ERNW News

This newsletter illustrates the new technology Data Leakage Prevention (DLP). After some basic definitions and theoretical explanations, the evaluation of two exemplary DLP suites is described in detail. This examination is based on several requirements and derived test cases, which cover most aspects of DLP and can also serve as a framework for further examinations.

Friedwart Kuhn analyzes security-relevant implications of using the privilege "Trusted for delegation" in Active Directory. This newsletter will also give you recommendations towards a safe implementation of this privilege.

Our excellent coaches provide for an educational and practically oriented experience. With ERNW there's no compromise between profound theoretical knowledge and applicable practical knowhow. Visit our "Workshop Section" to get an overview over all topics and upcoming dates.

Head over to our event archives for new slides on "Virtual Security" and "Targeted Attacks" [in German language].

Friedwart Kuhn analyzes and evaluates the safe generation of master encryption keys for the initial setup of BlackBerry devices and the automatic update of these keys between BlackBerry devices and the BlackBerry Enterprise Server. The technical analysis comes along with recommendations of measures towards a safe operation.

Matthias Luft and Daniel Mende gave a lecture on "Hacking Mobile Devices" at an event of F-Secure on 18th May. It featured a series of practical demos. Download the presentation's slides here - we would be pleased to present the demos to your organization or be supportive with securing your mobile platforms.

We've updated the "upcoming events" section. Have a look where the ERNW guys are transferring their deep knowledge to international audience. Amongst others Enno Rey is contributing to Blackhat USA 2009 together with Chris Hoff - get more information about their talk "Cloudifornication" here.

Following ERNW's Responsible Disclosure policy, Michael Thumann reported a XSS vulnerability affecting Blackberry Enterprise Server.

ERNW Security Advisory 01-2009 is now online. See also: www.blackberry.com

This newsletter tells the story of a company that built a VoIP trunk to a remote site over the internet and doing so, it opened a security hole. The vulnerability was presumably exploited, which led to the loss of money for the victim. It is a true story, but it will be presented in a generic way, mainly giving a technical description of the incident and pointing out what could have been done to avoid it.

Visit our Publications & Talks section to get an overview on past conferences and upcoming events. Among other things, you'll find new slides of our talks from ShmooCon09 and BASTA! 2008.

There's also a new subsection for talks addressed to an Academic Audience.

The continuing merger of data and voice networks brings new security challenges. This 2-day course provides detailled knowledge about securing complex Voice-over-IP implementations. We will cover typical threats and vulnerabilities in VoIP networks and provide a risk-based approach in securing them.

Lots of real world examples and some hands-on experience might help to get a better understanding of the interactions, potential threats and mitigating controls to come across in VoIP networks.

Available dates:
April 7-8, 2009
May 18-19, 2009
June 23-24, 2009

For more information please head over to our 'Knowhow-Transfer' section.

The ERNW hacker team Roger Klose, Daniel Mende, Simon Rich and Grandmaster Michael Thumann, could stand up their many talented North American Ninja Hackers at the PacketWars, during the Day-Con. Congratulation!

This newsletter will introduce different approaches how malware can be analyzed and discuss their respective pros and cons. It will cover online sandboxes, individually built sandbox systems with a dedicated tool set and also a reverse engineering approach. Obfuscation techniques that are used by attackers to prevent malware analysis are discussed and possible solutions to defeat them are presented. Finally we will give some recommendations which approach works best in different corporations from our point of view.

An introduction to TrueCrypt

TrueCrypt is a free software application used for transparent real-time encryption and decryption. Its Version 6.0a has just been launched and offers many features and a wide range of functionalities.
This newsletter will give you an overlook and introduce you to user-friendly data encryption.

Testing IT Security is one of the core competences of ERNW. Many of our customers get their IT infrastructure and (Web-) applications checked on a regular basis. This may either be done on a very technical level in terms of penetration testing or in a more formal way in terms of general security audits, during which we verify the IT Security Compliance of your company compared to best practices according to ISO17799/ISO27001 and/or your enterprise security policies. As a result of our reports you will be able to realistically assess the risks related to the detected security flaws and vulnerabilities. (more)

Research & Technologie-Evaluation Research is the foundation of our knowledge leadership. The intent of this work is to unveil security flaws and vulnerabilities in protocols, technologies and products. Some findings derive from design-flaws, some from poor implementation on a technical level. In these cases we communicate the vulnerabilities to our clients and/or the manufacturer and assist in the development of a solution of the problem (e.g. patches) and as soon as a patch is available we publish advisories (ERNW Newsletter). (more)

New in our Pen-Testing Portfolio: VoIP-Vulnerability check of the participating protocols, gateways, devices and softphones that may lead to:

• Sniffing
• Denial-of-Service
• Redirecting phone calls
• Hacking of hard- and softphones
• Spoofing
• SPIT (VoIP-Spam)

more Pen-Test modules