2801, 2014

DeepSec 2013 Video: Building The First Android IDS On Network Level

René Pfeiffer/ January 28, 2014/ Conference

Did you know that you can do more than playing Angry Birds on your smartphone? You can get attacked for example. Since your smart phone is Turing complete, you can do what you want. Jaime Sánchez presented the first Android Intrusion Detection System at DeepSec 2013. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. This is a reason to deploy security software on these devices, too. With the help of custom built signatures, Jaime’s framework can also be used to detect probes or attacks designed for mobile devices, fool and cheat operating system fingerprinting attempts. Have a look!

2701, 2014

DeepSec 2013 Video: Finux’s Historical Tour Of IDS Evasion, Insertions, and Other Oddities

René Pfeiffer/ January 27, 2014/ Conference, Security

Ever since intrusion detection systems were put into operation, attackers have found ways to evade discovery. So what can you expect from the wonderful tools that are designed to detect intrusions? If you are looking for metrics which can easily compared and have a connection to your typical production environment, then you are mistaken. There is no such thing as a magical box, ready to be installed to solve all your intrusion problems. Arron ‘Finux’ Finnon of Alba13 Labs held a presentation at DeepSec 2013 about this topic. He illustrated the evasion techniques used and discussed the history of IDS/IPS systems. If you follow the talk closely, you will understand why detection systems like IDS/IPS can work, but why they’re set to fail all at the same time.

1901, 2014

DeepSec 2013 Video: Cracking Open “Secure” Android Containers

René Pfeiffer/ January 19, 2014/ Conference

Cell phones, especially the smart ones, become more and more part of your company’s infrastructure. These devices accumulate software (a.k.a. „apps“), authentication tokens, passwords, and a lot of data worthy of protection. While smartphone systems have their own protection mechanisms, not every one of them might work reliably. Chris John Riley explains in his presentation held at DeepSec 2013 why „secure“ containers on Android phones might not be as secure as advertised. Please make sure that you show this presentation to anyone riding the „BYOD“ train. You might want to rethink what you let your users put on their phones.

1701, 2014

DeepSec 2013 Video: Cracking And Analyzing Apple iCloud Protocols

René Pfeiffer/ January 17, 2014/ Conference

The „Cloud“ has been advertised as the magic bullet of data management. Basically you put all your precious eggs into one giant basket, give it to someone else, and access your data from everywhere – provided you have a decent Internet connection. Since someone else is now watching over your data, you do not always know what protocols and security measures are in place. Few „cloud“ solutions publish what they actually do. Apple’s iCloud system is no different. Vladimir Katalov (ElcomSoft Co. Ltd.) explained in his talk at DeepSec 2013 how the iCloud protocol works and how you can develop your own clients to access your own data in Apple’s „cloud“ infrastructure. His reverse-engineering work is based on publicly available information. Have a look!

0201, 2014

Applied Crypto Hardening (ACH) Project

René Pfeiffer/ January 2, 2014/ Communication, Security

DeepSec 2013 featured a talk about the Applied Crypto Hardening (ACH) project. In the wake of the discussion about attacks on cryptography itself and implementations of cryptographic standards almost every aspect of encrypted communication needs to be reviewed. Since system administrators, developers, and other IT staff usually has not the same expertise as crypto experts, the ACH project was formed. Its goal is to compile a reference for the best practice configuration of systems that use cryptographic components. The ACH guide covers SSL/TLS, virtual private network (VPN), algorithms, key sizes, (pseudo) random generators, and more. The advice is targeted at everyone seeking to improve the cryptographic capabilities of software and appliances. Hardening crypto is part of the basic security measures everyone should take care of. It needs to become a habit, just like everything

Read More

1911, 2013

Last Changes to DeepSec 2013 Schedule

René Pfeiffer/ November 19, 2013/ Administrivia, Conference

Unfortunately we had to change our DeepSec 2013 schedule again. We promise that this will be the last changes before the conference starts (or a certain Murphy will get a talk slot). Marcus Ranum couldn’t make it to DeepSec. He apologised, and there really is no way he could have made it. We will invite him for DeepSec 2014, so you will have a good reason to come back next year. We are grateful for Aaron Kaplan from CERT.at who helps out with a presentation about better cryptography. In essence he talks about applied crypto hardening in order to help everyone deploying cryptography to improve the configuration and to Get Things Right™. We highly encourage you to attend his talk. For anyone interested in geopolitics: Wim Remes has kindly agreed to hold the keynote

Read More

1511, 2013

DeepSec 2013 Talk: Bypassing Security Controls With Mobile Devices

René Pfeiffer/ November 15, 2013/ Conference, Security

How do you counter threats emerging from a new trend? Well, standard practice is to buy a new appliance, add-on, or similar magic trick. People do this currently with the trend of Bring Your Own Device (BYOD). Once you say yes to BYOD, you just gave Santa Claus (or your chief financial officer) more options for Christmas presents. There is Mobile Device Management (MDM in short), plus you can do a lot of filtering at the edge of your network(s). Still mobile devices are a threat. At DeepSec 2013 Georgia Weidman of Bulb Security LLC will show you how the threats work in real environments. Testing if your wonderful BYOD playground works for attackers can be done by taking your MDM’s promises to the limits. Let’s see if your MDM has ever heard of

Read More

1511, 2013

DeepSec 2013 Talk: Supply Chain – The Exposed Flank

René Pfeiffer/ November 15, 2013/ Conference, Security, Stories

Securing your own perimeter is the prime task IT security teams are worried about. However there is Murphy’s Law of Firewalls, too. Given a sufficient amount of time, business requirements will pierce a lot of holes in your firewall and your defences. Once you work with suppliers, you will have to deal with their perimeters as well. Your opponents will go for the weakest link, and if the links on your end are strong, then they go for your suppliers and partners. Dave Lewis of Akamai Technologies will talk about this problem in his talk at DeepSec 2013. It’s not your immediate partners you have to think about. There are trading partner networks, code developed by off shore development centres and outsourced help desks. Even if you use security products you can get into

Read More

1311, 2013

DeepSec 2013 Talk: Building The First Android IDS On Network Level

René Pfeiffer/ November 13, 2013/ Conference, Development, Security

Being popular is not always a good thing and here’s why: As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. The threat to mobile devices, however, is not limited to rogue versions of popular apps and adware. Threat actors are also pouncing on mobile users’ banking transactions. Android continues to be a primary target for malware attacks due to its market share and open source architecture. Nowadays, several behaviour-based malware analysis and detection techniques for mobile threats have been proposed for mobile devices but only about 30 percent of all Android smart phones and tablets have security apps installed. At DeepSec 2013 Jaime Sanchez (@segofensiva) will present AndroIDS, a signature-based intrusion

Read More

1311, 2013

DeepSec 2013 Talk: Malware Datamining And Attribution

René Pfeiffer/ November 13, 2013/ Conference, Security

The production of code leaves traces in the final binary. There can be debugging symbols present, which give you a lot of information. Maybe the binary has some commonly used libraries or functions. A lot of fingerprinting can be done with software. Why is this of interest? Well, there is the attribution problem of attacks and malicious software. Identifying where malware comes from can be crucial for the assessment of risks and the impact of compromised systems. Michael Boman has researched this topic and will present his findings in his talk titled Malware Datamining And Attribution at DeepSec 2013. Stuxnet and related malware is a prime example where the source of the code is of fundamental interest. Even for more „mundane“ code malware authors use leaves traces in their work which can be used

Read More

1211, 2013

DeepSec 2013 Talk: My Name Is Hunter, Ponmocup Hunter

René Pfeiffer/ November 12, 2013/ Conference, Security

Defending one’s own resources against malicious software is daily business for information security professionals. Usually you deploy a range of measures and try to minimise the risk. It may or may not work, depending if you have to fear the mysterious Advanced Persistent Threat (APT). APTs are highly targeted, very stealthy and can greatly impact your security in terms of damage and level of compromise. Their stealth aspect makes them hard to detect and hard to counter. Tom Ueltschi from the Swiss Post has gained experience with these kind of attacks. This is why he will share his insights at DeepSec 2013. His talk is titled My Name Is Hunter, Ponmocup Hunter. Ponmocup is a strain of malicious software which forms its own botnet. It is known by a couple of names, depending on

Read More

1111, 2013

DeepSec 2013 Talk: Cultural Learning Of China To Make Benefit Glorious Profession Of Infosec

René Pfeiffer/ November 11, 2013/ Communication, Conference, Security Intelligence

If something happens in your network, it’s an established custom to blame it on China. This approach is tried and true among the Chief Information Officers (CIOs) who have some explaining to do. Throw in the inevitable Advanced Persistent Threat (APT) and you are set. No more explanations necessary. Why is that? Well, most people don’t know, therefore Wim Remes of IOactive will give you a thorough overview in his talk titled Cultural Learning Of China To Make Benefit Glorious Profession Of InfoSec. Geopolitics is a good start. The current debate about the role of China as a nation, in international hacking incidents and corporate espionage is framed in an almost exclusively US-centric narrative. Using your adversaries as scapegoat works well, provided you talk to like-minded people and nations. China, however, is a nation

Read More

1011, 2013

DeepSec 2013 Talk (U21): The Dark Side of the Internet

René Pfeiffer/ November 10, 2013/ Conference, Internet

You may have heard of background radiation. It’s the kind of ionizing radiation you are exposed when wandering around on this planet. The sources are radioactive isotopes in the air, the soil, our food, and the water. In addition there is cosmic radiation from outer space. So even without artificial radiation sources you will have a natural background radiation. The Internet has a similar phenomenon. The pendant of the fundamental particle in Nature is the packet. Internet traffic consists of data packets going from their source to a target address. Imagine a part of the Internet which isn’t used at all. Its address space isn’t advertised anywhere. It holds no services and no active hosts. This place is called Darknet. In theory there will be no packets. In practice there are. A student from

Read More

0911, 2013

DeepSec 2013 Talk: CSRFT – A Cross Site Request Forgeries Toolkit

René Pfeiffer/ November 9, 2013/ Conference, Security

Cross Site Request Forgery (CSRF) is a real threat to web users and their sessions. To quote from the OWASP web site: „CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.“ Combined with social engineering this is a very effective attack tool. Believe it or not, web sites prone to CSRF are very common. If your web developers do not know what „unique web form“ means, you will have to deal with CSRFs eventually. Paul Amar is a student of computer science, and at DeepSec 2013 he will present a framework to study and prototype CSRF interaction with web servers. The tool presented is the Cross Site Request Forgeries Toolkit (CSRFT). It has been developed in Python and Node.JS. The

Read More

0811, 2013

DeepSec 2013 Talk: Mobile Fail: Cracking Open “Secure” Android Containers

René Pfeiffer/ November 8, 2013/ Conference, Security

Over the last few years the desire to have information at our fingertips whenever and wherever we want has driven us more and more towards mobile devices. The convenience of having our email, files and access codes available to us on our smartphones or tablets has given rise to a new problem… that of securing our sensitive data on an inherently insecure device. The same form factor that makes smart phones the easy choice for remote access to email and services also makes them easy to lose. In response, we’ve begun to move security closer to the data, relying on “secure” container applications to keep our private and company data secure. Mobile apps such as LastPass, Dropbox, Evernote, GOOD for Enterprise, and may others all offer differing degrees of security. In this presentation Chris

Read More