High Entropy

Lectures on Information Security

Posted by on July 1, 2020 at 9:25 am

It’s time for an editorial to end our premature Covid-19 induced Summer break. We (as in the staff behind DeepSec/DeepINTEL) were busy with projects, preparations, following the news about the pandemic, and collecting information for our event(s) in November. Personally I have been involved in teaching for decades. The past months have shifted the focus […]

Update on DeepSec / DeepINTEL / ROOTS 2020 with regards to Covid-19

Posted by on May 2, 2020 at 10:00 am

Lacking time travel we have no way to know what will happen in November 2020. That’s not news to us. We closely follow the development of the current Covid-19 crisis, and we constantly evaluate our plans for DeepSec, DeepINTEL, and ROOTS 2020. Given the current state of affairs and the experiments in various countries (including […]

It’s April Fool’s Day – 7/24 and 365 Days of the Year

Posted by on April 1, 2020 at 3:25 pm

The first day of April is typically the time where you hide well-written pieces of misinformation to trick people into believing something that isn’t true. We published our share of April Fool’s Day articles in the past. While this was and still is fun we believe that it is time to break with this tradition. […]

Complexity of Dependencies in Multidimensional Systems – Corona Virus

Posted by on February 28, 2020 at 12:45 pm

This blog is often silent. Our policy is to publish if there is real information to send out. DeepSec is all about facts. We don’t do speculation. Sometimes it is hard to idly watch „news“ being published, revised, withdrawn, altered, commented, and even deleted. We, to the best of our abilities, try not to publish […]

Secure Design – Combining Information Security with Software Development

Posted by on February 5, 2020 at 9:00 am

Information security researchers usually see software fail. Sometimes they try to make software fail on purpose. The result is a bug description, also called vulnerability report in case the bug has a security impact. The the best case scenario this information reaches the software developers who in turn fix the problem. Then the cycle continues. […]

Thoughts on Geopolitics and Information Security

Posted by on July 12, 2019 at 5:47 pm

Geopolitics is a rather small word for very complex interactions, strategies, tactics, and the planning (of lack thereof) of events. Reading about topics connected to it is probably familiar to you. Few news articles can do without touching geopolitic aspects. Since politics has less technological content for most people, the connection to information security may […]

Translated Article: EU Prosecutors call for Security Holes in 5G Standards

Posted by on June 3, 2019 at 8:45 am

EU-Strafverfolger fordern Sicherheitslücken in 5G-Standards for fm4 by Erich Moechel The telecoms are to be forced to align the technical design of their 5G networks with the monitoring needs of the police authorities. In addition, security holes in the 5G protocols are required to enable monitoring by IMSI catchers. Gilles de Kerchove, EU counter-terrorism coordinator, […]

Eth(er)ical Hacking – Hacker Defined Radio and analysing Signals

Posted by on April 4, 2019 at 9:30 am

There is a lot going on in the wireless world. 5G is all the fashion, because frequencies are being auctioned. This is only the tip of the iceberg. Wireless protocols have become ubiquitous. The IEEE 802.11 family is one widespread example. Bluetooth, mobile networks, ZigBee, Z-Wave, and other wireless transmissions are widely used. If you […]

Network Security right from the Beginning – Introducing DHCP-over-TLS (DoT)

Posted by on April 1, 2019 at 12:15 am

Every security researcher knows: If you want to secure a system, do it as early as possible. This is why Trusted Computing, Secure Boot, Trusted Execution Technology, and many more technologies were invented – to get the operating system safely off the ground right at boot time. After the booting process additional components have to […]

Remembering Mike Kemp (@clappymonkey)

Posted by on March 26, 2019 at 1:48 pm

This blog post has no tags, because we cannot come up with any. Mike Kemp, also known as @clappymonkey on Twitter, has died. He spoke at the DeepSec conference back in 2012. We regularly saw him at other events and kept in touch. We have lost a great colleague. It is impossible to express what […]

Translated Article: Campaign of the Spy Alliance “Five Eyes” against WhatsApp and Co

Posted by on January 8, 2019 at 10:23 am

Feldzug der Spionageallianz „Five Eyes“ gegen WhatsApp und Co for fm4 by Erich Moechel The current scattered news and reports on “encryption” belong together. The military secret services of the “Five Eyes” conduct a global campaign; in Australia they’ve already reached their first milestone. Every two years, around the same time, a campaign of the espionage […]

Analysing Data Leaks and avoiding early Attribution

Posted by on January 4, 2019 at 3:25 pm

The new year starts with the same old issues we are dealing with for years. German politicians, journalists, and other prominent figures were (are) affected by a data leak. A Twitter account started tweeting bits from the leaked data on 1 December 2018 in the fashion of an Advent calendar. The account was closed today. […]

Merry XSSmas and a successful new mktime() Syscall

Posted by on December 21, 2018 at 2:43 pm

The holidays are coming, next to Winter (hopefully). Thank you all for attending and contributing to DeepSec and DeepINTEL 2018! All slides we got are online. The videos have almost left post-production (except one recording which is being fixed audio-wise) and are on the way to the content distribution network. The ROOTS videos will be […]

Encryption, Ghosts, Backdoors, Interception, and Information Security

Posted by on December 20, 2018 at 3:54 pm

While talking about mobile network security we had a little chat about the things to come and to think about. Compromise of communication is a long time favourite. Hats of all colours need to examine metadata and data of messages. Communication is still king when it comes to threat analysis and intrusion detection. That’s nothing […]

Binary Blob Apocalypse – Firmware + Cryptography = less Security

Posted by on November 6, 2018 at 2:06 pm

A couple of years ago we had a chat with one of our sponsors, Attingo. They are specialised in data recovery from all kinds of media and in all kinds of conditions. Since vendors keep secrets from the rest of the world, the data rescuers do a lot of reverse engineering in order to decode […]