3001, 2014

DeepSec 2013 Video: Effective IDS Testing – The OSNIF’s Top 5

René Pfeiffer/ January 30, 2014/ Conference, Security

Intrusion detection systems can be a valuable defence mechanism – provided you deploy them correctly. While there are some considerations to your deployment process, these devices or software installations require some more thought before you choose a specific implementation. Testing might be a good idea. If you want to detect intruders, then it would be nice if your IDS can do the job. How do you find out? Well, in theory you could use the specifications of the IDS systems as published by the vendors/developers. In practice this information lacks the most important figure: How many intrusions can you detect in a given time frame? True, you have to deal with specific signatures of attacks, so comparing isn’t easy provided you take different sets of rules. Then again some IDS engines have their own

Read More

2901, 2014

DeepSec supports BSidesLondon – join the Rookie Track!

René Pfeiffer/ January 29, 2014/ Administrivia, Conference

The next BSidesLondon on 29 April will feature a Rookie Track again. We are glad to support the event with a ticket to DeepSec 2014 and two accommodations at our conference hotel for the best rookie delivering a presentation. We will also be present at BSidesLondon to get in touch with you (and to watch all talks of the Rookie Track, of course). Supporting young talents in information security has always been on our agenda. This is why we maintain a special category of talks, the U21 slots, for speakers under 21 years of age. Conferences are meant to exchange ideas and to present new perspectives. IT security is all about creativity and thinking outside the box. We have seen lots of promising content from young infosec researchers while encouraging them to submit to

Read More

2901, 2014

DeepSec 2013 Video: Hacking Medical Devices

René Pfeiffer/ January 29, 2014/ Conference, Security

Modern technology expands into various areas of our lives all by its own. Medical facilities also use networks and networked devices. This makes sense since monitoring vital signs creates data you want to transport to your staff. Regardless of the technology used, once you expose the device to the outside world it needs to be hardened against tampering and abuse. The U.S. Food and Drug Administration (FDA) is aware of this issue and has published a recommendation regarding the security of medical devices. „…manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks…” At DeepSec

Read More

2801, 2014

DeepSec 2013 Video: Building The First Android IDS On Network Level

René Pfeiffer/ January 28, 2014/ Conference

Did you know that you can do more than playing Angry Birds on your smartphone? You can get attacked for example. Since your smart phone is Turing complete, you can do what you want. Jaime Sánchez presented the first Android Intrusion Detection System at DeepSec 2013. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. This is a reason to deploy security software on these devices, too. With the help of custom built signatures, Jaime’s framework can also be used to detect probes or attacks designed for mobile devices, fool and cheat operating system fingerprinting attempts. Have a look!

2701, 2014

DeepSec 2013 Video: Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Oddities

René Pfeiffer/ January 27, 2014/ Conference, Security

Ever since intrusion detection systems were put into operation, attackers have found ways to evade discovery. So what can you expect from the wonderful tools that are designed to detect intrusions? If you are looking for metrics which can easily compared and have a connection to your typical production environment, then you are mistaken. There is no such thing as a magical box, ready to be installed to solve all your intrusion problems. Arron ‘Finux’ Finnon of Alba13 Labs held a presentation at DeepSec 2013 about this topic. He illustrated the evasion techniques used and discussed the history of IDS/IPS systems. If you follow the talk closely, you will understand why detection systems like IDS/IPS can work, but why they’re set to fail all at the same time.

1901, 2014

DeepSec 2013 Video: Cracking Open “Secure” Android Containers

René Pfeiffer/ January 19, 2014/ Conference

Cell phones, especially the smart ones, become more and more part of your company’s infrastructure. These devices accumulate software (a.k.a. „apps“), authentication tokens, passwords, and a lot of data worthy of protection. While smartphone systems have their own protection mechanisms, not every one of them might work reliably. Chris John Riley explains in his presentation held at DeepSec 2013 why „secure“ containers on Android phones might not be as secure as advertised. Please make sure that you show this presentation to anyone riding the „BYOD“ train. You might want to rethink what you let your users put on their phones.

1701, 2014

DeepSec 2013 Video: Cracking And Analyzing Apple iCloud Protocols

René Pfeiffer/ January 17, 2014/ Conference

The „Cloud“ has been advertised as the magic bullet of data management. Basically you put all your precious eggs into one giant basket, give it to someone else, and access your data from everywhere – provided you have a decent Internet connection. Since someone else is now watching over your data, you do not always know what protocols and security measures are in place. Few „cloud“ solutions publish what they actually do. Apple’s iCloud system is no different. Vladimir Katalov (ElcomSoft Co. Ltd.) explained in his talk at DeepSec 2013 how the iCloud protocol works and how you can develop your own clients to access your own data in Apple’s „cloud“ infrastructure. His reverse-engineering work is based on publicly available information. Have a look!

1501, 2014

DeepSec 2013 Video: spin – Static Instrumentation For Binary Reverse-Engineering

René Pfeiffer/ January 15, 2014/ Conference

Reverse engineering is a fundamental tool of information security research. The news coverage of the past year have given black boxes a bad name. David Guillen Fandos introduces methods for binary reverse-engineering in his presentation at DeepSec 2013. Binary instrumentation is used for performance evaluation, CPU emulation, tracing, and profiling. It can also be used for malware and threat analysis. David’s tool called spin is able to characterize and identify security-critical functions by applying conditions. If you are into reverse engineering or simply are curious, take a look at the video from his talk:

1401, 2014

DeepSec 2013 Video – Relax Everybody: HTML5 Is Securer Than You Think

René Pfeiffer/ January 14, 2014/ Conference

A lot of tags have been created since the 1980s when the foundation of the modern World Wide Web was born. HTML5 is being deployed on servers around the world. Just like the many 802.11xyz wireless standards it is being used before the stable standard has been released by the W3C. Moving targets attract all kinds of developers and information security enthusiasts. This is why we invited Sebastian Lekies of SAP to hold a presentation about HTML5. He systematically explores security relevant HTML5 APIs and summarises what web developers need to know when designing, implementing and deploying web applications. We will see at DeepSec 2014 if HTML5-based sites will be still featured in talks. ☺

1301, 2014

DeepSec 2013 Video: Psychology of Security – a Research Programme

René Pfeiffer/ January 13, 2014/ Conference

The DeepSec 2013 keynote presentation featured the cultural background of China in order to better understand the news about impending „cyber doom“. The past year has shown that you need a lot more than hands-on information security if you want to make sense of incidents. Next to history and culture there is psychology. In his talk at DeepSec 2013 Stefan Schumacher make a good case for combining psychology and the scientific approach with topics of information security. Watch his talk online!

0201, 2014

Applied Crypto Hardening (ACH) Project

René Pfeiffer/ January 2, 2014/ Communication, Security

DeepSec 2013 featured a talk about the Applied Crypto Hardening (ACH) project. In the wake of the discussion about attacks on cryptography itself and implementations of cryptographic standards almost every aspect of encrypted communication needs to be reviewed. Since system administrators, developers, and other IT staff usually has not the same expertise as crypto experts, the ACH project was formed. Its goal is to compile a reference for the best practice configuration of systems that use cryptographic components. The ACH guide covers SSL/TLS, virtual private network (VPN), algorithms, key sizes, (pseudo) random generators, and more. The advice is targeted at everyone seeking to improve the cryptographic capabilities of software and appliances. Hardening crypto is part of the basic security measures everyone should take care of. It needs to become a habit, just like everything

Read More

3112, 2013

DeepSec wishes you a Happy New Year 2014!

René Pfeiffer/ December 31, 2013/ Misc

The DeepSec team wishes you a Happy New Year 2014! We hope that you will put your ideas for the coming 12 months into reality. We have some New Year’s resolutions as well, and we hope to implement them in the months to come. Supporting rookie security researchers and fostering the scientific approach to, well, research in information security. If you call yourself a researcher, then you should employ scientific methods. It’s simple, and we will explain in ample depth what this is all about. Don’t party too hard! 😉 There’s work to be done.

2012, 2013

DeepSec 2013 Keynote – “Cultural Learning Of China To Make Benefit Glorious Profession Of Infosec”

René Pfeiffer/ December 20, 2013/ Conference

Our video team gave us an early Christmas present, fresh from the rendering farm. The keynote of DeepSec 2013 by Wim Remes is already online. His keynote talk puts information security into a broader context. More often than not blaming China seems to be an easy way to “explain” digital attacks or to silence legitimate questions. Wim explores the cultural side and history in order to improve what we know about the context. Since the Internet is a global network information security experts need to broaden their horizon. For every complex problem there is an answer that is clear, simple, and wrong. Attacks, persistent or not, can become complex, and dealing with the attribution problem is definitely no easy task. We heard about it at past DeepSec conferences. So enjoy Wim’s talk, have some

Read More

1212, 2013

Recordings and Slides from DeepSec 2013

René Pfeiffer/ December 12, 2013/ Administrivia, Conference

We are still dealing with the administrative tasks of DeepSec 2013, and we would like to give a short update on the publication of the slides. We have published all PDFs from the talks on our web server. Some speakers are still refining their documents. We will add them to the collection as soon as we get the files. There are audio and video recordings as well. Both are in post-production in order to ensure that the content is ok and everything works (we had some troubles with broken media files and storage containers in the past). We will put the audio recordings on our web site, too. The videos will be published on our Vimeo account soon. So, thank you for attending and speaking at DeepSec 2013! We hope to see you again

Read More

2111, 2013

DeepINTEL 2014 – 3rd Security Intelligence Conference – Call for Papers is open!

René Pfeiffer/ November 21, 2013/ Administrivia, Call for Papers, Security Intelligence

Good news everyone, there will be a DeepINTEL conference in 2014, and we are looking for presentations! DeepINTEL 2014 will be held in September at the same location as in 2013. This single track two day event addresses mainly critical infrastructure, state organizations (administrative and law enforcement), accredited CERTs, finance organizations and trusted parties and organizations with a strong relation or partnership to the aforementioned. Due to the sensitive topics and the nature of the participants and speakers we will have a vetting process for participants. We’d like to know our audience, so that we all can talk freely and openly during the event. If you have questions on this, please contact us directly via deepsec@deepsec.net or the contact information given on our web site. Here is the Call for Papers for DeepINTEL 2014:

Read More