0509, 2011

Talk: The Management of IT Threats. European Digital Agenda’s Weakness

René Pfeiffer/ September 5, 2011/ Conference

In case you haven’t heard about it, there is a digital agenda for the coming decade, developed by the European Commission. Cited from the web site: Europe 2020 is the EU’s growth strategy for the coming decade. In a changing world, we want the EU to become a smart, sustainable and inclusive economy. These three mutually reinforcing priorities should help the EU and the Member States deliver high levels of employment, productivity and social cohesion. Concretely, the Union has set five ambitious objectives – on employment, innovation, education, social inclusion and climate/energy – to be reached by 2020. Each Member State has adopted its own national targets in each of these areas. Concrete actions at EU and national levels underpin the strategy. The strategy includes a strong coordination between public and private institutions, located

Read More

3108, 2011

Talk/Workshop: SAP Security In-Depth

René Pfeiffer/ August 31, 2011/ Conference

No two SAP deployments are the same. If you run an SAP environment, then you will most certainly use customisations and a multi-tier architecture. You will have tied your SAP deployment to your assets. The typical setup features Development, Quality Assurance and Production (which is the minimal amount of tiers, you may have more). While the development and IT staff mainly interacts with Development and Quality Assurance environments, the organisation’s end-user only connects to the Production systems in order to undertake the required business processes. As soon as security considerations come into play you will probably audit your infrastructure. Since auditors cost money most SAP deployments won’t be scrutinised completely. And then you are in trouble despite passing tests with flying colours. Using short-cuts is the best way to run into trouble. Consider your multi-tier

Read More

2308, 2011

DeepSec 2011 Schedule and Description of Talks/Workshops

René Pfeiffer/ August 23, 2011/ Conference

We’ve already published the preliminary schedule for DeepSec 2011. Most of the speakers have already confirmed their presence at the conference, but we are still waiting for e-mail. While preparing the schedule we’ve asked for more descriptions, and we will describe the talks and workshops in slightly more detail in the blog. We know that some of the titles deserve a closer look, especially since we got very interesting topics to talk about. During the next weeks we will dedicate a whole blog article to each and every slot in our schedule. Stay tuned! Please make sure that you don’t miss the early-bird rates. Tickets at reduced prices are still available until mid-September 2011!

0708, 2011

Explaining Security to non-technical Audiences

René Pfeiffer/ August 7, 2011/ Discussion, Report

A few days ago we had the opportunity to present a review of vulnerabilities in mobile phone networks and typical attack vectors to a non-technical audience (we announced the event in a previous blog posting, the event language was German). The background of the attendees was a spectrum of social sciences, political sciences, different technical science (but not information science), governmental agencies (again non-technical) and journalists. We adapted the slides in order to reduce the complexity and the technical details. The reaction was positive, but most of the questions were aimed at how to defend against the risks. Thus our reduction only lasted until the QA section. If you really want to defend yourself, you have to deal with the details. If you don’t dive into the details, you can give superficial answers at

Read More

0107, 2011

Veranstaltung zum Thema Informationstechnologie und Sicherheitspolitik

René Pfeiffer/ July 1, 2011/ Veranstaltung

Zwischen dem 28. und 31. Juli 2011 findet in Berlin die 1. Sicherheitspolitische Aufbauakademie des Bundesverbandes Sicherheitspolitik an Hochschulen statt. Sie trägt den Titel „Informationstechnologie und Sicherheitspolitik – Wird der 3. Weltkrieg im Internet ausgetragen?“. Die DeepSec Konferenz wird bei dieser Veranstaltung mit zwei Vorträgen zum Thema „Angriffe gegen Funknetze – wie verwundbar ist das GSM-Netz?“ und „Ausgewählte Angriffsvektoren — Zombies, Botnetze und dDoS-Attacken“ mitwirken. Wir versuchen damit Auszüge und Zusammenfassungen der vergangenen DeepSec Konferenzen komprimiert und auch für Nichttechniker zu vermitteln. Das volle Programm ist als PDF herunterladbar. Im Rahmen der Veranstaltung sollen die Themen Sicherheitspolitik und Informationstechnologie miteinander verbunden werden. „Cyberwar“ ist in aller Munde und hat schon Eingang in Militärdoktrine gefunden. Es stellen sich daher die Fragen: Was ist „Cyberwar“? Welche Bedrohungen sind relevant? Wie kann eine Auseinandersetzung mit Mitteln der

Read More

1506, 2011

See you at Ninjacon 2011 / BSidesVienna!

René Pfeiffer/ June 15, 2011/ Conference, Security

On June 18th the Ninjacon 2011 and the B Sides Vienna will take place. We will be present, help with the organisation, watch as many talks as possible and blog about it (at least we’ll send some tweets). If you got some time to spare, drop by (make sure you get a ticket first) or come to the party afterwards!

0106, 2011

Registration for DeepSec 2011 is now open!

René Pfeiffer/ June 1, 2011/ Administrivia, Conference

The registration for DeepSec 2011 is now officially open. You can register for the conference, workshops or both. We offer three booking phases: Early Bird, Regular and Last Minute. Please keep in mind that the Early Bird tickets are the cheapest. The longer you wait, the more you have to pay. Since the Call for Papers is still running the workshop slots are empty, but you can buy workshop or conference+workshop tickets now and decide which workshop you want later (when we publish the schedule). If you have any questions, drop us a few lines.

1603, 2011

Reminder: Mind2Mind Event I/2011 – „Wir werden Sie belauschen!“

René Pfeiffer/ March 16, 2011/ Communication, Veranstaltung

This is a short reminder of our local Mind2Mind event about the technology means of espionage in companies and organisations. The talk will be held by Wolfgang K. Meister of VOXCOM (and will be in German). Mr. Meister will address eavesdropping devices, microphones, attacks on telephone communication (VoIP, ISDN, analogue, 2G/3G), peculiarities of mobile phone networks and attacks on Internet communication, local computer systems and IT infrastructure. He will also discuss countermeasures. Dies ist eine kurze Erinnerung an unseren lokalen Mind2Mind Event „Wir werden Sie belauschen!“, der die Technologie von Spionage und Lauschangriff an Unternehmen und Organisationen beleuchtet. Der am Abend stattfindende Vortrag von Herrn Wolfgang K. Meister der Firma VOXCOM beschäftigt sich mit Wanzen, Mikrofonen, Aufnahme von Körperschall, Funk, Angriffen auf Telefone (VoIP, ISDN, analog, 2G/3G), Eigenheiten von Mobilfunknetzwerken und Attacken auf IKT

Read More

0107, 2010

Sneak Preview – Workshop about Advanced PHP Security

René Pfeiffer/ July 1, 2010/ Schedule

Our CfP ends on 31 July 2010, so we start publishing information about some of the submissions in advance. We got the confirmation from Laurent Oudot, founder of TEHTRI-Security, concerning the Advanced PHP Hacking training. The workshop will deal with breaking into PHP environments, methods of attackers once they are inside, defense against intruders and real hack simulations. This is a hands-on exercise guided by TEHTRI Security experts. Everyone running, developing or auditing PHP web applications should attend. Knowing how attacks work is the first step of avoiding them. When it comes to web applications, there is no silver bullet. You have to deal with the hosting environment, known about possible vulnerabilities, learn about the tools attackers use and then you can tune your defenses. Code analysis, filters, fuzzing, NIDS and hardening alone are

Read More