it comes to wired networks people think of them as more secure. True, wired connections cannot be accessed through thin air, but this doesn’t immunise them against threats on the infrastructure level. Routing protocols, administrative interfaces, unpatched firmware, bugs, noisy broadcasts and network design errors can lead to a fertile ground for a compromised network well before your firewall kicks in. So

Read More