1811, 2011

Thanks for attending DeepSec 2011!

René Pfeiffer/ November 18, 2011/ Conference

The DeepSec 2011 has ended. We enjoyed meeting all of you and hope to have fulfilled our role as a catalyst. We had some great talks, great discussions, and shared thoughts, insights and different views concerning security and insecurity alike. We hope your professional paranoia doesn’t keep you from getting sleep. We will follow the press coverage in our blog and link to articles. Golem has produced video interviews which will be published soon. Our own video team will retreat to the rendering farm and post-process the raw video data. As soon as we have collected all slides from our speakers, we will put them to the archive (and publish the link). We thank all the speakers for the superb material they presented! Without talks there would be no DeepSec at all. We thank

1811, 2011

First Press Coverage of DeepSec 2011

René Pfeiffer/ November 18, 2011/ Conference, Press

The first articles about DeepSec 2011 are online. Most of them are in German, so you might want to use Google Translate for it. In addition Golem will publish video interviews with selected speakers soon (we will tell you as soon as they are available). Wie Terroristen verschlüsseln Duncan Campbell talks about encryption and compares it to the real world. There have been a lot of rumours about terrorist groups using modern encryption. The reality looks a bit different. Tools like PGP are around, but some groups still rely on substitution and transposition ciphers. Managing keys of modern cryptography and handling the tools isn’t as easy as changing clothes. Procedures, procedures, procedures, ask the auditors. Das Streben nach dem Cyber-Weltfrieden Stefan Schumacher illustrates the concept of cyber-peace described in his talk yesterday. Everyone invests

1111, 2011

Talk: Advances in IDS and Suricata

René Pfeiffer/ November 11, 2011/ Conference

Intrusion Detection Systems were very much in demand over 10 years ago. The widely known Snort IDS software is a prominent tool. Other vendors have their own implementations and you can readily buy or download thousands of rules distributed in various rule sets. Cranking up the sensitivity will then easily give you more alerts than you will ever be able process sensibly. This is the mindset that settles once they hear „IDS“ or „IPS“. We don’t think this view is still true. That’s why Victor Julien and Eric Leblond, Open Information Security Foundation, will talk about Advances in IDS and Suricata at DeepSec 2011. You have probably heard of Suricata, the next generation intrusion detection engine. Development of Suricata started in 2008 and war first released as stable in December 2009. Past DeepSec conferences featured

0811, 2011

Conference Network Survival Guide for DeepSec 2011

René Pfeiffer/ November 8, 2011/ Administrivia

For all of you who frequently visits „hacking hot spots“ this should be familiar. For all others who blindly trust the Net it should be a wake-up call. Here’s a short and probably incomplete check-list in case you are preparing for DeepSec 2011 or any other event with a public Internet access (the CCC has a more complete list on their event web site). Secure your operating system (vendor and type doesn’t matter). Backup your data. Do run a firewall or a similar filter on your device (vendor and type doesn’t matter). The hostile network starts right at your antenna or Ethernet jack (again regardless of vendor and layer 1 technology). Try to use a VPN tunnel to a trusted network (such as your company or home network). Tunnel all traffic through your VPN

0411, 2011

Talk: On Cyber-Peace – Towards an International Cyber Defense Strategy

René Pfeiffer/ November 4, 2011/ Conference

While UK is preparing for war we’ll try something completely different at DeepSec 2011. We will talk about peace („cyber-peace“ to be exact). The ill-defined term cyber-war is haunting media, security communities, politics and the military for a while now. We already had talks about this at past DeepSec conferences. Cybersecurity is currently a big hype even in mainstream media like the Frankfurter Allgemeine Zeitung, The Guardian or The New Yorker. Exploits and Vulnerabilities like Stuxnet or the German Trojan Rootkit for Lawful Interception are discussed in prime time news. Hackers like the Chaos Computer Club offer technical advice to the German Parliament and the highest court, the Federal Constitutional Court. Due to the constant work of security experts, researchers and hackers (including some really cool media fnords and stints), the level of security

0311, 2011

DeepSec 2011: Techniques de cryptage des cellules terroristes, espionnage GSM, piratage informatique

René Pfeiffer/ November 3, 2011/ Press

Du 15 au 18 novembre 2011, la cinquième édition de la conférence DeepSec réunira les plus grands spécialistes internationaux de la sécurité des réseaux et du piratage autour du thème de la sécurité informatique. Les principaux sujets abordés: techniques de cryptage des cellules terroristes, sécurité des systèmes de communication mobiles et de leurs utilisateurs et enfin, infrastructures de sécurité de la prochaine génération numérique. “Nous avons voulu, cette année encore, aborder des thématiques passionnantes et sujettes à controverse. Les sept workshops et les trente-quatre interventions de la conférence concernent directement ou indirectement une grande partie de la population” explique René Pfeiffer, organisateur du DeepSec. “C’est le cas notamment des tentatives de piratage constatées sur les réseaux GSM. C’est également le cas des problèmes de sécurité rencontrés sur IPv6 (Internet Protocol version 6), un protocole

0311, 2011

Talk: Laws, Compliance and real Life

René Pfeiffer/ November 3, 2011/ Conference

If you believe that computer security is all about having the right tools and an expert staff, then you are mistaken. Never forget why you have computers in the first place – because of your business. Mikhail Utin will shed light on the corporate side of security by talking about laws, compliance and real life (full title of his talk is US experience – laws, compliance and real life – when everything seems right but does not work). While information security can be improved in a number of ways, one powerful approach is continually overlooked by security researchers. This approach constitutes a collective effort by masses of computer users, where each individual has a very limited understanding of information security and is frequently forced to improve security by various laws and regulations. Pressure coming from

0211, 2011

Talk: Defeating BlackBerry Malware & Forensic Analysis

René Pfeiffer/ November 2, 2011/ Conference

Mobile phones have caught up on the malware side. Your phone can most probably now be infected by malicious software and be part of a botnet in the worst case. How do you analyse compromised devices? Do you have the right tools at hand? Maybe you don’t need any tools for you won’t find anything. Sheran A. Gunasekera explains in his talk Defeating BlackBerry Malware & Forensic Analysis at DeepSec 2011 how the forensic analysis of malware can be defeated. In the recent years, more prominence has been given to BlackBerry malware either in the wild or to commercially available kinds. Traditionally, using signature based malware scanners have been the way to detect and remove these malicious programs. Most smartphones can be fitted with anti-virus/-malware scanners these days. However Sheran will look at a different

3110, 2011

Lessons in Trust and Malicious Code from the Staatstrojaner

René Pfeiffer/ October 31, 2011/ Security

Since it is Halloween we will beat an undead horse in our blog today. Zombies are all the fashion both in literature and on your computer. The question is: Are all zombies alike? Are there good and bad zombies, or only bad ones? How can you distinguish between good and evil intentions if all you got is a compromised system? It all boils down to trust, and the zombie in question is (again) the German Federal Trojan („Staatstrojaner“). The German magazine Telepolis published an article that compares the statement of Jörg Ziercke, the head of the German Federal Criminal Police Office (Bundeskriminalamt or BKA), to the words of Rudyard Kipling’s python Kaa. The basis for this analogue are Mr. Ziercke’s claims stem from leaked notes of his speech in the commission of the German

3110, 2011

Defending against the Hype of Advanced Persistent Threat (APT)

René Pfeiffer/ October 31, 2011/ Security

Many articles like to mention Advanced Persistent Threat (APT), point out that 0-day attacks are extremely dangerous, and that anyone and your neighbour might already be compromised, but doesn’t know about it. So APT casts a long shadow even when not having arrived yet. This is exactly why we used the word „hype“ in the title. If you are not feeling very well and you look up symptoms in popular search engines, then you suddenly end up with lots of diseases that might fit. Doing this won’t change anything, you still got the symptoms and you still got no idea what’s going on. Reading information on security breaches alone won’t alone won’t get you anywhere (currently you can find some news on the RSA hack online). Exchanging ideas and hearing about stories is fine,

3010, 2011

Talk: Bond Tech – I Want More Than Movie Props

René Pfeiffer/ October 30, 2011/ Conference

I watched „Bolt“ with my daughter yesterday. She’s still young and needed some time to distinguish fiction from reality, just like Bolt himself. If you regularly use (security) tools, then you might get a bit jealous about all these super-science skills and gadgets. This is especially true when it comes to the toys of James Bond. These questions arise: Does your software think it has super-powers, and when do we get these cineastic power tools on steroids just like in the films? Kizz MyAnthia of Halock Security Labs will address both questions in his talk at DeepSec 2011. There’s no doubt about it, you want these super-tools. We all do. So when do we get them? Well, soon or maybe never, but if you deal with information security (or vice versa) you have to

2710, 2011

Talk: The Security of non-executable Files

René Pfeiffer/ October 27, 2011/ Conference

Recent security incidents push the imagination of some people to the limits. On today’s menu are U.S. Government satellites (done before albeit with a different vector), insulin pumps, automatic teller machines, smartphones linked to cars, and even vending machines in wilderness resort parks. What’s next? Executing code by the use of postcards or printed newspapers? Exactly! You probably recognise this phrase: „This is a data file, it can never be executed as code.“ It’s nice to think of bits and bytes neatly separated into code and data. In fact some security models encourage this approach. In practice data tells a different story. You have very elaborate document and data formats with thousands of pages of specification. PDF, rich media and office documents are way more complex than you might think. This is why Daniel

2610, 2011

Talk: FakeAntiVirus – Journey from Trojan to a Persisent Threat

René Pfeiffer/ October 26, 2011/ Conference

You run the latest software defending you against malicious code. You have your best filters deployed. Your firewalls are tight as granite. Your crypto is flawless. Your authentication is watertight. But you’re still being attacked and have probably been compromised. What happened? There’s always the attack vector through social engineering. Combine this with a web site or a dialogue box that warns your staff about a potential security breach and tricks them into installing code manually, most commonly by disguising as Anti Virus software (hence the name FakeAntiVirus). Infection can be done by browser plug-in / add-on (think toolbars or other convenient items) or more complex means. Once the tool is installed, it takes control of your system(s), phones home or does other tasks as told by its new owner. Provided the cover is

2410, 2011

Dissection of Malware and Legality

René Pfeiffer/ October 24, 2011/ Discussion, Security

You have probably seen the articles about the 0zapftis (a.k.a. the German Federal Trojan) malware used by the German police for investigation. There’s a lot going on in Germany and the German parliament, so we’d like to point out the issue of dissecting governmental malware and its relation to common sense and the law. The politician Patrick Sensburg accused the Chaos Computer Club to have thwarted investigations and thus the punishment of potential perpetrators. This violates German law (§ 258 Strafvereitelung, to be exact, description is in German). So is it legal to analyse malicious software or is it illegal? Mr. Sensburg has already answered three questions regarding his statements in parliament. He clarified his message. He criticises that the code had been published on the Internet instead of contacting the appropriate government agencies.

2210, 2011

Stealing Digital Assets with Knives

René Pfeiffer/ October 22, 2011/ Discussion, High Entropy

This article on the ElReg® web site caught my attention today. Police forces in England and Wales read the statistics stemming from crime reports more closely. They think to have found a correlation between the increase of robbery and robbery with knives and the demand for smartphones to sell on the black market. The stolen devices could now be in demand for the hardware (probably), the software (doubtful) or the identity information stored on them (what about this, then?). The protection level of personal data and identity information is quite low for most phone owners. Of course, there are „lies, damned lies and statistics“ and you have to be careful to draw conclusions from a quick glance of a news article. Then again correlations is what you are interested in when building your radar.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: