1705, 2011

Mobile Security and authTokens

René Pfeiffer/ May 17, 2011/ Security

Recently we mentioned the topic of mobile security in this blog since it keeps being addressed by security researchers. Now there’s something that can be combined by networking, defective by design and mobile security. German security researcher from the University of Ulm have explored a flaw in Google’s ClientLogin protocol. The initial idea stems from Dan Wallach, who took a closer look at the transmissions of an Android smartphone. The authentication token is sent via unencrypted HTTP which means it can be seen by attackers on the same network. Since the token is your key to online services and is probably used by apps dealing with your calendar, contacts or private pictures, an attacker has full access to this data (or any other data an app deals with via the network). Reading, manipulating or

Read More

1305, 2011

DeepSec 2011 Focus: IPv6 and Next Generation Networks

René Pfeiffer/ May 13, 2011/ Administrivia, Conference

Since 3 February 2011 the IPv4 pool is now officially and fully depleted. „Peak IPv4“ was a long time ago. IANA can no longer hand out any IPv4 address space. Everyone who needs more address space will be force to look to IPv6. What about security? Are there any benefits? Has IPv6 eliminated all the weaknesses known with IPv4? Those who attended DeepSec 2010 already know the answers to these questions. Mark Heuse conducted a workshop and held a talk about IPv6 security. There’s no doubt that IPv6 is coming to town. Due to tunnels some networks even have IPv6 connectivity, some without even knowing. Setting up a tunnel with a router in your local network is easy. The router will announce itself to local nodes which will in turn automatically grab addresses and

Read More

1504, 2011

DeepSec 2011 – Call for Papers opened!

René Pfeiffer/ April 15, 2011/ Administrivia, Conference

For the fifth time the DeepSec In-Depth Security Conference invites security researchers and professionals to submit suggestions for talks and workshops for our conference which will take place in November 2011 in Vienna. Please visit our updated website for more details about the venue, the schedule and information about our past conferences. We’re currently migrating the old content and collect the data from the old server in order to present archives of the past conference web sites. The DeepSec offers a mix of different topics and aspects like current threats and vulnerabilities, social engineering and psychological aspects as well as security management and philosophy. Our speakers and trainers traditionally come from the security community, companies, hacker spaces and academic organisations. We’ve updated the CfP, and you can submit content for three categories: Talks for

Read More

0504, 2011

BSidesVienna: Call For Papers

René Pfeiffer/ April 5, 2011/ Administrivia, Conference

In the wake of the 23rd annual FIRST conference there will be a B-Sides Vienna event together with the NinjaCon 11, 3rd edition. The B-Sides Vienna will be on June 18th, as will be the NinjaCon 11. The Call For Papers is now open and we ask you to submit your material! At B-Sides Vienna aka NinjaCon 11, we’re looking forward to see a selection of trainings, hands-on workshops, 50-minute presetations and 15-minute lightning talks. As we understand ourselves as an open, international event, the official conference language for all talks, trainings and workshops (as well as submitted abstracts), as always, is English. Topics of interest include (but are in no way limited to) the following: Information technology, network security, web application security, virtualisation and cloud computing, innovative attack strategies, forensics, embedded devices, physical

Read More

1403, 2011

DeepSec 2011 – Call for Papers out soon

René Pfeiffer/ March 14, 2011/ Administrivia, Conference

We’re currently working on the Call for Papers for DeepSec 2011. The conference will take places from 15 to 18 November 2011, so you might want to save this date and mark it in your calendar. Mobile gadgets, the wonderful world of app stores filled with mal- and software, infrastructure and information war(rez)fare are top on the list of Things To Watch Out For™. We will sum up what we’re after in the CfP published on our new web site.

1501, 2011

FIRST Conference in Vienna

René Pfeiffer/ January 15, 2011/ Conference

2011 is already in full swing. That’s why we have an announcement for you. The 23rd annual FIRST Conference will take place in Vienna, Austria. We strongly recommend to participate. IT security never sleeps, and neither should you – at least when it comes to getting new ideas and get into touch with others. We will be there, so it would be great to meet you. Make sure you drop us a line, so we know you are around. If you have material for a lightning talk, there’s still time to get a slot. You just have to contact the conference office by e-mail. The address can be found on the conference program web site.

1911, 2010

Schedule is stable

René Pfeiffer/ November 19, 2010/ Schedule

The schedule of DeepSec 2010 has been declared stable¹. Unfortunately three speakers had to cancel their presence because of unforeseen reasons. We have managed to fill the slots, so that we have a full schedule and lots of issues to think about. The schedule on the web will now be frozen for print. Any further changes will always be reflected on our web site. We’re looking forward to see you all! ¹ We thought it would be a good idea since declaring code stable is common in software development. ☺

0709, 2010

DeepSec conference focuses on the precarious security situation in the world-wide mobile phone network

René Pfeiffer/ September 7, 2010/ Press

DeepSec 2010 features 33 talks and 8 workshops by international experts Vienna, 31 August 2010. The international security conference DeepSec brings together the world’s elite in network security and hacking in Vienna from 23 to 26 November 2010. This year, the conference focuses on the security of mobile systems and their users, as well as on the next-generation infrastructure. IT and security companies, users, officials, researchers and the hacker community have the opportunity to take part in the conference with 33 talks and 8 workshops scheduled this year. “We are happy to offer for the fourth time so many experts the chance to exchange ideas and experiences on the most important security issues of everyday IT work in our modern days”, says René Pfeiffer, organiser of DeepSec. Live attacks on iPhone through a weak

Read More

2008, 2010

Schedule for DeepSec 2010 published

René Pfeiffer/ August 20, 2010/ Schedule

Reviewing the submissions took us a while longer than anticipated. The reason was the high-quality content you submitted. We had to make some tough decisions and could have easily filled three or four days of In-Depth security talks and many more workshops. We hope that the schedule we published yesterday satisfies your interest and gives some CIOs something to think about. We tackle the security of the GSM network (which is failing, as was reported at DeepSec 2009 already). We also show you how to probe the security of GSM networks (there’s a whole two-day workshop if you want to dive into the gory details). Watch out for remote binary planting! Just yesterday Mitja Kolsek reveiled that about 200 Microsoft Windows applications are vulnerable to remote code execution. We deal with SAP security by

Read More

1108, 2010

CfP revision is almost done

René Pfeiffer/ August 11, 2010/ Administrivia, Schedule

We’re almost finished with the review of presentations and trainings submitted via the Call for Papers form. Everyone will get a notification during the next couple of days. You really sent us a lot of high-quality content, and we are proud to set the stage for your research results. Some vendors might not be as happy as we, but let’s see what happens. Expect the preliminary schedule soon.