1910, 2013

DeepSec 2013 Talk: Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Oddities

René Pfeiffer/ October 19, 2013/ Conference, Security, Stories

The SANS Institute offers the article The History and Evolution of Intrusion Detection in its Reading Room. The article was published in 2001. It starts with the phrase „during the past five years…“. We now have 2013. Why is it important to examine the history of a technology which certainly is well established and widely deployed in information security? Well, first of all even to this day many people have a problem with what intrusion detection really is. Detecting an intrusion is not the same as intrusion detection. Secondly not everything marketed as intrusion detection system really detects intrusions. How can this be? The answer can be found by attending Arron „Finux“ Finnon‘s Historical Tour Of IDS Evasion, Insertions, and Other Oddities at DeepSec 2013. He will address the history of intrusion detection along the lines

Read More

1710, 2013

DeepSec 2013 Talk: Pivoting In Amazon Clouds

René Pfeiffer/ October 17, 2013/ Conference, Internet

The „cloud“ infrastructure is a crucial part of information technology. Many companies take advantage of outsourced computing and storage resources. Due to many vendors offering a multitude of services, the term „cloud“ is often ill-defined and misunderstood. This is a problem if your IT security staff needs to inspect and configure your „cloud“ deployment with regards to security. Of course, virtualisation technology can be hardened, too. However the „cloud“ infrastructure brings its own features into the game. This is where things get interesting and where you have to broaden your horizon. Andres Riancho will show you in his talk Pivoting In Amazon Clouds what pitfalls you can expect when deploying code and data in the Amazon Cloud. Classical security tests won’t be enough. The Amazon Elastic Compute Cloud (EC2) is more than just virtual

Read More

1610, 2013

DeepSec 2013 Talk: From Misconceptions To Failure – Security And Privacy In The US Cloud Computing FedRAMP Program

René Pfeiffer/ October 16, 2013/ Conference, Security

The „Cloud“ doesn’t stop when it comes to government data. Once government authorities play with outsourcing a lot more regulations need to be reviewed. Mikhail Utin talks about new results and a continuation of his last presentation at DeepSec conference: Our second presentation at DeepSec on so named “Cloud Computing” (CC) and associated services (CCS) considers practical implementation of the “concept” by US government in its FedRAMP program, which is expected to convert all the government IT services into “cloud” based ones. Our first (DeepSec 2012) presentation considered whether such “concept” is useful to protect privacy and implement such regulation as EU General Data Protection Regulation (GDPR) proposal. In fact, we have shown that CC is a misleading terminology, providing a confusing name to describe well-known IT infrastructure, which is little more than a

Read More

1510, 2013

DeepSec 2013 Talk: The Economics Of False Positives

René Pfeiffer/ October 15, 2013/ Conference

Ever since networks got attacked the victims have thought of ways to detect and prevent attacks. Packet filters were the first idea. Closing a port meant to worry less about applications listening on them. So the trouble of protecting moved to the services that were still exposed. Filtering got more complex, protocols were inspected, signatures were introduced, intrusion detection systems were born. Great – but the attacks didn’t disappear. Instead you got alerts, a lot of them. Some were caused by real attacks, some were false alerts. Enter false positives. Setting off false alarms is a tried and true military tactic. After a couple of false alarms the sentries will probably be less alert. Translated to information security this means that alerts (and log files) will be ignored after a couple of false alerts.

Read More

1110, 2013

DeepSec 2013 Workshop: Exploiting Web Applications Protected By $WAFs

René Pfeiffer/ October 11, 2013/ Conference, Security, Training

We all use web applications on a daily basis. Search engines, portals, web sites, blogs, information pages and various other content accessible by web browsers accompany us every day. This means that web server are the first exposed systems you will have to protect when deploying web applications. Usually you would add filters to your network that inspect access to the software and block any malicious requests. Packet filters were the tool of choice. Now we have application level firewalls to deal with content and protocols used. In the case of web applications the market has introduced a new kind of device: the web application firewall (WAF). In theory WAFs understand HTTP and know how a web browser talks to a web server. In practice no two web applications are alike, because they may

Read More

1010, 2013

Changes to the DeepSec 2013 Schedule – two new Talks

René Pfeiffer/ October 10, 2013/ Administrivia, Conference

We had to change the schedule for the DeepSec 2013 conference slightly. Unfortunately two talks were cancelled, because the speakers could not confirm their presence. We are sorry to hear that, but every one of us know Real Life Interference™ can bust the best of plans. We have replaced the talk slots with submissions by other speakers. We will hear about Uncovering your trails – Privacy issues of Bluetooth Devices by Verónica Valeros & Garcia Sebastian. Bluetooth capabilities are pretty widespread and can be found in devices all over the world – and your workplace, of course. To quote Sheldon Cooper: „Everything is better with Bluetooth.“ And so is attacking devices and leaking information about users and devices. The second talk is pending a description and will be announced in short on our Twitter

Read More

1010, 2013

DeepSec 2013 Talk: The Boomerang Effect – Using Session Puzzling To Attack Apps From The Backend

René Pfeiffer/ October 10, 2013/ Conference, Security

In past centuries attackers used battering rams to break down doors and siege artillery to blast holes into solid fortification walls. These were very tedious undertakings, so using alternate routes – possibly back-doors – were always highly regarded. Nowadays wonderful World of „Cyber“™ is no exception. The modern web-obsessed infrastructure has seen web browsers in local networks being compromised to access web-based back-end systems (through DNS rebinding attacks for example). Management consoles are a prime target, because once you gain access you probably can make the most out of elevated privileges. What about turning the back-end around and attack applications by it? Shay Chen has explored this attack vector and will present details in his talk at DeepSec 2013. Applications security mechanisms, secure software development processes, web application firewalls – collections of countermeasures that turn hacking

Read More

0410, 2013

DeepSec 2013 Workshop: Attacks On GSM Networks

René Pfeiffer/ October 4, 2013/ Conference, Security, Training

Mobile phone networks have penetrated even the most remote areas of the Earth. You can send a tweet from Mount Everest if you like, the cell service is already there. In addition mobile phone networks feature 6 billion subscribers all over the world. Communication by mobile devices has entered the routine of daily life. It’s not all about talking. Smartphone, laptops, tablets and modems access the Internet by mobile phone networks. And as every security specialist knows: If there’s a network, then there are protocols, and these protocols can be attacked. True, it’s not as easy as TCP/IP since mobile phone networks feature sets of more complex protocols. Nevertheless these networks can be accessed, and you cannot block it. This is why you should get in touch with the threats to your organisation. DeepSec

Read More

0310, 2013

DeepSec 2013 Keynote: Geopolitics and the Internet – the Meaning of “Hegemony”

René Pfeiffer/ October 3, 2013/ Conference, Discussion, Internet

Most of us think of the Internet as a place where the world virtually gathers and communicates without boundaries. It is regarded as a „virtual“ space where the confinement by borders of nation states is blurred by digital connectivity. People from all over the globe communicate with each other and form a truly cosmopolitan community. The trouble in paradise starts when countries switch off access to the Internet or prosecute whistle-blowers. Given the ever present notion of „cyber“ war we need to discuss geopolitics. It seems that the USA heavily dominates the Internet and regards it as its territory. Marcus Ranum will address the idea of hegemony and the USA with regards to the Internet in his keynote for the DeepSec 2013 conference: So, the topic is “the meaning of hegemony” – what does

Read More

2609, 2013

DeepSec 2013 Workshop: Developing and Using Cybersecurity Threat Intelligence

René Pfeiffer/ September 26, 2013/ Conference, Security Intelligence, Training

The arsenal of components you can use for securing your organisation’s digital assets is vast. The market offers a sheer endless supply of application level gateways (formerly know as „firewalls“), network intrusion detection/prevention systems, anti-virus filters for any kind of platform (almost down to the refrigerator in the office), security tokens, biometrics, strong cryptography (just stay away from the fancy stuff), and all kinds of Big Data applications that can turn shoddy metrics into beautiful forecasts of Things to Come™ (possibly with a Magic Quadrant on top, think cherry). What could possibly go wrong? Well, it seems attackers still compromise systems, copy protected data, and get away with it. Security often doesn’t „add up“, i.e. you cannot improve your „security performance“ by buying fancy appliances/applications and piling them on top of each other. What

Read More

2509, 2013

Workshops at DeepSec 2013 – One/Two Days and Dates

René Pfeiffer/ September 25, 2013/ Administrivia, Conference, Training

In case you are interested in attending a training at DeepSec 2013: We have changed the standard two day format for two of the nine workshops. The „Social Engineering Awareness Training“ and the „Secure Your Business By Business Continuity Plans“ workshops are the only courses that will be held for one day. The dates are: 19 November 2013 for the „Social Engineering Awareness Training“ 20 November 2013 for the „Secure your Business by Business Continuity Plans“ workshop We will add the dates to the ticket categories accordingly.

2509, 2013

DeepSec 2013 Workshop: Social Engineering Awareness Training – Win A Free Ticket!

René Pfeiffer/ September 25, 2013/ Conference, Training

“If a tree falls in a forest and no one is around to hear it, does it make a sound?” You probably know this question. It’s a philosophical thought experiment questioning observation and knowledge of reality. There is a similar gedankenexperiment for information security: “If your organisation receives a spear phishing e-mail and no one is around to read it, does it create a security breach?” Communication is essential for everyone these days. If you run a business, you are forced to deal with communication on a daily basis. This didn’t start with the Internet. The telephone was first, and before there were letters and all kinds of ways to relay word from A to B. It’s a good idea to go back in time to avoid being distracted by technology but Trojan Horses

Read More

2309, 2013

DeepSec 2013 Workshop: Secure your Business by Business Continuity Plans

René Pfeiffer/ September 23, 2013/ Conference, Training

Quite a lot of companies stay in business, because they operate continuously and reliably. Few have the luxury to close shop for an extended period of time. If you do, then you are either fabulously successful or in deep trouble. Regardless of what you have in mind for your enterprise you should think of implementing a business continuity plan (BCP) sooner or later. Since designing and implementing a BCP is no piece of cake, we offer you a one day training at DeepSec 2013 where you can get started. The workshop will be conducted by Michel Wolodimiroff, who has over 25 years of experience in dealing with information technology. He will walk you through all bad dreams  of failing infrastructure, data loss, compromised systems, and worse catastrophes you might not even have thought of.

Read More

2209, 2013

DeepSec 2013 Schedule is Final!

René Pfeiffer/ September 22, 2013/ Administrivia, Conference, Schedule

The schedule for DeepSec 2013 is final. We had to rearrange some talks, because not all of the speakers we selected confirmed their appearance (that’s real life interference; we hope to see them at some future DeepSec events). The topics look great! We hope you get as much restless nights worrying about your data and infrastructure as we do! ☺ The workshop line-up is especially impressive. It now features 9 trainings in total. Two of the trainings are one day courses, so it might be easier to convince your workload to squeeze some lectures by experts into your busy schedule. This year’s workshops allow you to learn about attacking GSM networks (and thus their clients!), web applications (and their clients too), people (don’t pick up the phone!), IDS/IPS systems (we bet you never saw

Read More

2109, 2013

DeepSec 2013 Talk: Europe In The Carna Botnet – Telnet’s Threat To The Largest Economy

René Pfeiffer/ September 21, 2013/ Conference, Security

Botnets have been around since 1999. These herds of networked and compromised systems (called zombies) are the tool of the trade for many groups. It’s the  zombie outbreak of the information age. The analysis of existing botnets is an important task of security researchers around the globe. The study of the malware involved, the infection process and the inter-node communication of the infected systems is crucial for the dismantling of the botnet. Therefore we are happy to present Parth Shukla’s talk on the Carna botnet. It was created by an anonymous hacker to create a census of the (IPv4) Internet. Parth has been analysing the devices that formed part of the Carna Botnet. The data concerning the devices was provided by the anonymous researcher. He has distributed the relevant data to many CERTs and

Read More