1707, 2010

In-Depth Security Conference DeepSec Tackles Mobile Data Assaults

René Pfeiffer/ July 17, 2010/ Press

Vienna – it’s the 4th time that the international IT security conference DeepSec calls the world’s elite from the sectors Network-Security and Hacking together. From the 23rd until the 26th of November 2010 the conference focuses on mobile security (for users and gadgets alike) and Next Generation Infrastructure. „After the success of DeepSec 2009 we try once again to present exciting and controversial topics.  It’s our aim as a neutral platform to bring Hacker-Community, IT- and Security companies, users, government agencies and researchers together to interact and exchange experience and thoughts in workshops and talks.”, prompts René Pfeiffer – one of DeepSec’s organisers. The call for papers is still going until the 31st of July and young security researchers can register for  special support in this year’s U21 programme (U21 means under 21 years

Read More

0107, 2010

Sneak Preview – Workshop about Advanced PHP Security

René Pfeiffer/ July 1, 2010/ Schedule

Our CfP ends on 31 July 2010, so we start publishing information about some of the submissions in advance. We got the confirmation from Laurent Oudot, founder of TEHTRI-Security, concerning the Advanced PHP Hacking training. The workshop will deal with breaking into PHP environments, methods of attackers once they are inside, defense against intruders and real hack simulations. This is a hands-on exercise guided by TEHTRI Security experts. Everyone running, developing or auditing PHP web applications should attend. Knowing how attacks work is the first step of avoiding them. When it comes to web applications, there is no silver bullet. You have to deal with the hosting environment, known about possible vulnerabilities, learn about the tools attackers use and then you can tune your defenses. Code analysis, filters, fuzzing, NIDS and hardening alone are

Read More

2406, 2010

Native Code Protection and Security

René Pfeiffer/ June 24, 2010/ Development, Internet

The Mozilla vice president of products announced that Firefox doesn’t need to run native code anymore when it comes to plugins. The idea is called crash protection for it aims to keep the web browser alive when a plugin fails to run correctly. At the same time the magical words about the future being in the hands of (open) web standards and HTML5 are uttered. What does this imply in terms of security? Is there any benefit? The thought of having more reliable web browsers is certainly tempting. It is also true that overloading the browser with plugins increases the „angle of attack” to the point of stalling or most probably catching some malware floating around on the Web. The message seems to be that seperating vulnerable plugins from the browser doesn’t rule out

Read More

1906, 2010

Call for Papers – Reminder

René Pfeiffer/ June 19, 2010/ Schedule

Our Call for Papers is still running until 31 July 2010. We already have some very interesting talk and workshop submissions. Two experts cover the black magic of the last mile and network backbones. Clearly this is critical infrastructure and is often neglected when implementing security measures. Few administrators put their firewalls in front of the ISP’s modem. There are attacks against infrastructure. Wireless networks illustrate this problem very well. Strangely when it comes to wired networks people think of them as more secure. True, wired connections cannot be accessed through thin air, but this doesn’t immunise them against threats on the infrastructure level. Routing protocols, administrative interfaces, unpatched firmware, bugs, noisy broadcasts and network design errors can lead to a fertile ground for a compromised network well before your firewall kicks in. So

Read More

0406, 2010

Hello, Internet!

DeepSec Organisation/ June 4, 2010/ Administrivia

The DeepSec organisation team has started their own blog! We try to publish some information around our conference and about all things related to security (or simply everything related to broken things). Stay tuned!