High Entropy

Translated RadioFM4 Article: Hype about “Chinese Espionage Chips” stems from the Pentagon

Posted by on October 16, 2018 at 11:55 am

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience, because the author raises some important questions.] In the FM4 fact check the sensational report by the business […]

Whatever happened to CipherSaber?

Posted by on September 11, 2018 at 10:03 am

Some of you still know how a modem sounds. Back in the days of 14400 baud strong encryption was rare. Compression was king. Every bit counted. And you had to protect yourself. This is where CipherSaber comes into play. Given the exclusive use of strong cryptographic algorithms by government authorities, the CipherSaber algorithm was meant […]

DeepSec and Tor Tickets – Update

Posted by on August 24, 2018 at 11:47 am

We wrote about the German Tor operator relay organisation Zwiebelfreunde e.V. a while ago. They were raided on 20 June 2018 by the German police in five different locations. The police was investigating a German left-wing blog and was trying to find the author of articles published there. As many of you know, Tor exit […]

New in the DeepSec Ticket Shop: Tor Tickets for Early Birds and InfoSec Minds

Posted by on July 17, 2018 at 2:41 pm

We have a new category in the DeepSec ticket shop. We now have Tor tickets! Why is that? Well, information security relies heavily on the tools of the trade and the knowledge to use them. Tools can be created and used, knowledge can be shared and used. This is not a new insight. The special […]

How the BND monitors Communication in Austria

Posted by on July 12, 2018 at 10:41 am

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience.] How the BND monitors communication in Austria At the most important connection to the Frankfurt node DE-CIX data […]

Infrastructure Update – Privacy Shield, Call for Papers, DNSSEC, ROOTS, and Humidity

Posted by on July 11, 2018 at 10:22 pm

Our blog has been a bit silent in the past weeks, because we had to move some stuff around and rearrange our infrastructure. The old office had a problem with too much water. Leaking is for whistleblowers, not water pipes. Rain is fine if the water can get to the drains. If you take a […]

BSidesLondon 2018 Rookie Track Follow-Up

Posted by on June 8, 2018 at 12:44 pm

We would like to share some impressions about the BSidesLondon 2018 Rookie Track presentations. It gets hard and harder to tell which one of the talks is the best. And picking a winner is not the right approach. We do this, because we can only invite one person to DeepSec, and because the intention is […]

Big Data Analytica – What Attackers might be after

Posted by on June 8, 2018 at 8:15 am

A while ago the Cambridge Analytica issue rocked the news and the online discussions about how personal data and profiles should be used. Frankly the surprise of data being abused comes as a surprise. The terms and conditions of most online portals, services, and platforms contains lots of rights – which you give to the […]

DSGVO / GDPR / RGPD Update – We have Policies and Stuff!

Posted by on May 25, 2018 at 3:40 pm

In information security policies are like opinions – everyone has one or more. So this is why we did some updating. You can now find our privacy policy on the main DeepSec web site and on our blog. We use few third party services, because most of our infrastructure is hosted on our own systems. […]

#efail, Crypto, HTML, PDF, and other complex Topics

Posted by on May 14, 2018 at 3:27 pm

You probably have noticed the #efail hashtag that came with the claim that the crypto world of PGP/GPG and S/MIME is about to end. Apocalyptic announcements were made. The real news is due for 15 May 2018 (i.e. the publication with all the facts). There was even the advice to stop using encryption until more […]

Manufacturers integrate Blockchain into Processors to counter Spectre and Meltdown

Posted by on April 1, 2018 at 12:01 am

The Spectre and Meltdown security vulnerabilities gathered a lot of attention in January. Processor manufacturers have rushed to fix the design of the chips and to patch products already in production. The vulnerabilities show that secure design is critical to our modern infrastructure. Computing has become ubiquitous, so has networking. The current fixes change the […]

Metrics, Measurement, and Information Security

Posted by on March 28, 2018 at 3:00 pm

Metric is a great word. Depending how you use it, it changes its meaning. The metric of a network path is quite different from the metric system. When it comes to measuring something, the might be an agreement. Why bother? Because we have heard of the term security metrics being used for something which should […]

The Grotesqueness of the “Federal Hack” of the German Government Network

Posted by on March 19, 2018 at 1:44 pm

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience. We will follow-up on it with an article of our own about attribution, digital warfare, security intelligence, and […]

Meltdown & Spectre – Processors are Critical Infrastructure too

Posted by on January 6, 2018 at 6:04 pm

Information security researchers like to talk about and to analyse critical infrastructure. The power grid belongs to this kind of infrastructure, so does the Internet (or networks in general). Basically everything we use has components. Software developers rely on libraries. Usually you don’t want to solve a problem multiple times. Computer systems are built with […]

DeepSec 2017 Talk: How I Rob Banks – Freakyclown

Posted by on November 14, 2017 at 11:23 am

You are in for an adventure at DeepSec this year. We have a tour on robbing banks for you: A light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the worlds largest banks. Through the use of tales from the front line […]