1411, 2012

DeepSec 2012 Talk: A Non-Attribution-Dilemma and its Impact on legal Regulation of Cyberwar

René Pfeiffer/ November 14, 2012/ Conference, Discussion

We asked Michael Niekamp and Florian Grunert to give an outlook on their presentation titled A Non-Attribution-Dilemma and its Impact on Legal Regulation of Cyberwar: A general challenge of cyberwar lies in the field of legal regulation under conditions of non-attribution. The optimistic view emphasizes that our international law and its underlying standards are sufficient (in principle and de facto) to solve all emerging problems. A more sceptical view postulates “the impossibility of global regulation”. Although we lean towards the sceptical view, we’ll provide a different and new line of reasoning for the impossibility of a rational legal regulation by formulating a non-attribution-dilemma. In contrast to some prominent arguments, we do not overestimate the suggestive power of the non-attribution-problem concerning the question of rational “deterrence through a threat of retaliation” (DTR for short), but

Read More

1311, 2012

DeepSec 2012 Showcase: Cuteforce Analyzer

René Pfeiffer/ November 13, 2012/ Discussion, Security

The University of Applied Sciences Upper Austria will be showing the Cuteforce Analyzer at DeepSec 2012. This beast is a massively parallel computing cluster for cryptographic applications. The goals of this project was to develop a cluster framework and to evaluate suitable hardware. The cluster itself utilises two different types of co-processors, namely the well-known graphics processing units (GPUs) also used in super-computing, and field-programmable gate arrays (FPGAs). Both types of processors have their strength and weaknesses, both depending on the algorithm being executed on the hardware. The cluster framework connects both hardware platforms, and assigns computing tasks according to the advantages of the co-processor. Thus you get to use all the advantages; in addition the framework software makes sure that you can use the different hardware processors as a whole. The research team

Read More

0811, 2012

Conference seats are running low…

Mika/ November 8, 2012/ Conference

Honestly: We have such a big interest this year, which is beyond any expectations that we might need to close our ticket sales one or two weeks before the conference. If the trend continues like past years we will exceed the capacity for the conference rooms and the restaurant.We are negotiating with the hotel and do our best to accommodate everyone who wants to attend. Booking is still open at: https://deepsec.net/register.html We have already exceeded the room contingency at our hotel, The Imperial Riding School (Renaissance Vienna Hotel), which grants an attractive room rate, incl breakfast etc… The rate is EUR115,- per night (single person) inc. all fees and taxes, inc. American breakfast and a cancellation possible until 6 PM on the arrival date. Cheaper offers on travel-booking sites typically don’t include breakfast or

Read More

0811, 2012

DeepSec 2012 Talk: Pentesting iOS Apps – Runtime Analysis and Manipulation

René Pfeiffer/ November 8, 2012/ Conference, Security

Since one of the focus topics of DeepSec 2012 deals with mobile computing and devices, we asked Andreas Kurtz to elaborate on his presentation about pentesting iOS apps: „Apple’s iPhone and iPad are quite trendy consumer devices, and have become increasingly popular even in enterprises nowadays. Apps, downloaded from the AppStore or developed in-house, are supposed to completely change and optimize the way of work. Suddenly, managers have access to business intelligence information, data warehouses and financial charts on their mobile devices: Apps are used as front ends to executive information systems and, thus, are carrying around loads of sensitive data. At a first glance it seems, that there’s nothing new on it. Indeed, it is quite common to remotely access critical business data. However, the popularity of mobile devices, combined with the sensitive

Read More

0511, 2012

Alien Technology in our Datacenters

Mika/ November 5, 2012/ High Entropy, Security, Stories

Sometimes when I watch administrators at work, especially when I start to ask questions, I get an uneasy feeling: “this is not right”. As it turns out many of the people who maintain, manage and configure IT or communication equipment don’t understand the technology they are using. At least not in depth. Mostly they have a rough idea what it’s all about but cannot explain in detail how it works and cannot predict what will happen if a few changes are made to the setup. Although I couldn’t put my finger on it I had a familiar feeling, something like a déjà-vu. Just recently when I browsed through my bookshelves it suddenly became clear: I reached for a science fiction classic, “Gateway” by Frederic Pohl which describes an alien race, the “Heechee”, which have

Read More

0511, 2012

Talk about Data Loss Prevention

René Pfeiffer/ November 5, 2012/ Security

We will be presenting a talk about data loss prevention (DLP) on 9 November 2012 at the IT-Security Community Xchange 2012 (IT-SecX 2012) in St. Pölten, Lower Austria. DLP is a good example for measuring the security of your IT infrastructure. Keeping data in is as important as keeping attackers out these days. The tricky part is to know what data you have and where it lives. We will discuss how to approach DLP in terms of preparation, planning and implementation. In case you are in Austria you can meet us at the IT-SecX 2012. The event is organised by the University of Applied Sciences St. Pölten.

0211, 2012

DeepSec 2012 Training: SAP Security In-Depth

René Pfeiffer/ November 2, 2012/ Security, Training

Your SAP installation is probably the most critical system in your company’s infrastructure. At the same time the informations accessed and processed by SAP systems origin from many sources. Securing infrastructure with this complexity is not an easy task, and testing your security measures requires a great deal of knowledge and training. In addition your will probably run web services talking to your SAP system – which is quite handy for attackers. In case you are short on knowledge about your own SAP deployment, there’s help. There will be an SAP security workshop at DeepSec 2012! The SAP Security In-Depth training will show you how to find out if your SAP infrastructure is secured. Knowing about segregation of duties and securing roles and profiles is fine in theory, but you have to make sure

Read More

0211, 2012

DeepSec 2012 Talk: Wargames in the Fifth Domain

René Pfeiffer/ November 2, 2012/ Conference

We asked Karin Kosina to illustrate her talk Wargames in the Fifth Domain: “This is a pre-9/11 moment. The attackers are plotting.” These are the words of U.S. Secretary of Defense Leon Panetta addressing business executives on the dangers of cyberwar two weeks ago in New York. And just in case this did not leave the audience scared enough, Panetta also warned about the possibility of an upcoming “cyber-Pearl Harbor”. A massively destructive cyberwar, it seems, is imminent. Or is it? Is the world really on the brink of cyberwar? Time to panic and hide in our cyber shelters? – Well, I think things are slightly more complicated than that. Before you dismiss me as a peace-loving hippie who views the world through rose-tinted glasses: There is no doubt that our emerging information society

Read More

3110, 2012

Zombies at the Hospital

René Pfeiffer/ October 31, 2012/ High Entropy, Security

It’s 31 October, so we have to talk about these zombies. You know them from the horror films. Dead, evil, and always hungry for brains (the latter also being true for any self-respecting HR department). Security researchers know a different kind of zombie. A zombie computer is a machine or device infected by a computer virus. It is considered compromised and contains additional features such as information retrieval, remote access or anything else you can put into code. Usually this is undesirable and fought with anti-virus software or (even better) strict security procedures. Now let’s combine the two types of zombies and add a spiffy virus outbreak into the mix. To go even further cinematic we use a hospital as the stage. Too unrealistic? On the contrary, hospitals do have a virus and zombie

Read More

2410, 2012

DeepSec 2012 Talk: The „WOW Effect“

René Pfeiffer/ October 24, 2012/ Conference

If you have ever been in the position of analysing the remains of a compromised system, then you will probably know that a lot of forensic methods rely on data stored in file systems. Of course, you can always look at individual blocks, too, however sooner or later you will need the logical structure of the data. The question is: Do you rely on the file system to be honest with you? What happens if the file system (with a little help from the OS around it) tricks you into believing false information? The answer is easy. Your investigation will fail. Christian Wojner from CERT.at has a presentation for you which describes the stunning „WOW Effect“ stemming from Microsoft’s WoW64 technology. WoW64 is the abbreviation for Windows 32-bit on Windows 64-bit. It allows 64-bit

Read More

2010, 2012

Groundhog Day (Not a Film Review)

Mika/ October 20, 2012/ High Entropy, Security

Recently there was a re-run of the movie “Groundhog Day” on German TV and after a while I felt a familiar feeling: Our security efforts are a lot like the story. The protagonist is caught in something like a time-loop until he gets everything right. A previously cynical, disrespecting, arrogant and selfish news reporter wakes up every morning to the same scene: The alarm clock switches to 6:00 in the morning, the radio plays “I got you babe” and the same day repeats over and over again. During the first iterations he doesn’t change his behavior, being quite a discomforting guy until he realizes that slight changes can make a big difference. He is only relieved from this situation after he gets everything right: Being nice to his former school schoolmate, changing the tires

Read More

1910, 2012

DeepSec 2012 Keynote: We Came In Peace – They Don’t: Hackers vs. CyberWar

René Pfeiffer/ October 19, 2012/ Conference

„Cyberwar“ is all the fashion these days. Everyone knows about it, everyone has capabilities, everyone has a military doctrine to deal with it. Sceptics make fun of it, politicians use it for election campaigns, security researchers wonder what’s new about it, „experts“ use it to beef up their CV, cybercrime yawns, journalists invent new words, most others are confused or don’t care (probably both). This is why DeepSec 2012 features four talks about this topic, including the keynote by Felix ‘FX’ Lindner. FX explains what you can expect from his presentation: “The issues we are facing concerning the militarization and beginning arms race in the so-called “cyber domain” are not what you might think they are. I would like to highlight two aspects of how we, the civilian hackers, in my opinion handle things

Read More

1510, 2012

DeepSec 2012 Talk: I’m the guy your CSO warned you about

René Pfeiffer/ October 15, 2012/ Conference

Social engineering has a bit of a soft touch. Mostly people think of it as “you can get into trouble by talking to strangers”, remember the “don’t talk to strangers” advice from their parents, dismiss all warnings and will get bitten by social security leaks anyway. You have to talk to people, right? You are aware that attackers will use social engineering to get past the expensive security hardware and software. Being aware is very different from being prepared. This is why we asked an expert of social engineering to give you an example of his skills. Be warned, it won’t get pretty and you won’t leave the presentation with the warm and cosy feeling that everything will be alright. To give you a sneak preview, here’s a digital letter from Gavin Ewan himself:

Read More

1410, 2012

DeepSec 2012 Talk: Passive IPS Reconnaissance and Enumeration – false positive (ab)use

René Pfeiffer/ October 14, 2012/ Conference

Once you have a network, you will have intruders. You may already have been compromised. How do you know? Right, you use proper and hard to fool monitoring tools that will always detect good and evil. If you believe this statement, then you probably never heard of the dreaded false positive, commonly known as false alarm. Sometimes a search pattern triggers, but there is no attack. Getting rid of false positives is difficult. As a side effect security researchers have explored false positives as an attack vector. Arron ‘Finux’ Finnon is presenting a new look at intrusion detection/prevention systems (IDS/IPS) and new uses for false positives. You can use false positives to better understand the security posture from an attacker’s point of view, and more importantly be used to discover security devices such as

Read More

1210, 2012

DeepSec 2012 Talk: Own the Network – Own the Data

René Pfeiffer/ October 12, 2012/ Conference

We all use networks every day. This is obvious when it comes to the Internet, but there are more networks if you use phones and other gadgets. Like it or not, these networks are a part of your infrastructure. Now you know, but attackers (and security people) knew this before. So, what can happen to your data if the network is compromised? The short answer: a lot! The long answer is given by Paul Coggin in his presentation at DeepSec 2012. Paul’s presentation discusses the security issues with the critical network architectures being deployed by service providers and utilities to support next generation network services such as IPTV, 3G/4G, smart grid, and more. There’s a lot happening behind the scenes. Once new products are announced, the stage has already been prepared. Network infrastructure security

Read More