Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

November 14 2017

ROOTS: On The (In-)Security Of JavaScript Object Signing and Encryption – Dennis Detering

JavaScript Object Notation (JSON) has evolved to the de-facto standard file format in the web used for application configuration, cross- and same-origin data exchange, as well as in Single Sign-On (SSO) protocols such as OpenID Connect. To protect integrity, authenticity and confidentiality of sensitive data, JavaScript Object Signing and Encryption (JOSE) was created to apply […]

The post ROOTS: On The (In-)Security Of JavaScript Object Signing and Encryption – Dennis Detering appeared first on .

DeepSec2017 Talk: Building Security Teams – Astera Schneeweisz

While ‘security is not a team’, you’ll find that most companies growing just beyond 60-80 people start employing a group of people focusing primarily on the topic. But the culture of secure engineering in a company does not only strongly correlate with when you start building a security team – it becomes (and grows as) […]

The post DeepSec2017 Talk: Building Security Teams – Astera Schneeweisz appeared first on .

Notes on the ROOTS Schedule and the Conference

We are all set for the conference on Thursday. We did some last minute changes to the schedule due to some speakers running into issues, but we can confirm almost all presentations.You may have noticed the ROOTS schedule. It’s a bit shorter than DeepSec’s, but both events are not competing. The review for ROOTS is […]

The post Notes on the ROOTS Schedule and the Conference appeared first on .

DeepSec 2017 Talk: How I Rob Banks – Freakyclown

You are in for an adventure at DeepSec this year. We have a tour on robbing banks for you: A light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the worlds largest banks. Through the use of tales from the front line […]

The post DeepSec 2017 Talk: How I Rob Banks – Freakyclown appeared first on .

November 03 2017

Screening of “The Maze” at DeepSec 2017

We have some news for you. Everyone attending DeepSec 2017 will get a cinematic finish on the last day of the conference. We will be showing The Maze by Friedrich Moser. For all who don’t know Friedrich’s works: He is the director of A Good American which was screened at DeepSec 2015. The Maze is […]

The post Screening of “The Maze” at DeepSec 2017 appeared first on .

October 31 2017

DeepSec 2017 Workshop: Smart Lockpicking – Hands-on Exploiting Contemporary Locks and Access Control Systems – Slawomir Jasek

You can, quite reasonably, expect smart locks and access control systems to be free from alarming security vulnerabilities – such a common issue for an average IoT device. Well, this training will prove you wrong. After performing multiple hands-on exercises with a dozen of real devices and various technologies, you will never look at the […]

The post DeepSec 2017 Workshop: Smart Lockpicking – Hands-on Exploiting Contemporary Locks and Access Control Systems – Slawomir Jasek appeared first on .

October 30 2017

The only responsible Encryption is End-to-End Encryption

Last week the Privacy Week 2017 took place. Seven days full of workshops and presentations about privacy. This also included some security content as well. We provided some background information about the Internet of Things, data everyone of us leaks, and the assessment of backdoors in cryptography and operating systems. It’s amazing to see for […]

The post The only responsible Encryption is End-to-End Encryption appeared first on .

October 25 2017

DeepSec 2017 Talk: BitCracker – BitLocker Meets GPUs – Elena Agostini

Encryption and ways to break it go hand in hand. When it comes to the digital world, the method of rapidly using different keys may lead to success, provided you have sufficient computing power. The graphics processing units (GPUs) have come a long way from just preparing the bits to be sent to the display […]

The post DeepSec 2017 Talk: BitCracker – BitLocker Meets GPUs – Elena Agostini appeared first on .

October 17 2017

DeepSec 2017 Talk: Who Hid My Desktop – Deep Dive Into hVNC – Or Safran & Pavel Asinovsky

Seeing is believing. If you sit in front of your desktop and everything looks as it should look, then you are not in the Matrix, right? Right? Well, maybe. Manipulating the surface to make something to look similar is a technique also used by phishing, spammers, and social engineers. But what if the attacker sitting […]

The post DeepSec 2017 Talk: Who Hid My Desktop – Deep Dive Into hVNC – Or Safran & Pavel Asinovsky appeared first on .

May 25 2017

The Future of Entangled Security States – Quantum Computing Conference in Berlin

Quantum computing is a fashionable term these days. Some IT news articles are talking about post-quantum cryptography, qbits, and more quantum stuff. If you don’t know how the terms relate to each other, what entangled states in quantum physics are, and what everything has to do with computing, then you will have a hard time […]

The post The Future of Entangled Security States – Quantum Computing Conference in Berlin appeared first on .

May 23 2017

Biometrics and Failures in understanding Security – Copy & Paste Iris Scans

Biometrics has an irresistible attraction. Simply by mentioning the fact that you can measure parts (or surfaces) of the body and convert them to numbers a lot of people are impressed out of their mind. Literally. In theory biometric information serves as a second set of data to be used for any purposes. A common […]

The post Biometrics and Failures in understanding Security – Copy & Paste Iris Scans appeared first on .

May 16 2017

Disinformation Warfare – Attribution makes you Wannacry

After the Wannacry malware wreaked havoc in networks, ticket vending machines, companies, and hospitals the clean-up has begun. This also means that the blame game has started. The first round of blame was distributed between Microsoft and the alleged inspiration for the code. The stance on vulnerabilities of security researchers is quite clear. Weaknesses in […]

The post Disinformation Warfare – Attribution makes you Wannacry appeared first on .

May 14 2017

Wannacry, Code Red, and „Cyber“ Warfare

Society and businesses increasingly rely on networked infrastructure. This is not news. Worms that used networks to spread to new hosts in order to infect them is also not news. Code Red did this back in 2001. There is a new worm going around. Its name is Wannacry, and it is allegedly based on published […]

The post Wannacry, Code Red, and „Cyber“ Warfare appeared first on .

May 12 2017

DeepSec welcomes SEC Consult as Sponsor for 2017!

Testing products, production code, security measures, or the overall security of infrastructure is hard work. The typical needs in term of information technology for a company or an organisation has become a variety of components that need to be maintained and hardened against attacks. The devil is in the details. In order to find critical […]

The post DeepSec welcomes SEC Consult as Sponsor for 2017! appeared first on .

May 11 2017

DeepSec welcomes Digital Guardian as Sponsor for 2017

No event can be done with supporters, and so we welcome Digital Guardian as sponsor for the upcoming DeepSec 2017 conference! If you have data in your organisation, then you might be interested in talking to Digital Guardian’s experts, because they know a lot about what data does, where it lives, what endpoints really are, […]

The post DeepSec welcomes Digital Guardian as Sponsor for 2017 appeared first on .

May 01 2017

Call for Papers: 1st Reversing and Offensive-Oriented Trends Symposium (ROOTs) 2017

ROOTs 2017 The first Reversing and Offensive-Oriented Trends Symposium (ROOTs) 2017 opens its call for papers. ROOTs is the first European symposium of its kind, ROOTS aims to provide an industry-friendly academic platform to discuss trends in exploitation, reversing, offensive techniques, and effective protections. Submissions should provide novel attack forms, describe novel reversing techniques, or […]

The post Call for Papers: 1st Reversing and Offensive-Oriented Trends Symposium (ROOTs) 2017 appeared first on .

April 28 2017

DeepINTEL Update, Science First Campaign, Early Birds, and other News

The Easter break is over. We didn’t sleep (much), and we did not look for Easter eggs in software either. Instead we did a bit of work behind the scenes. DeepSec 2017 will have some more content due to the co-hosted ROOTs workshop. The full call for papers will be ready on 1 May 2017. […]

The post DeepINTEL Update, Science First Campaign, Early Birds, and other News appeared first on .

April 25 2017

Applied Crypto Hardening Project is looking for Help

Hopefully many of you know the Applied Crypto Hardening (ACH) project, also known as BetterCrypto.org. The project was announced at DeepSec 2013. The idea was (and is) to compile hands-on advice for system administrators, dev ops, developers, and others when it comes to selecting the right crypto configuration for an application. The BetterCrypto.org document covers […]

The post Applied Crypto Hardening Project is looking for Help appeared first on .

April 01 2017

SS8 – Replacement for Insecure Signalling System No. 7 (SS7) Protocol revealed

The ageing SS7 protocol has reached it’s end of life. Security experts around the world have criticised vulnerabilities a long time ago. SS7 even facilitated unsolicited surveillance attacks. What’s more, it has its own talks at the annual Chaos Communication Congress – which is a clear sign of fail if there is more than one presentation […]

The post SS8 – Replacement for Insecure Signalling System No. 7 (SS7) Protocol revealed appeared first on .

March 27 2017

DeepINTEL / DeepSec News for 2017 and Call for Papers

Changing code, layout or designs have something in common – deadlines. But you cannot rush creativity, and so the new design of the DeepSec web site took some time. The old design has served us well. We basically did not change much and used it since 2007. The new design follows the stickers we use […]

The post DeepINTEL / DeepSec News for 2017 and Call for Papers appeared first on .

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl