Insinuator.net – Page 30 – Bold Statements

November 15, 2016 by Enno Rey

(Securely) Updating Smart Devices / Some Considerations

How to provide updates to IoT devices – yes, I’m aware this might be a overly broad generalization for many different devices – has been the topic of many discussions in the last years (for those interested the papers from the “Internet of Things Software Update Workshop (IoTSU)” might be a good starting point).
Given Matthias and I will moderate the respective session at tomorrow’s IoT Insight Summit I started writing down some points that we consider relevant in this context.

Continue reading “(Securely) Updating Smart Devices / Some Considerations”

Events

November 8, 2016 by Matthias Luft

15. Cyber-Sicherheits-Tag

Today Kevin and I had the pleasure to to present at the German 15. Cyber-Sicherheits-Tag in Berlin which is organized by the Alliance for Cyber Security. This iteration covered security aspects of the Internet of Things and we enjoyed some great conversations. The presentations were limited to ten slides and can be found here:

Continue reading “15. Cyber-Sicherheits-Tag”

Events

November 8, 2016 by Stefan Kiese

ITSeCX 2016: Pulling an all-nighter in Austria

Last Friday I gave a talk at the ITSeCX in St. Pölten, Austria. The conference, hosted by the local University of Applied Sciences, has already taken place ten times. I don’t know how many people attended this time, 2014 there were about 600; I read somewhere on the net. There were four tracks and some workshops from 4pm to the conference’s end at midnight. Continue reading “ITSeCX 2016: Pulling an all-nighter in Austria”

Events

November 4, 2016 by Niki Vonderwell

Announcing the first 5 talks of TROOPERS17!!!!

TROOPERS16 was packed with epic talks from around the world, an unknown evil twin brother appearing, hands-on trainings, and a legendary year for our TROOPERS Charity efforts! If you were there you might be wondering to yourself how could they possibly top it? Well, I am going to let you in on a little secret: Next year is the 10th edition of TROOPERS. One DECADE of TROOPERS, and we are pulling out all the stops! Starting with the announcement of the first 5 talks!

Continue reading “Announcing the first 5 talks of TROOPERS17!!!!”

Building

November 2, 2016 by Enno Rey

IPv6 Source Address Selection

As we all know an IPv6 enabled host can have multiple addresses. In order to select a source address for a to-be established outbound connection, operating systems implement a source address selection mechanism that evaluates multiple source address candidates and selects the (potentially) best candidate. Criteria for this selection are defined in RFC6724 (which obsoletes RFC 3484).

Continue reading “IPv6 Source Address Selection”

Events

October 29, 2016 by Hendrik Schmidt

TelcoSecDay 2017 – CFP Opens

For the 6th year in a row, the next TelcoSecDay will take place in 2017 on March 21th. Again, it will be held one day before Troopers IT-Security Conference as an invitation-only event. For those of you who don’t know the TSD, it is organized by ERNW and is aimed at bringing researchers and people from the telecommunication industry together to discuss about current security weaknesses, challenges and strategies. To do so, various topics will be presented during the talks and there will surely be enough time to follow-up in extensive discussions.
To give you an idea, here’s the TSD 2016 agenda, and here’s the one of 2015.
Continue reading “TelcoSecDay 2017 – CFP Opens”

Events

October 27, 2016 by Birk Kauer

Day-Con X Recap

Just a few days ago I had the pleasure of visiting Day-Con X. I listened to some great talks in the closed and public sessions. Since the first day was the security summit (closed session) I will just name a few titles with some brief words.

Continue reading “Day-Con X Recap”

Breaking

October 24, 2016 by Timo Schmid

Reverse Engineering With Radare2 – Part 3

Sorry about the larger delay between the previous post and this one, but I was very busy the last weeks.
(And the technology I wanted to show wasn’t completely implemented in radare2, which means that I had to implement it on my own 😉 ). In case you’re new to this series, you’ll find the previous posts here.

As you may already know, we’ll deal with the third challenge today. The purpose for this one is to introduce
some constructs which are often used in real programs.

Continue reading “Reverse Engineering With Radare2 – Part 3”

Misc

October 20, 2016 by Priya Chalakkal

A Journey Into the Depths of VoWiFi Security

T-mobile pioneered with the native seamless support for WiFi calling technology embedded within the smartphones. This integrated WiFi calling feature is adopted by most major providers as well as many smartphones today. T-mobile introduced VoWiFi in Germany in May 2016. You can make voice calls that allows to switch between LTE and WiFi networks seamlessly. This post is going to be about security analysis of Voice over WiFi (VoWiFi), another name for WiFi calling, from the user end. Before we get started, let me warn you in advance. If you are not familiar with telecommunication network protocols, then you might get lost in the heavy usage of acronyms and abbreviations. I am sorry about that. But trust me, after a while, you get used to it 🙂 . Continue reading “A Journey Into the Depths of VoWiFi Security”