Internet

DeepSec 2018 Talk: IoD – Internet of Dildos, a Long Way to a Vibrant Future – Werner Schober

Posted by on September 26, 2018 at 8:35 am

The Internet of Things has grown. Interconnected devices have now their own search engine. Besides power plants, air conditioning systems, smart (or not so smart) TV sets, refrigerators, and other devices there are a lot smaller and more personal things connected to the Internet. Your smartphone includes a lot of personal conversations, most probably pictures, […]

DeepSec 2018 Talk: Global Deep Scans – Measuring Vulnerability Levels across Organizations, Industries, and Countries – Luca Melette & Fabian Bräunlein

Posted by on September 25, 2018 at 8:45 am

Metrics are plentiful, but they are hard to come by when it comes to meaningful numbers. This is why we were amazed by the submission of Luca Melette and Fabian Bräunlein. Why? This is why: “We introduce global deep scans that provide insights into the security hygiene of all organizations exposed to the Internet. Our […]

DeepSec 2018 Talk: Building your Own WAF as a Service and Forgetting about False Positives – Juan Berner

Posted by on August 30, 2018 at 12:10 pm

When a Web Application Firewall (WAF) is presented as a defensive solution to web application attacks, there is usually a decision to be made: Will this be placed inline (and risk affecting users due to outages or latency) or will it be placed out of band (not affecting users but not protecting them either). In […]

DeepSec and Tor Tickets – Update

Posted by on August 24, 2018 at 11:47 am

We wrote about the German Tor operator relay organisation Zwiebelfreunde e.V. a while ago. They were raided on 20 June 2018 by the German police in five different locations. The police was investigating a German left-wing blog and was trying to find the author of articles published there. As many of you know, Tor exit […]

Secret Router Security Discussion in Germany

Posted by on January 26, 2018 at 11:10 am

Routers are the main component when it comes to connect sites, homes, and businesses. They often „just“ take care of the access to the Internet. The firewall comes after this access device. The German Telekom suffered an attack on their routers on 2016. The German Federal Office for Information Security now tries to create a […]

Google supports DeepSec 2017

Posted by on October 12, 2017 at 10:09 am

You have probably heard of Google. Well, you will be hearing more from them if you come to DeepSec 2017. They have agreed to support our conference. They will be on site, and you will be able to talk to them. Every year we aim to give you opportunities for a short-cut, for exchanging ideas, […]

DeepSec 2017 Talk: BITSInject – Control Your BITS, Get SYSTEM – Dor Azouri

Posted by on October 8, 2017 at 8:30 am

Microsoft has introduced the Background Intelligent Transfer Service (BITS) into Windows 2000 and later versions of the operating system. Windows 7 and Windows Server 2008 R2 feature the version 4.0 of the protocol. BITS is designed to use idle bandwidth in order to transfer data to and from servers. BITS is an obedient servant, and […]

DeepSec 2017 Talk: Uncovering And Visualizing Botnet Infrastructure And Behavior – Andrea Scarfo & Josh Pyorre

Posted by on September 28, 2017 at 8:45 am

When you read about information security, then you might get the impression that there are lots of nameless threats Out There™. Especially when it comes to networked malicious software, i.e. malware, that forms robot armies, the picture gets a lot more vague and foggy. So you need to get some details to sharpen your view. […]

DeepSec 2017 Talk: Next-Gen Mirai Botnet – Balthasar Martin & Fabian Bräunlein

Posted by on September 27, 2017 at 10:17 am

While you were living in a cave, devices took over the world and got connected to the network. This is the state of affairs we live in right now. As long as nothing happens we don’t notice anything about it. The Mirai (未来) botnet changed this all of a sudden. Consumer devices were drafted into […]

Mythbusting: Anti-Virus Research considered dangerous

Posted by on August 18, 2017 at 11:31 am

Everyone doing research in information security or doing any work in this field takes some risks. Since most of the „cyber stuff“ is black magic to others not working in this context, there are a lot of problems and severe misunderstandings. The Crypto Wars still haven’t been decided in favour of mathematics. Real people prefer […]

Malicious Software explores new Business Models – Politics

Posted by on July 19, 2017 at 2:25 pm

Malicious software has become a major component of criminal business and geopolitics. In addition it is a convenient explanation for anything one does not want to investigate. Since code always come from somewhere you have to ask yourself many more questions when it comes to infected networks and compromised hosts. What is the agenda of […]

ROOTS 2017, DeepSec, and DeepINTEL Call for Papers are still open

Posted by on June 26, 2017 at 2:38 pm

Our wonderful world of technology is full of surprises, bugs, intentional weaknesses, adversaries, defenders, vendors, and users. Some software just got more lines of code instead of a decent audit or refactoring. Everything is turning smart, but no one knows what smart really means. Big Data is all the fashion, Big Knowledge still isn’t. So […]

Applied Crypto Hardening Project is looking for Help

Posted by on April 25, 2017 at 1:55 pm

Hopefully many of you know the Applied Crypto Hardening (ACH) project, also known as BetterCrypto.org. The project was announced at DeepSec 2013. The idea was (and is) to compile hands-on advice for system administrators, dev ops, developers, and others when it comes to selecting the right crypto configuration for an application. The BetterCrypto.org document covers […]

Putting the Context into the Crypto of Secure Messengers

Posted by on January 21, 2017 at 9:15 am

Every once in a while the world of encrypted/secure/authenticated messaging hits the wall of usability. In the case for email Pretty Good Privacy (PGP) is an ancient piece of software. These days we have modern tools such as GnuPG, but the concept of creating keys, verifying identities (i.e. determining who is to trust), synchronising trust/keys […]

Scanning for TR-069 is neither Cyber nor War

Posted by on November 30, 2016 at 10:53 pm

The Deutsche Telekom was in the news. The reason was a major malfunction of routers at the end of the last mile. Or something like that. As always theories and wild assumptions are the first wave. Apparently a modified Mirai botnet tried to gain access to routers in order to install malicious software. The attacks […]