High Entropy

Translated Article: Campaign of the Spy Alliance “Five Eyes” against WhatsApp and Co

Posted by on January 8, 2019 at 10:23 am

Feldzug der Spionageallianz „Five Eyes“ gegen WhatsApp und Co for fm4 by Erich Moechel The current scattered news and reports on “encryption” belong together. The military secret services of the “Five Eyes” conduct a global campaign; in Australia they’ve already reached their first milestone. Every two years, around the same time, a campaign of the espionage […]

Analysing Data Leaks and avoiding early Attribution

Posted by on January 4, 2019 at 3:25 pm

The new year starts with the same old issues we are dealing with for years. German politicians, journalists, and other prominent figures were (are) affected by a data leak. A Twitter account started tweeting bits from the leaked data on 1 December 2018 in the fashion of an Advent calendar. The account was closed today. […]

Merry XSSmas and a successful new mktime() Syscall

Posted by on December 21, 2018 at 2:43 pm

The holidays are coming, next to Winter (hopefully). Thank you all for attending and contributing to DeepSec and DeepINTEL 2018! All slides we got are online. The videos have almost left post-production (except one recording which is being fixed audio-wise) and are on the way to the content distribution network. The ROOTS videos will be […]

Encryption, Ghosts, Backdoors, Interception, and Information Security

Posted by on December 20, 2018 at 3:54 pm

While talking about mobile network security we had a little chat about the things to come and to think about. Compromise of communication is a long time favourite. Hats of all colours need to examine metadata and data of messages. Communication is still king when it comes to threat analysis and intrusion detection. That’s nothing […]

Binary Blob Apocalypse – Firmware + Cryptography = less Security

Posted by on November 6, 2018 at 2:06 pm

A couple of years ago we had a chat with one of our sponsors, Attingo. They are specialised in data recovery from all kinds of media and in all kinds of conditions. Since vendors keep secrets from the rest of the world, the data rescuers do a lot of reverse engineering in order to decode […]

Translated RadioFM4 Article: Hype about “Chinese Espionage Chips” stems from the Pentagon

Posted by on October 16, 2018 at 11:55 am

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience, because the author raises some important questions.] In the FM4 fact check the sensational report by the business […]

Whatever happened to CipherSaber?

Posted by on September 11, 2018 at 10:03 am

Some of you still know how a modem sounds. Back in the days of 14400 baud strong encryption was rare. Compression was king. Every bit counted. And you had to protect yourself. This is where CipherSaber comes into play. Given the exclusive use of strong cryptographic algorithms by government authorities, the CipherSaber algorithm was meant […]

DeepSec and Tor Tickets – Update

Posted by on August 24, 2018 at 11:47 am

We wrote about the German Tor operator relay organisation Zwiebelfreunde e.V. a while ago. They were raided on 20 June 2018 by the German police in five different locations. The police was investigating a German left-wing blog and was trying to find the author of articles published there. As many of you know, Tor exit […]

New in the DeepSec Ticket Shop: Tor Tickets for Early Birds and InfoSec Minds

Posted by on July 17, 2018 at 2:41 pm

We have a new category in the DeepSec ticket shop. We now have Tor tickets! Why is that? Well, information security relies heavily on the tools of the trade and the knowledge to use them. Tools can be created and used, knowledge can be shared and used. This is not a new insight. The special […]

How the BND monitors Communication in Austria

Posted by on July 12, 2018 at 10:41 am

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience.] How the BND monitors communication in Austria At the most important connection to the Frankfurt node DE-CIX data […]

Infrastructure Update – Privacy Shield, Call for Papers, DNSSEC, ROOTS, and Humidity

Posted by on July 11, 2018 at 10:22 pm

Our blog has been a bit silent in the past weeks, because we had to move some stuff around and rearrange our infrastructure. The old office had a problem with too much water. Leaking is for whistleblowers, not water pipes. Rain is fine if the water can get to the drains. If you take a […]

BSidesLondon 2018 Rookie Track Follow-Up

Posted by on June 8, 2018 at 12:44 pm

We would like to share some impressions about the BSidesLondon 2018 Rookie Track presentations. It gets hard and harder to tell which one of the talks is the best. And picking a winner is not the right approach. We do this, because we can only invite one person to DeepSec, and because the intention is […]

Big Data Analytica – What Attackers might be after

Posted by on June 8, 2018 at 8:15 am

A while ago the Cambridge Analytica issue rocked the news and the online discussions about how personal data and profiles should be used. Frankly the surprise of data being abused comes as a surprise. The terms and conditions of most online portals, services, and platforms contains lots of rights – which you give to the […]

DSGVO / GDPR / RGPD Update – We have Policies and Stuff!

Posted by on May 25, 2018 at 3:40 pm

In information security policies are like opinions – everyone has one or more. So this is why we did some updating. You can now find our privacy policy on the main DeepSec web site and on our blog. We use few third party services, because most of our infrastructure is hosted on our own systems. […]

#efail, Crypto, HTML, PDF, and other complex Topics

Posted by on May 14, 2018 at 3:27 pm

You probably have noticed the #efail hashtag that came with the claim that the crypto world of PGP/GPG and S/MIME is about to end. Apocalyptic announcements were made. The real news is due for 15 May 2018 (i.e. the publication with all the facts). There was even the advice to stop using encryption until more […]