Tag Archive

Binary Blob Apocalypse – Firmware + Cryptography = less Security

Published on November 6, 2018 By lynx

A couple of years ago we had a chat with one of our sponsors, Attingo. They are specialised in data recovery from all kinds of media and in all kinds of conditions. Since vendors keep secrets from the rest of the world, the data rescuers do a lot of reverse engineering in order to decode […]

Whatever happened to CipherSaber?

Published on September 11, 2018 By lynx

Some of you still know how a modem sounds. Back in the days of 14400 baud strong encryption was rare. Compression was king. Every bit counted. And you had to protect yourself. This is where CipherSaber comes into play. Given the exclusive use of strong cryptographic algorithms by government authorities, the CipherSaber algorithm was meant […]

DeepSec 2018 Talk: Cracking HiTag2 Crypto – Weaponising Academic Attacks for Breaking and Entering – Kevin Sheldrake

Published on September 6, 2018 By sanna

HiTag2 is an Radio-Frequency Identification (RFID) technology operating at 125KHz.  It is distinguished from many others in the same field by its use of 2-way communications for authentication and its use of encryption to protect the data transmissions – the majority of RFID technologies at 125KHz feature no authentication or encryption at all.  As a result […]

Upgrade to HTTP2

Published on March 23, 2018 By lynx

We are busy with a little housekeeping. Among other things we have changed the way you can access our blog. It is now using HTTP2. We also added encryption and redirect all HTTP requests to HTTPS. Search engines should update their caches as soon as they refresh the pages. Hopefully this does not break anything. […]

The only responsible Encryption is End-to-End Encryption

Published on October 30, 2017 By lynx

Last week the Privacy Week 2017 took place. Seven days full of workshops and presentations about privacy. This also included some security content as well. We provided some background information about the Internet of Things, data everyone of us leaks, and the assessment of backdoors in cryptography and operating systems. It’s amazing to see for […]

DeepSec 2017 Talk: BitCracker – BitLocker Meets GPUs – Elena Agostini

Published on October 25, 2017 By sanna

Encryption and ways to break it go hand in hand. When it comes to the digital world, the method of rapidly using different keys may lead to success, provided you have sufficient computing power. The graphics processing units (GPUs) have come a long way from just preparing the bits to be sent to the display […]

The Future of Entangled Security States – Quantum Computing Conference in Berlin

Published on May 25, 2017 By lynx

Quantum computing is a fashionable term these days. Some IT news articles are talking about post-quantum cryptography, qbits, and more quantum stuff. If you don’t know how the terms relate to each other, what entangled states in quantum physics are, and what everything has to do with computing, then you will have a hard time […]

Applied Crypto Hardening Project is looking for Help

Published on April 25, 2017 By lynx

Hopefully many of you know the Applied Crypto Hardening (ACH) project, also known as BetterCrypto.org. The project was announced at DeepSec 2013. The idea was (and is) to compile hands-on advice for system administrators, dev ops, developers, and others when it comes to selecting the right crypto configuration for an application. The BetterCrypto.org document covers […]

Putting the Context into the Crypto of Secure Messengers

Published on January 21, 2017 By lynx

Every once in a while the world of encrypted/secure/authenticated messaging hits the wall of usability. In the case for email Pretty Good Privacy (PGP) is an ancient piece of software. These days we have modern tools such as GnuPG, but the concept of creating keys, verifying identities (i.e. determining who is to trust), synchronising trust/keys […]

DeepSec 2016 Talk: Systematic Fuzzing and Testing of TLS Libraries – Juraj Somorovsky

Published on November 8, 2016 By sanna

In his talk Juraj Somorovsky presents TLS-Attacker, a novel framework for evaluating the security of TLS libraries. Using a simple interface, TLS-Attacker allows security engineers to create custom TLS message flows and arbitrarily modify TLS message contents in order to test the behavior of their TLS libraries. Based on TLS-Attacker, he and his team first developed a two-stage TLS fuzzing approach. […]

DeepSec 2016 Talk: TLS 1.3 – Lessons Learned from Implementing and Deploying the Latest Protocol – Nick Sullivan

Published on October 19, 2016 By sanna

Version 1.3 is the latest Transport Layer Security (TLS) protocol, which allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery. TLS is the S in HTTPS. TLS was last changed in 2008, and a lot of progress has been made since then. CloudFlare […]

Firmware Threats – House of Keys

Published on September 10, 2016 By lynx

SEC Consult, our long-term supporter, has updated a report on the use of encryption keys in firmware. These hardcoded cryptographic secrets pose a serious threat to information security. The report features 50 different vendors and has some interesting statistics. The results were coordinated with CERT/CC in order to inform the vendors about the problem. The […]

DeepSec 2016 Workshop: Deploying Secure Applications with TLS – Juraj Somorovsky

Published on September 9, 2016 By sanna

Cryptography is all around us. It has become something like the background radiation of the networked world. We use it on a daily basis. Since nothing usually comes into existence by mistake, there must be someone responsible for deploying this crypto stuff. You are right. Software developers, mathematicians, engineers, system administrators, and many more people […]

Deep Sec2016 Talk: DROWN – Breaking TLS using SSLv2 – Nimrod Aviram

Published on September 5, 2016 By sanna

In the past years encrypted communication has been subject to intense scrutiny by researchers. With the advent of Transport Layer Security (TLS) Internet communication via HTTP became a lot more secure. Its predecessor Secure Sockets Layer (SSL) must not be used any more. The real world has its own ideas. SSLv2 and SSLv3 is still […]

OpenPGP.conf is calling for Content

Published on July 30, 2016 By lynx

If you don’t know what PGP means (or GPG), you should consult your favourite search engine. While it has a bad reputation for its usability, it is a lot more useful than the rumours might suggest (please attend your local CryptoParty chapter for more details). This is why the German Unix Users Group organises an OpenPGP.conf […]