1809, 2015

DeepSec 2015 Talk: Revisiting SOHO Router Attacks – Jose Antonio Rodriguez Garcia and Ivan Sanz de Castro

Sanna/ September 18, 2015/ Conference, Internet, Security

Have you seen Jon Schiefer’s  film Algorithm? If you haven’t, then you should catch up. The protagonist of the story gain access by using the good old small office / home office (SOHO) infrastructure. The attack is pretty realistic, and it shows that SOHO networks can expose all devices connected to it, either briefly or permanently. Combined with the Bring Your Own Device (BYOD) hype, SOHO networks are guaranteed to contain devices used for business purposes. We haven’t even talked about the security of entertainment equipment or the Internet of Stuff (IoT). Like it or not, SOHO areas are part of your perimeter once you allow people to work from home or to bring work home. Be brave and enter the wonderful world of consumer devices used to protect enterprise networks. José Antonio Rodríguez

Read More

1709, 2015

DeepSec 2015 Talk: Building a Better Honeypot Network – Josh Pyorre (OpenDNS)

Sanna/ September 17, 2015/ Conference, Internet, Security

Most defenders only learn what attackers can do after recovering from a successful attack. Evaluating forensic evidence can tell you a lot. While this is still useful, wouldn’t it be better to learn from your adversaries without risking your production systems or sensitive data? There is a way. Use some bait and watch. Honeypots to the rescue! Josh Pyorre will tell you in his presentation how this works. Honeypots and honeypot networks can assist security researchers in understanding different attacker techniques across a variety of systems. This information can be used to better protect our systems and networks, but it takes a lot of work to sift through the data. Installing a network of honeypots to provide useful information should be an easy task, but there just isn’t much to tie everything together in

Read More

1109, 2015

DeepSec 2015 Talk: illusoryTLS – Nobody But Us. Impersonate,Tamper and Exploit (secYOUre)

Sanna/ September 11, 2015/ Conference, Internet, Security

Transport Layer Security is a cornerstone of modern infrastructure. The „Cloud“ is full of it (at least it should be). For most people it is the magic bullet to solve security problems. Well, it is helpful, but only until you try to dive into the implementation on servers, clients, certificate vendors, or Certificate Authorities. Alfonso De Gregorio has done this. He will present his findings at DeepSec 2015 in his presentation aptly titled „illusoryTLS: Nobody But Us. Impersonate,Tamper and Exploit“. Learn how to embed an elliptic-curve asymmetric backdoor into a RSA modulus using Elligator. Find out how the entire TLS security may turn to be fictional, if a single CA certificate with a secretly embedded backdoor enters the certificate store of relying parties. Discover how some entities might have practically explored cryptographic backdoors for intelligence purposes regardless of

Read More

0709, 2015

DeepSec 2015 Talk: Deactivating Endpoint Protection Software in an Unauthorized Manner

René Pfeiffer/ September 7, 2015/ Conference, Security

Your infrastructure is full of endpoints. Did you know that? You even have endpoints if you use your employees’ devices (BYOD!) or the „Cloud“ (YMMV!). Can’t escape them. Since the bad girls and guys knows this, they will attack these weak points first. How are your endpoints (a.k.a. clients in the old days) protected? In case you use software to protect these vulnerable systems, then you should attend Matthias Deeg’s talk. He will show you the art of Deactivating Endpoint Protection Software in an Unauthorized Manner: Endpoint protection software such as anti-virus or firewall software often have a password protection in order to restrict access to a management console for changing settings or deactivating protection features to authorized users only. Sometimes the protection can only be deactivated temporarily for a few minutes, sometimes it

Read More

3007, 2015

Last Reminder – the DeepSec 2015 Call for Papers closes today!

René Pfeiffer/ July 30, 2015/ Call for Papers, Conference

Take advantage of our Call for Papers! We can’t believe that all the devices, networks, services, and shiny things around us are completely secure. Once it got Wi-Fi, a SIM card, memory, or a processor there is bound to be an accident. It’s not just hunting rifles, jeeps, currencies, experts, and airplanes that can be hacked. There is more. Tell us! Don’t let the IT crowd of today repeat the mistakes of our ancestors. Submit a two-day training and help to save some souls! We are especially interested in secure application development, intrusion detection/prevention, penetration testing, crypto & secure communication, mobiles devices, the Internet of Things, security intelligence, wireless hacking (Wi-Fi, mobile networks, …), forensics, and your workshop that really knocks the socks off our attendees! Drop your training submission into our CfP manager!

Read More

0302, 2015

Internet Protocol version 6 (IPv6) and its Security

René Pfeiffer/ February 3, 2015/ Internet, Security

Internet Protocol version 6 (IPv6) is not new. Its history goes back to 1992 when several proposals for expanding the address scheme of the Internet were discussed (then know by the name of IP Next Generation or IPng). A lot has happened since RFC 1883 has been published in 1996. Due to the deployment of IPv6 we see now implications for information security. Several vulnerabilities in the protocol suite have already been discussed. DeepSec 2014 features a whole training session and three presentations about the future protocol of the Internet. First Johanna Ullrich talked about a publication called IPv6 Security: Attacks and Countermeasures in a Nutshell. The paper gives you a very good view on the state of affairs regarding security and privacy weaknesses. It is strongly recommended for anyone dealing with the deployment

Read More

1912, 2014

DeepSec 2014 Video – “The Measured CSO”

René Pfeiffer/ December 19, 2014/ Discussion, Schedule, Stories

The first recording of DeepSec 2014 has finished post-processing. Just in time for the holidays we have the keynote presentation by Alex Hutton ready for you. Despite its title “The Measured CSO” the content is of interest for anyone dealing with information security. Alex raises questions and gives you lots of answers to think about. Don’t stay in the same place. Keep moving. Keep thinking.

2011, 2014

BIOS-based Hypervisor Threats

René Pfeiffer/ November 20, 2014/ Discussion, High Entropy, Security

The DeepSec 2014 schedule features a presentation about (hidden) hypervisors in server BIOS environments. The research is based on a Russian analysis of a Malicious BIOS Loaded Hypervisor (conducted between 2007 and 2010) and studies published by the University of Michigan in 2005/2006 as well as 2012/2013. The latter publications discuss the capabilities of a Virtual-Machine Based Rootkits and Intelligent Platform Management Interface (IPMI) / Baseboard Management Controller (BMC) vulnerabilities. Out-of-band management is sensitive to attacks when not properly protected. In the case of IPMI and BMC the management components also play a role on the system itself since they can access the server hardware, being capable to control system resources. Combining out-of-band components with a hypervisor offers ways to watch any operating system running on the server hardware. Or worse. It’s definitely something

Read More

1511, 2014

DeepSec 2014 Talk: Why IT Security Is ████ed Up And What We Can Do About It

René Pfeiffer/ November 15, 2014/ Conference, High Entropy

Given the many colourful vulnerabilities published (with or without logo) and attacks seen in the past 12 months, one wonders if IT Security works at all. Of course, 100% of all statistics are fake, and only looking at the things that went wrong gives a biased impression. So what’s ████ed up with IT Security? Are we on course? Can we improve? Is it still possible to defend the IT infrastructure? Stefan Schumacher, director of the Magdeburger Institut für Sicherheitsforschung (MIS), will tell you what is wrong with information security and what you (or we) can do about it. He writes about his presentation in his own words: Science is awesome. You aren’t doing science in infosec. Why not? Seems to be the overriding message of @0xKaishakunin #AusCERT2014 This was one tweet about my talk

Read More

1211, 2014

DeepSec 2014 Talk: The IPv6 Snort Plugin

René Pfeiffer/ November 12, 2014/ Conference, Internet

The deployment of the new Internet Protocol Version 6 (IPv6) is gathering momentum. A lot of applications now have IPv6 capabilities. This includes security software. Routers and firewall systems were first, now there are also plugins and filters available for intrusion detection software such as Snort. Martin Schütte will present the IPv6 Snort Plugin at DeepSec 2014. We have asked him to give us an overview of what to expect. Please tell us the top 5 facts about your talk! Main research for my talk was done in 2011. I am quite surprised (and a little bit frightened) by how little the field of IPv6 security has developed since then. It is often easier to build attack tools than to defend against them. But to improve IPv6 network security we urgently need more detection

Read More

2910, 2014

DeepSec 2014 Talk: Build Yourself a Risk Assessment Tool

Sanna/ October 29, 2014/ Conference, Interview

„The only advice I might give to everyone who is responsible for information security is that it is never about a tool or a methodology“, says Vlado Luknar. The never-ending quest for the “best” tool or methodology is a futile exercise. In the end it is you, the security specialist, who adds the most value to a risk assessment (RA) / threat modelling process for your company, claims Vlado Luknar (Orange Slovensko a.s. / France Telecom Orange Group).  In his talk at DeepSec Mr. Luknar will demonstrate that it is quite easy to capture your overall security knowledge in a home-made, free-of-charge tool.  But first, let’s ask Mr. Luknar a couple of questions: 1) Mr. Luknar, please tell us the top 5 facts about your talk! There is no problem with understanding existing RA

Read More

2810, 2014

DeepSec 2014 Talk: Cloud-based Data Validation Patterns… We need a new Approach!

Sanna/ October 28, 2014/ Conference, Interview

Data validation threats (e.g. sensitive data, injection attacks) account for the vast majority of security issues in any system, including cloud-based systems. Current methodology in nearly every organisation is to create data validation gates. But when an organisation implements a cloud-based strategy, these security-quality gates may inadvertently become bypassed or suppressed. Everyone relying on these filters should know how they can fail and what it means to your flow of data. Geoffrey Hill has been in the IT industry since 1990, when he developed and sold a C++ application to measure risk in the commodities markets in New York City. He was recently employed by Cigital Inc., a company that specializes in incorporating secure engineering development frameworks into the software development life-cycles of client organizations.  He was leading the software security initiative at a major phone

Read More

2010, 2014

DeepSec 2014 Talk: Safer Six – IPv6 Security in a Nutshell

René Pfeiffer/ October 20, 2014/ Conference, Internet, Interview

The Internet Protocol Version 6 (IPv6) is the successor to the currently main IP Version 4 (IPv4). IPv6 was designed to address the need for more addresses and for a better routing of packets in a world filled with billions of networks and addresses alike. Once you decide to develop a new protocol, you have the chance to avoid all the mistakes of the past. You can even design security features from the start. That’s the theory. In practice IPv6 has had its fair share of security problems. There has been a lot of research, several vulnerabilities have been discussed at various security conferences. DeepSec 2014 features a presentation called Safer Six – IPv6 Security in a Nutshell held by Johanna Ullrich of SBA Research, a research centre for information security based in Vienna.

Read More

2409, 2014

DeepSec 2014 Talk: A Myth or Reality – BIOS-based Hypervisor Threat

René Pfeiffer/ September 24, 2014/ Conference, High Entropy

Backdoors are devious. Usually you have to look for them since someone has hidden or „forgotten“ them. Plus backdoors are very fashionable these days. You should definitely get one or more. Software is (very) easy to inspect for any rear entrances. Even if you don’t have access to the source code, you can deconstruct the bytes and eventually look for suspicious parts of the code. When it comes to hardware, things might get complicated. Accessing code stored in hardware can be complex. Besides it isn’t always clear which one of the little black chips holds the real code you are looking for. Since all of our devices we use every days runs on little black chips (the colour doesn’t matter, really), everyone with trust issues should make sure that control of these devices is

Read More

1709, 2014

DeepSec 2014 Talk: Why Anti-Virus Software fails

René Pfeiffer/ September 17, 2014/ Conference

Filtering inbound and outbound data is most certainly a part of your information security infrastructure. A prominent component are anti-virus content filters. Your desktop clients probably have one. Your emails will be first read by these filters. While techniques like this have been around for a long time, they regularly draw criticism. According to some opinions the concept of anti-virus is dead. Nevertheless it’s still a major building block of security architecture. The choice can be hard, though. DeepSec 2014 features a talk by Daniel Sauder, giving you an idea why anti-virus software can  fail. Someone who is starting to think about anti-virus evasion will see, that this can be reached easy (see for example last year’s DeepSec talk by Attila Marosi). If an attacker wants to hide a binary executable file with a

Read More