Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

May 14 2018

#efail, Crypto, HTML, PDF, and other complex Topics

You probably have noticed the #efail hashtag that came with the claim that the crypto world of PGP/GPG and S/MIME is about to end. Apocalyptic announcements were made. The real news is due for 15 May 2018 (i.e. the publication with all the facts). There was even the advice to stop using encryption until more […]

The post #efail, Crypto, HTML, PDF, and other complex Topics appeared first on .

Reminder: DeepINTEL and DeepSec Call for Papers are still open

We have been a bit radio silent. We have to deal with the General Data Protection Regulation (GDPR), and we are moving our infrastructure across the Internet. The blog is already moved. Further services wait for their transport. The reason is simple maintenance work and hosting our data a bit more privacy-friendly. For example our […]

The post Reminder: DeepINTEL and DeepSec Call for Papers are still open appeared first on .

March 31 2018

Manufacturers integrate Blockchain into Processors to counter Spectre and Meltdown

The Spectre and Meltdown security vulnerabilities gathered a lot of attention in January. Processor manufacturers have rushed to fix the design of the chips and to patch products already in production. The vulnerabilities show that secure design is critical to our modern infrastructure. Computing has become ubiquitous, so has networking. The current fixes change the […]

The post Manufacturers integrate Blockchain into Processors to counter Spectre and Meltdown appeared first on .

March 28 2018

Metrics, Measurement, and Information Security

Metric is a great word. Depending how you use it, it changes its meaning. The metric of a network path is quite different from the metric system. When it comes to measuring something, the might be an agreement. Why bother? Because we have heard of the term security metrics being used for something which should […]

The post Metrics, Measurement, and Information Security appeared first on .

March 26 2018

Advanced and In-Depth Persistent Defence

The attribution problem in digital attacks is one of these problems that get solved over and over again. Of course, there are forensics methods, analysis of code samples, false flags, mistakes, and plenty of information to get things wrong. This is nothing new. Covering tracks is being done for thousands of years. Why should the […]

The post Advanced and In-Depth Persistent Defence appeared first on .

March 23 2018

Upgrade to HTTP2

We are busy with a little housekeeping. Among other things we have changed the way you can access our blog. It is now using HTTP2. We also added encryption and redirect all HTTP requests to HTTPS. Search engines should update their caches as soon as they refresh the pages. Hopefully this does not break anything. […]

The post Upgrade to HTTP2 appeared first on .

March 19 2018

The Grotesqueness of the “Federal Hack” of the German Government Network

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience. We will follow-up on it with an article of our own about attribution, digital warfare, security intelligence, and […]

The post The Grotesqueness of the “Federal Hack” of the German Government Network appeared first on .

February 27 2018

Support for BSidesLondon’s Rookie Track

We are proud to support the Rookie Track at BSidesLondon in 2018 again. This means that one of us will be present at the Rookie Track and that the winner will get to attend DeepSec in November. It’s hard to get a start, so we like to help the rookies with that. We also like […]

The post Support for BSidesLondon’s Rookie Track appeared first on .

January 31 2018

Change of Ticket System for DeepSec and DeepINTEL

We have made some changes behind the scenes, as always when preparing the new events for the year. This time we decided to change the ticket shop for both DeepINTEL and DeepSec. The reason for the new shop is its focus on privacy and security. Most shops are part of a social media network or […]

The post Change of Ticket System for DeepSec and DeepINTEL appeared first on .

DeepSec 2018 calls for Trainings and Content – Focus Mobility

The DeepSec 2018 Call for Papers is open. The focus for this year is mobility. Mobile networks and mobile devices have established themselves firmly in our society. And mobility doesn’t end here. Transport is transforming into new technologies by incorporating access to data networks (yes, that’s the „Cloud“), the power grid (think electric vehicles), drones, […]

The post DeepSec 2018 calls for Trainings and Content – Focus Mobility appeared first on .

January 26 2018

Secret Router Security Discussion in Germany

Routers are the main component when it comes to connect sites, homes, and businesses. They often „just“ take care of the access to the Internet. The firewall comes after this access device. The German Telekom suffered an attack on their routers on 2016. The German Federal Office for Information Security now tries to create a […]

The post Secret Router Security Discussion in Germany appeared first on .

January 24 2018

Save the Dates for DeepSec 2018 and DeepINTEL 2018

While everyone was busy with the holidays, Meltdown and Spectre, we did some updates behind the scenes. DeepSec 2018 will be held from 27 to 30 November 2018. We tried not to collide with Thanksgiving, so that you can come to Vienna after being with your family. As always, the first two days will be […]

The post Save the Dates for DeepSec 2018 and DeepINTEL 2018 appeared first on .

January 10 2018

January 06 2018

Meltdown & Spectre – Processors are Critical Infrastructure too

Information security researchers like to talk about and to analyse critical infrastructure. The power grid belongs to this kind of infrastructure, so does the Internet (or networks in general). Basically everything we use has components. Software developers rely on libraries. Usually you don’t want to solve a problem multiple times. Computer systems are built with […]

The post Meltdown & Spectre – Processors are Critical Infrastructure too appeared first on .

December 01 2017

DeepSec 2017 Presentation Slides

While the videos are on their way to the rendering farm, the presentation slides for DeepSec 2017 can already be downloaded. We put them online as soon as we get the final version from our speakers. If you do some guessing URL-wise you can also find the presentations of past conferences at the very same […]

The post DeepSec 2017 Presentation Slides appeared first on .

November 22 2017

DeepSec 2017 thanks you and DeepSec 2018 is almost ready

We caught up on sleep and are right in the middle of post-processing DeepSec 2017. Thanks to you all for attending, presenting, sending feedback, and being part of a great event. The slides will be online soon. The videos are being converted. We will upload them as bandwidth permits. All speakers and attendees will get […]

The post DeepSec 2017 thanks you and DeepSec 2018 is almost ready appeared first on .

November 15 2017

DeepSec2017 U21 Talk: Lessons Learned: How To (Not) Design Your Own Protocol – Nicolai Davidsson

“One of the first lessons of cryptography is “don’t roll your own crypto” but we were bold enough to ignore it”, says Nicolai. “Single Sign-On is so 2016 which is why we’d like to introduce its replacement, Forever Alone Sign-On – FASO. This talk will discuss one of the ugliest SSO solutions you’ll ever see, […]

The post DeepSec2017 U21 Talk: Lessons Learned: How To (Not) Design Your Own Protocol – Nicolai Davidsson appeared first on .

ROOTS: Out-Of-Order Execution As A Cross-VM Side Channel And Other Applications – Sophia d’Antoine

Given the rise in popularity of cloud computing and platform-as-a-service, vulnerabilities, inherent to systems which share hardware resources, will become increasingly attractive targets to malicious software authors. In this talk, Sophia will introduce a novel side channel across virtual machines through the detection of out-of-order execution. She and her colleagues created a simple duplex channel […]

The post ROOTS: Out-Of-Order Execution As A Cross-VM Side Channel And Other Applications – Sophia d’Antoine appeared first on .

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl