DeepSec supports Security B-Sides London 2013

René Pfeiffer/ December 11, 2012/ Conference

We are happy to announce that we will support the Security B-Sides London 2013! Specifically we support the BSides London “Rookie Track”, and we offer a ticket for DeepSec 2013 including two nights at the conference hotel in Vienna. There’s also a special arrangement covering a flight to Vienna and back. We believe in new ideas and new perspectives. That’s why we offer special slots at our conference for young security researchers (the U21 category marked in our CfP form). We will be present during the “Rookie Track” talks during BSides London. DeepSec wishes to encourage any kind of security research by supporting curious and talented researchers. Never having presented results in public should be no reason not to share them with all of us. We believe that the idea of having mentors and

Read More

DeepSec 2012 Showcase: Cuteforce Analyzer

René Pfeiffer/ November 13, 2012/ Discussion, Security

The University of Applied Sciences Upper Austria will be showing the Cuteforce Analyzer at DeepSec 2012. This beast is a massively parallel computing cluster for cryptographic applications. The goals of this project was to develop a cluster framework and to evaluate suitable hardware. The cluster itself utilises two different types of co-processors, namely the well-known graphics processing units (GPUs) also used in super-computing, and field-programmable gate arrays (FPGAs). Both types of processors have their strength and weaknesses, both depending on the algorithm being executed on the hardware. The cluster framework connects both hardware platforms, and assigns computing tasks according to the advantages of the co-processor. Thus you get to use all the advantages; in addition the framework software makes sure that you can use the different hardware processors as a whole. The research team

Read More

DeepSec 2012 Training: SAP Security In-Depth

René Pfeiffer/ November 2, 2012/ Security, Training

Your SAP installation is probably the most critical system in your company’s infrastructure. At the same time the informations accessed and processed by SAP systems origin from many sources. Securing infrastructure with this complexity is not an easy task, and testing your security measures requires a great deal of knowledge and training. In addition your will probably run web services talking to your SAP system – which is quite handy for attackers. In case you are short on knowledge about your own SAP deployment, there’s help. There will be an SAP security workshop at DeepSec 2012! The SAP Security In-Depth training will show you how to find out if your SAP infrastructure is secured. Knowing about segregation of duties and securing roles and profiles is fine in theory, but you have to make sure

Read More

DeepSec 2012 Workshop: Web Application Penetration Testing

René Pfeiffer/ October 11, 2012/ Conference, Training

If eyes are the window to your soul, then web applications are the gateways to your heart. Of course this is only a figure of speech, but once you take a look at security incidents and the role of web applications, then you get the idea of the analogy. Web applications are everywhere. It’s not always about your favorite intranet application. A lot of devices run web applications, too. And there are portals which really give you access to a whole variety of information and services. Speaking of services, you can have application programming interfaces (APIs), too. APIs usually do not talk to humans, but maybe they can be automated to do Bad Things™. This is where penetration testing comes in. Ari Elias-Bachrach will teach you how to approach web applications in the context

Read More

Securing Walled Gardens

René Pfeiffer/ May 31, 2012/ Discussion, Security

Setting up walled gardens around fancy mobile devices (and probably other computers) is very fashionable among vendors. In theory there is a controlled environment where malicious software is virtually unknown. The vendor can implement a strict quality assurance and can tether any aberrant developers to policies. Since a wall is a fundamental security device the vendor gets the psychological bonus of users feeling protected. So with all security issues solved there is no need to break out of the walled garden, right? How do you explain this tweet about the newly released Absinthe jailbreak then? @chronicdevteam: Some stats since release of #Absinthe – 211,401 jailbroken iPad3’s and 973,086 devices newly jailbroken! If walled gardens are so perfect, why do millions of users want to break out? Paul Ducklin has explored this phenomenon in an

Read More

Unlearn to Hack?

René Pfeiffer/ May 6, 2012/ Discussion, High Entropy, Security

Security is heavily influenced by the inner workings of the (human) mind. We all know about social engineering and tricks used by con men. The game of smoke and mirrors now hits the „uncontrolled spread of hacking tools“. We have already pointed out that the European Union is preparing a proposal for „banning“ „hacking tools“. There is now a case on-line where a print magazine was allegedly removed from the shelves of Barnes & Noble. Apparently the cover story was too dangerous, because it announced how to „teach you to break into networks, exploit services running remotely, beat encryption techniques, crack passwords, and more.“ The real dark side of this story is that these skills are discussed at most self-respecting security conferences. These skills are even part of a very basic job description in

Read More

What is a Hacker Tool and how do you ban it?

René Pfeiffer/ April 25, 2012/ Discussion, Internet, Stories

What exactly is a hacker tool? The answer to this question depends on who you ask. To McGyver it would probably everything, to a hacker it would be any suitable tool and to a politician it would be anything that cannot be easily understood. The English Wikipedia has no entry on hacker tool. So what is it and why should we care? Care comes first. We have to care because the European Union is working on banning hacking tools. This is no news for some parts of Europe. Germany has tried to address the nebulous hacking tools issue in 2007. The law has drawn a lot of critic from security researchers. Some even moved their research abroad to avoid operating in a grey area of the law. There’s an open letter to the German

Read More

DeepSec Announces DeepSec 365 Conference Track

René Pfeiffer/ April 1, 2012/ Administrivia, Conference, High Entropy

IT security has grown into a cornerstone of our modern society. We rely on data integrity, availability, and we do not wish our personal or business data to be mirrored on pastebin.com or other web sites. 2011 has been full of high-profile security-related incidents. 2012 will most certainly continue in this fashion. This cannot go on forever. Therefore we decided to address the lack of IT security conferences and boost their number considerably. Starting with 1 January 2013 we start the DeepSec 365 Conference Track – 365 DeepSec security conferences in 2013, one every day! We are currently finalising the deal with our conference venue. Even the tourism industry has acknowledged that there really is nothing besides hosting IT security events. Forget skiing, spas, clubbing, museums, sightseeing and all that, you want to see

Read More

Conference Network Survival Guide for DeepSec 2011

René Pfeiffer/ November 8, 2011/ Administrivia

For all of you who frequently visits „hacking hot spots“ this should be familiar. For all others who blindly trust the Net it should be a wake-up call. Here’s a short and probably incomplete check-list in case you are preparing for DeepSec 2011 or any other event with a public Internet access (the CCC has a more complete list on their event web site). Secure your operating system (vendor and type doesn’t matter). Backup your data. Do run a firewall or a similar filter on your device (vendor and type doesn’t matter). The hostile network starts right at your antenna or Ethernet jack (again regardless of vendor and layer 1 technology). Try to use a VPN tunnel to a trusted network (such as your company or home network). Tunnel all traffic through your VPN

Read More

Dissection of Malware and Legality

René Pfeiffer/ October 24, 2011/ Discussion, Security

You have probably seen the articles about the 0zapftis (a.k.a. the German Federal Trojan) malware used by the German police for investigation. There’s a lot going on in Germany and the German parliament, so we’d like to point out the issue of dissecting governmental malware and its relation to common sense and the law. The politician Patrick Sensburg accused the Chaos Computer Club to have thwarted investigations and thus the punishment of potential perpetrators. This violates German law (§ 258 Strafvereitelung, to be exact, description is in German). So is it legal to analyse malicious software or is it illegal? Mr. Sensburg has already answered three questions regarding his statements in parliament. He clarified his message. He criticises that the code had been published on the Internet instead of contacting the appropriate government agencies.

Read More

Talk: Extending Scapy by a GSM Air Interface

René Pfeiffer/ October 16, 2011/ Conference

Scapy is the „Swiss Army tool“ among security software. Scapy is a powerful interactive packet manipulation program. It is used for scanning, probing, testing software implementations, tracing network packets, network discovery, injecting frames, and other tasks. So it’s a security power tool useful for a lot of tasks in security research. Wouldn’t it be nice to add some capabilities on layer 3 of the Global System for Mobile Communications (GSM) protocol? This layer covers the UM interface that connects mobile network clients over the air interface to the base stations. Capturing packets on this link alone would be a great benefit to security researchers. Laurent ‘kabel’ Weber of the Ruhr-Universität Bochum will talk about „Extending Scapy by a GSM Air Interface and Validating the Implementation Using Novel Attacks“ at DeepSec 2011. Laurent’s talk describes the enhancement

Read More

Workshop: The Art of Exploiting Injection Flaws

René Pfeiffer/ September 12, 2011/ Conference

If you have ever developed a web application you know that attackers try to exploit requests to the web server in order to inject commands sent to a database server. This attack is called SQL injection. It is done by modifying data sent through web forms or parameters that are part of a request to a web server. In theory web developers learn to avoid mistakes leading to SQL injection. In practice not every developer has the skill or the tools to prevent SQL injection due to lack of knowledge. Validating data can be hard if the data is badly defined or if the building blocks of the web application do not offer ways to normalise or sanitise data. Most developers might not even know if the frameworks they are using protects them or

Read More

Talk: SMS Fuzzing – SIM Toolkit Attack

René Pfeiffer/ September 8, 2011/ Conference

We’re pretty sure that you own a mobile phone and that you send and receive text messages. Do you feel at risk or somehow threatened? If not, then you might want to reconsider your opinion. Cell phones, no matter if dumb or smart, are always connected to the mobile phone network. This means that they can receive messages and commands from the network. The security of GSM has already been explored in past DeepSec conferences. There’s a chance that you are prone to attacks. Let’s stick to text messages. At DeepSec 2011 we will show how to make a phone send an SMS message without the user’s consent and how to make the phone not to receive any message. The method used works on any phone, no matter if it’s a smartphone or not

Read More

Subverting Femto Cells – Infrastructure at Risk

René Pfeiffer/ July 14, 2011/ Security

The past DeepSec conferences featured talks about mobile telecommunication networks. Security researchers had to turn mobile phones into base stations or create their own from hardware and software. Yesterday The Hacker’s Choice have published a security analysis of Vodafone’s Femto Cells. These cells are small routers used for boosting the 3G signal. They cost about 160£ and can be purchased through the Vodafone store. Reverse engineering turns these little routers into full-blown 3G/UMTC/WCDMA interception devices. You can catch IMSIs and retrieve the secret subscriber information by requesting it from the core network. By using this secret key material you can decrypt intercepted phone calls and data transmissions. The reverse engineering process even produced the root password of the device (it’s ceolyx, but you need to decrypt it; other blogs feature the full plaintext password). This

Read More

Talk: Attack UPnP – The Useful plug and pwn protocols

René Pfeiffer/ June 18, 2011/ Security

Most firewall admins are quite allergic to Universal Plug and Play (UPnP). This is why it is usually turned off. Arron „Finux“ Finnon explains what UPnP can do. Its intended use is to facilitate data transmissions of UPnP-capable devices, meaning that these devices and software can use UPnP to poke holes into NAT devices and firewalls. Enabling UPnP a spare router with a free Wi-Fi network enables you to learn a lot about your neighbours. You can do device enumerating and identify devices requesting. And this is just the beginning. UPnP solved their security problems by not implying any security It’s a bit like Bonjour, a bit like mDNS, a bit like this and that. From the security point of view it’s a nightmare. There’s no authentication and no authorisation. UPnP will happily do

Read More