1901, 2014

DeepSec 2013 Video: Cracking Open “Secure” Android Containers

René Pfeiffer/ January 19, 2014/ Conference

Cell phones, especially the smart ones, become more and more part of your company’s infrastructure. These devices accumulate software (a.k.a. „apps“), authentication tokens, passwords, and a lot of data worthy of protection. While smartphone systems have their own protection mechanisms, not every one of them might work reliably. Chris John Riley explains in his presentation held at DeepSec 2013 why „secure“ containers on Android phones might not be as secure as advertised. Please make sure that you show this presentation to anyone riding the „BYOD“ train. You might want to rethink what you let your users put on their phones.

1701, 2014

DeepSec 2013 Video: Cracking And Analyzing Apple iCloud Protocols

René Pfeiffer/ January 17, 2014/ Conference

The „Cloud“ has been advertised as the magic bullet of data management. Basically you put all your precious eggs into one giant basket, give it to someone else, and access your data from everywhere – provided you have a decent Internet connection. Since someone else is now watching over your data, you do not always know what protocols and security measures are in place. Few „cloud“ solutions publish what they actually do. Apple’s iCloud system is no different. Vladimir Katalov (ElcomSoft Co. Ltd.) explained in his talk at DeepSec 2013 how the iCloud protocol works and how you can develop your own clients to access your own data in Apple’s „cloud“ infrastructure. His reverse-engineering work is based on publicly available information. Have a look!

1501, 2014

DeepSec 2013 Video: spin – Static Instrumentation For Binary Reverse-Engineering

René Pfeiffer/ January 15, 2014/ Conference

Reverse engineering is a fundamental tool of information security research. The news coverage of the past year have given black boxes a bad name. David Guillen Fandos introduces methods for binary reverse-engineering in his presentation at DeepSec 2013. Binary instrumentation is used for performance evaluation, CPU emulation, tracing, and profiling. It can also be used for malware and threat analysis. David’s tool called spin is able to characterize and identify security-critical functions by applying conditions. If you are into reverse engineering or simply are curious, take a look at the video from his talk:

1401, 2014

DeepSec 2013 Video – Relax Everybody: HTML5 Is Securer Than You Think

René Pfeiffer/ January 14, 2014/ Conference

A lot of tags have been created since the 1980s when the foundation of the modern World Wide Web was born. HTML5 is being deployed on servers around the world. Just like the many 802.11xyz wireless standards it is being used before the stable standard has been released by the W3C. Moving targets attract all kinds of developers and information security enthusiasts. This is why we invited Sebastian Lekies of SAP to hold a presentation about HTML5. He systematically explores security relevant HTML5 APIs and summarises what web developers need to know when designing, implementing and deploying web applications. We will see at DeepSec 2014 if HTML5-based sites will be still featured in talks. ☺

1301, 2014

DeepSec 2013 Video: Psychology of Security – a Research Programme

René Pfeiffer/ January 13, 2014/ Conference

The DeepSec 2013 keynote presentation featured the cultural background of China in order to better understand the news about impending „cyber doom“. The past year has shown that you need a lot more than hands-on information security if you want to make sense of incidents. Next to history and culture there is psychology. In his talk at DeepSec 2013 Stefan Schumacher make a good case for combining psychology and the scientific approach with topics of information security. Watch his talk online!

2012, 2013

DeepSec 2013 Keynote – “Cultural Learning Of China To Make Benefit Glorious Profession Of Infosec”

René Pfeiffer/ December 20, 2013/ Conference

Our video team gave us an early Christmas present, fresh from the rendering farm. The keynote of DeepSec 2013 by Wim Remes is already online. His keynote talk puts information security into a broader context. More often than not blaming China seems to be an easy way to “explain” digital attacks or to silence legitimate questions. Wim explores the cultural side and history in order to improve what we know about the context. Since the Internet is a global network information security experts need to broaden their horizon. For every complex problem there is an answer that is clear, simple, and wrong. Attacks, persistent or not, can become complex, and dealing with the attribution problem is definitely no easy task. We heard about it at past DeepSec conferences. So enjoy Wim’s talk, have some

Read More

2411, 2011

DeepSec 2011 – Video Interviews

René Pfeiffer/ November 24, 2011/ Press

A video team from Golem, one of Germany’s largest IT news web sites, did some interviews at DeepSec 2011. We already mentioned the interview with Sharon Conheady and Stefan Schumacher. There’s a new video available. It’s an interview with Constantinos Patsakis about the security and the automotive industry. Modern cars rely heavily on computer systems and data buses, but they lack mechanisms to control access to different components by different users. Constantinos and Kleanthis Dellios discussed this problem in their talk at DeepSec 2011 and suggested solutions to this problem. Watch the video and listen to the interview. Video: Interview C. Patsakis Sicherheit in Autos (3:08) Harald Welte, who conducted the „Attacking GSM“ training with Dieter Spaar at DeepSec 2011, gave an interview about the state of security in the GSM network. Video: Interview Harald

Read More

2705, 2011

DeepSec Conference Videos

René Pfeiffer/ May 27, 2011/ Administrivia, Conference

Finally we found some time to sort through the video recording legacy of past DeepSec conferences. We’ve been asked for video material repeatedly since we record all talks held at DeepSec (except those where the speaker does not want to be published on video). Let me explain what the state of our video archive is. All video recordings were done by different teams consisting of video professionals, volunteers from Metalab and students of the St. Pölten University of Applied Sciences. We used different camera equipment, sound feeds due to changes with the audio system on-site and various storage media because of different digital cameras on-site. The videos of DeepSec 2007 are on Google Video since June 2008. We have re-added them to our internal archive, and we noticed that killab66661 has added the videos

Read More