DeepSec conference focuses on everyday devices as a risk for corporate IT. Attacks on the digital infrastructure of companies, authorities and organizations are often staged as a cinema spectacle in the reporting. Unfortunately the opposite is the case. A burglary in digital infrastructure happens without any broken glass or smashed doors. Attackers can only be successful if superficially everything continues as before. They don’t come through the windows or the underground car park, but via everyday applications on the desktop or smartphone. This year’s DeepSec security conference is therefore trying to sharpen the view on everyday life in the office and at the workplace. Two-day training sessions are offered focusing on workplace hazards, as well as two days of lectures to bring you up to speed. War for the desktop and personal devices Few
Press Release: Modern Desktops as a Security Hole – DeepSec Conference offers Trainings and Tests for Secure Applications
What do a modern office application and a fancy oil pipeline have in common? A desktop that led to disaster. Graphical interfaces for operating computers go back to research in the 1960s and 1970s. At that time people thought about how computers can best support people. By the 1990s at the latest, the desktop became a battleground for market dominance. That has stayed the same, only there are additional security aspects. After all, the desktop is often the first step from an attacker to a company’s digital treasures. The annual DeepSec conference offers security experts and developers a two-day crash course on desktop security. No attack without interaction Many successful attacks on companies or infrastructure depend on cooperation with the victims. Malware is executed using tricks and only then does it compromise the system.
Have you ever asked these questions? You are using the latest mobile and using your laptop with the latest and patched OS, running antivirus: Do you need to worry about security? Isn’t there still something broken in the entire security and permission model? Why can the desktop application, that is not an internet browser, access and communicate by using any IP address? Why can the application access your whole filesystem and collect the files from there? Why can an android app with internet permission communicate using any arbitrary IP, even a private one? Why can the app communicate by using different domains? Isn’t the app market ecosystem creating a friendly environment for botnets? This talk will shed some light on these issues and propose some mitigation strategy. We have asked Martin a few more
Last week the EU’s statistics office published statistical data about the state of anti-virus protection and virus infections. According to the figures nearly a third of Europe’s PCs carry some kind of malware. Although it is difficult to assess the accuracy or methods of studies, this figure is hardly surprising. Anyone who has ever dealt with filtering messages, web content or any other data entering the perimeter of your network knows about the positives and negatives, be them false or true. The problem starts with UBE/UCE (a.k.a. spam) filtering and continues right into the domain of malware. Just as their biological counterparts a computer malware, indiscriminately called virus, changes its shape and flavour. We had a talk from Joan Calvet about the Tripoux project. They analyse malware packers. If you have seen the branch