1407, 2016

The Internet of Threats revisited

René Pfeiffer/ July 14, 2016/ Communication, High Entropy, Internet

Everyone is talking about the Internet of Things. Connecting household applications (yes, applications, appliances is so 1990s) to a network hasn’t been more fun than now. Also measuring things is great. Today most sensors are deployed to generate endless streams of data because we can, not because there is a need for it. And I haven’t even talked about the information security aspect yet. Let’s take a step back into 1995/1996. Those were the days of the first browser wars. Jamie Zawinski has a quote of the Law of Software Envelopment on his web site. Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can. The proof of concept was undertaken by creating the Netscape Mail and News client. Processing email once

Read More

2406, 2016

Early Birds, save the Date! BSidesVienna has opened the Call for Papers!

René Pfeiffer/ June 24, 2016/ Call for Papers, Conference

Grab your calendars, you have to be in Vienna on 12 November 2016! BSidesVienna is accepting your submissions for an awesome community conference. The range of topics is wide, so don’t ask yourself “Is this interesting or not?” – just submit and come to Vienna in November! While you are preparing your submission, you might want to make some extra space in your calendar for DeepSec 2016. The submission we got so far look great. Crypto, the Internet of Stuff (IoT), exploit labs, pentesting training, and more waits for you. Make sure you get the Early Bird prices for your tickets!

1806, 2016

DeepSec welcomes Google as Sponsor for the next Conference

René Pfeiffer/ June 18, 2016/ Administrivia, Conference

We are proud and happy to announce Google as sponsor for DeepSec 2016! Google has been a supporter of DeepSec in the past. While we may not need to introduce Google to you, we would like to point out that they have a very capable security team and that members of their researchers have held presentations at DeepSec conferences. Google staff is often around, so take the advantage and talk to them.

1706, 2016

DeepSec welcomes SEC4YOU as Conference Sponsor!

René Pfeiffer/ June 17, 2016/ Conference

DeepSec would not be possible without the support from sponsors. So we welcome SEC4YOU as sponsor for the next DeepSec 2016! SEC4YOU offers services regarding advanced auditing, penetration testing, and vendor-agnostic IT security consulting. SEC4YOU experts support your team when it comes to test and to implement security measures. Especially when it comes to compliance requirements, you will need assistance to make sure that nothing goes wrong. SEC4YOU’s portfolio covers IT security analysis (dealing with risks and threats to your organisation), auditing, ISO 27001 certification (with or without BSI standards), creation of security policies, risk management, information security management system (ISMS), internal government and revision processes. Their experts are well-versed with clients from internal auditing, accounting/controlling, information technology, data protection, risk/compliance management, and information security. Plus they like hackers! Make sure you have a

Read More

1306, 2016

DeepSec 2015 Slides: Bridging the Air-Gap – Data Exfiltration from Air-Gap Networks! Much Slides! Very Animated! Wow!

Sanna/ June 13, 2016/ Conference, Security

The presentation titled Bridging the Air-Gap – Data Exfiltration from Air-Gap Networks was held at DeepSec 2015. Since the presentation format was not meant to be printed or viewed with generic documents viewers, the slide deck had to be converted. The slides in PDF format can be downloaded from this link: https://drive.google.com/file/d/0B_dwBl7uf6PdRndDa1Rad1dMdFk/view?usp=sharing For an animated version of the slides, use one of these links: http://prezi.com/mrzzjpzgvcr8/?utm_campaign=share&utm_medium=copy or in short http://goo.gl/mpCNWC Mind the gap and enjoy!

1206, 2016

DeepINTEL 2016 – Save the Date for Security Intelligence

René Pfeiffer/ June 12, 2016/ Administrivia, Security Intelligence

Analysing threat intelligence hasn’t been more important. We all know that bad things will happen. That’s not the issue to worry about. You should spend some thoughts on why something happens, what methods are involved, and what your adversaries look like on the inside. Defending your assets is much more than using a fence, some doors, and badges for your employees. We would like to welcome you to DeepINTEL to discuss security intelligence in-depth. The DeepINTEL 2016 has been moved. Save the new date; DeepINTEL will take place on 20/21 September. The location hasn’t changed, and good weather has been ordered. Make sure you order your tickets!

1106, 2016

BSidesLND2016 Rookie Track Review

René Pfeiffer/ June 11, 2016/ Discussion, Security, Stories

Sitting through the Rookie Track at BSidesLondon is something we really enjoy. This year the quality of the presentations was amazing. Of course, the rookie’s mentors take a part of the blame for that. Good training gives you always a head start. Nevertheless someone has to stand in front of the crowd and fill the 15 minutes slot with content. All rookies did a good job. It was hard to pick a clear winner. The jury took more than three iterations to find a conclusion. Locard made it, and we welcome him to DeepSec 2016 in November. Honourable mentions go to @Shlibness, @Oxana_Sereda and @callygarr. For you we have some thoughts on the presentations we saw and on the methods being used. Think of your presentation as code. Make it lean and mean. It’s

Read More

0406, 2016

BSides London 2016 – Schedule

René Pfeiffer/ June 4, 2016/ Conference, Security

In case you haven’t noticed, the London BSides schedule is up. The Rookie track starts right with the most important part of information security – opsec. Behaviour is on a par with expensive security hardware and your favourite protection software. Wearables, video games, hidden data, malware mythbusting, and more follow next. The main schedule features presentations about the impact of TOR/I2P traffic to your servers (think or best forget about CloudFlare), methods used by options advanced attackers, attacking Low Powered Wide Area Network (LPWAN) devices used for smart / IoT stuff, malicious software, static code analysis, threat analysis, the temptation of containers, and honey pots. There’s ample of content for everyone looking for new ideas. Don’t miss the opportunity!

2005, 2016

BSidesLondon 2016 – Rookie Track Edition

René Pfeiffer/ May 20, 2016/ Conference, Discussion

The Security BSides London 2016 is coming up. Next month you will have the chance to see presentations all around topics in information security. The schedule will be published soon. Gathering from the talks of past events you will not be disappointed. We will be present to watch over the Rookie Track. Young talents in terms of presentation experience will tell you about selected subjects covering security issues on software, administration, policies, hardware, or social interaction. The Rookie Track is unique among InfoSec events. It is a stage where the presenters can tell their ideas to an audience. They are supported by mentors who guide the content and the presenter from idea to the 15 minutes on stage. The Rookie Track was born out of the fact that a lot of people in information

Read More

1805, 2016

The Didactic Side of Information Security

René Pfeiffer/ May 18, 2016/ Discussion, High Entropy

Explaining complicated topics with a lot of dependencies is hard. Even the operation of devices such as computers, telephones, or cloud(ed) applications can’t be described in a few sentences. Well, you can, if you use the tried and true lie-to-children method coined by Jack Cohen and Ian Stewart. If you really want to dive into a subject, you need a good start and a tour guide who knows where the terrain gets rough and helps you through it. Information technology and its security is hard to learn. The basics are surprisingly simple. Once you get to the implementation and the actual parts that need to be touched, it gets a lot more complicated. Modern IT combines various technologies, most taken from computer science, others taken from other fields of research. The starting point defines

Read More

1504, 2016

DeepSec 2016 Call for Papers is officially open!

René Pfeiffer/ April 15, 2016/ Call for Papers, Conference

DeepSec 2016 is coming! We have set up the Call for Paper manager to accept your submissions for talks and workshops. Keep the „cyber“ distractions low, maximise content. DeepSec is all about hard facts and solid research. The Internet of Stuff/Things has gained momentum. Given the current IoT security designs, this technology will keep security researchers busy for decades  to come. Tell us how to break the smart home of the future. The Crypto Wars are on again. Forget quantum computers! Think about how crypto will work in the age of golden keys and backdoor privileges. Of course you can also talk about the state of cryptography and post-quantum algorithms. DeepSec has always had a decent crypto content. We will give you some more ideas on what to submit in the course of the

Read More

1404, 2016

Thoughts on Lawful Malicious Software and its Impact on IT Infrastructure

Sanna/ April 14, 2016/ Interview, Press, Security

During the premiere of „A Good American“ we had a chat with journalists. Markus Sulzbacher of Der Standard wanted to know what the implication of the so-called Bundestrojaner (litterally federal trojan, the colloquial German term for the concept of inserting government malware in order to extract information from a suspect’s computer and telephone devices). The idea is to infect a computer system with malicious software that sits in the background and to siphon off the hard-to-get data connected to communication (i.e. messengers, Skype, emails, etc.). We have translated the interview from German to English for you. You can find the original on Der Standard web site. Der Standard 12.04.2016 “The federal Trojan is governmental malware” Police praise the software as a “wonder weapon against terror”. But for IT expert René Pfeiffer the planned introduction

Read More

0504, 2016

Return of the Penguin Challenge – ELF (?) Binary (?)

René Pfeiffer/ April 5, 2016/ High Entropy

Our friends from BSidesLondon have set up a challenge for you. It’s a little ELF binary with some odd properties. That’s all we will tell you. Have a look for yourself. In case you are forensically inclined, we might have a little Call for Papers email for you. There is a lot of strange code around in the Internet and other networks. Decoding what code does without getting your san(d)box blown apart is a fine art. We are interested in getting in touch with researchers in the field of malicious software and digital forensics. Software developers need to know what you have seen. So if you got some ideas, research, or interesting content, drop us your email address.

0104, 2016

FBI, NSA, DoD and CDC join forces to combat Cyber Pathogens

René Pfeiffer/ April 1, 2016/ Discussion, High Entropy

The world economy is threatened by a new strain of microorganisms. These so-called cyber pathogens spread via networks and the touch of digital devices. They can also lie dormant for days and months, only to spring to life when the victim’s immune system is at its weakest point. It is widely believed that cyber pathogens can infect the population of a whole country and wipe it completely off the grid of the Earth. Current antidotes can only treat the symptoms. The best way to get rid off the pathogens is to resort to physical means and destroy every surface it can cling to. Amputation of infected tissue also works. Unless security researchers will find a suitable vaccination soon, every single one of us is at risk. The cyber pathogen threat is the reason for

Read More

1503, 2016

Reminder: DeepINTEL 2016 – Call for Papers – Beat Big Data and Full Take with Brains

René Pfeiffer/ March 15, 2016/ Call for Papers, Conference, Security Intelligence

We already published a Call for Papers for the upcoming DeepINTEL 2016. Here are some thoughts to get your creativity going. Standard solutions and off-the-shelf products to solve your security needs are remains from the 1990s. Everything else has gone smart, and that’s how you have to address security problems in the future. NSA director Admiral Michael Rogers told the audience of the RSA Conference 2016 that the NSA cannot counter the digital attacks it faces on its own. GCHQ, the NSA’s British counterpart, has publicly stated that the £860m budget to counter digital adversaries is not sufficient to defend Britain’s digital assets. Modern digital defence needs a sound foundation of data to base decisions on. You can neither combat a forest fire or an infectious disease by blindly throwing money at it. You

Read More