Building
by Matthias Luft

Agile Development & Security

I’m a big fan of Chris Gates’ publications on DevOops and From Low to Pwned. The content reflects a lot of issues that we also experience in many assessments in general and assessments in agile environments in particular. In addition, we were supporting several projects recently that were organized in an agile way. In this post, I want to summarize some thoughts on how security work can/should be integrated into agile projects. Continue reading “Agile Development & Security”

Continue reading
Misc
by Ahmad Abolhadid

Exploitation of IMS in absence of confidentiality and integrity protection

IP Multimedia Subsystem (IMS) offers many multimedia services to any IP-based access network, such as LTE or DSL. In addition to VoLTE, IMS adds service provider flexibility, better QoS and charging control to the 4th generation of mobile networks. IMS exchanges SIP messages with its users or other IMS and usually these communications are secured by TLS or IPSec. But if an attacker manages to break the confidentiality and the integrity with IMS, he would find it vulnerable to several attacks. Continue reading “Exploitation of IMS in absence of confidentiality and integrity protection”

Continue reading
Events
by Florian Magin

33c3 Talks – What could possibly go wrong with “insert x86 instruction here” ?

This was one of the few technical talks at 33c3 I managed to see, by that I mean live-stream during an access control shift, by Clémentine Maurice and Moritz Lipp.

The talk gave an overview of some already known possible information leaks by abusing certain x86 instructions(the same concept applies to ARM too though) and demonstrating the various ways an attacker could use them. Continue reading “33c3 Talks – What could possibly go wrong with “insert x86 instruction here” ?”

Continue reading
Misc
by Prof. Dr.-Ing. Andreas Dewald

White Paper on Incident Handling First Steps, Preparation Plans, and Process Models

We just published my Whitepaper about First Steps, Preparation Plans, and Process Models for Incident Handling, that I wrote to pass the time between Christmas and New Year. The whitepaper sums up information that I consider to be useful to prepare for IT security incidents as a conclusion from the incidents in which we supported over the past year. Continue reading “White Paper on Incident Handling First Steps, Preparation Plans, and Process Models”

Continue reading
Events
by Luis Dilling

ERNW at 33C3 – Part 1

This is part 1 of our report series on interesting talks of the 33rd Congress of the Chaos Computer Club. Every year the congress attracts hundreds (up to twelve thousand this year) of technical interested people with the opportunity to socialize and exchange knowledge with each other. The congress is organized by the European largest hacker association and speakers give talks about technical and societal issues like surveillance, privacy, freedom of information, data security and various more.

Talks in this part deal with CCC at schools, Wi-Fi security and the security of the N26 banking app.

Continue reading “ERNW at 33C3 – Part 1”

Continue reading