Contact:
- 5th ASFWS editionNovember 4th, 2014
-
Follow us on Twitter
My Tweets
Category Archives: Talks
Finding holes: Operation Emmental
Like Swiss Emmental cheese, online banking protections may be full of holes. Banks have been trying to prevent cyber crooks from accessing their customers’ online accounts for ages. They have, in fact, invented all sorts of methods to allow their … Continue reading
Posted in ASFWS 2014, Talks
1 Comment
Why .NET needs MACs and other serial(-ization) tales
What is the story behind Microsoft’s patches MS13-067 (SharePoint) and MS13-105 (Outlook Web Access)? What is really involved in a .NET ViewState and why did Microsoft disable the ability to turn off its integrity protection since ASP.NET version 4.5.2 (KB2905247)? … Continue reading
Posted in ASFWS 2014, Talks
1 Comment
Offline bruteforce attack on WiFi Protected Setup
Wi-Fi Protected Setup™ is an optional certification program based on technology designed to ease the setup of security-enabled Wi-Fi networks in home and small office environments. Wi-Fi Protected Setup supports methods (pushing a button, entering a PIN, or using NFC) … Continue reading
Posted in ASFWS 2014, Talks
2 Comments
On the Security of the iCloud Keychain
iCloud Keychain, one of the latest additions to the family of iCloud services that was pitched by Apple. It is no doubt great for usability, but what about security? What kind of access does Apple have to your passwords stored … Continue reading
Posted in ASFWS 2014, Talks
1 Comment
Analyse technique d’un piratage helvétique
Il est rare qu’une affaire de piratage suisse fasse autant de vagues que le piratage d’un journaliste de la TSR cet été dans le cadre de l’affaire Giroud. Sans nous prononcer sur le fond de l’affaire nous allons décortiquer en … Continue reading
Posted in ASFWS 2014, Talks
1 Comment
Exploiting Software Vulnerabilities on Windows 8
Over the past decade, Microsoft has added several security features to the Windows operating system in order to increase the cost of developing reliable exploits for attackers. Sadly, despite the tangible security improvements in the protection of their users, the … Continue reading
Posted in ASFWS 2014, Talks
1 Comment
C++11 metaprogramming applied to software obfuscation
The C++ language and its siblings like C and Objective-C are ones of the most used languages today. Significant portions of operating systems like Windows, Linux, Mac OS X, iOS and Android are written in C and C++. There is … Continue reading
Posted in ASFWS 2014, Talks
1 Comment
Obfuscator: Reloaded
La protection logicielle est un sujet qui prend de plus en plus d’importance, surtout depuis l’apparition de l’informatique ubiquitaire et mobile (smartphones, tablettes, etc.). L’implémentation de mesures efficaces contre le piratage et la modification illégale de logiciels induisent un coût … Continue reading
Posted in ASFWS 2014, Talks
1 Comment
Warning Ahead: SecurityStorms are Brewing in Your JavaScript
JavaScript controls our lives – we use it to zoom in and out of a map, to automatically schedule doctor appointments and toplay online games. But have we ever properly considered thesecurity state of this scripting language? Before dismissing the … Continue reading
Posted in ASFWS 2014, Talks
1 Comment
Mesures techniques de surveillance : qu’est-ce que permet le droit suisse ?
Depuis les révélations d’Edward Snowden, chacun s’inquiète de la protection de sa sphère privée et s’interroge sur les limites légales autorisant la surveillance et les moyens de défense du citoyen. Nous allons voir quels moyens de surveillance sont permis en … Continue reading
Posted in ASFWS 2014, Talks
NORX - A Parallel and Scalable Authenticated Encryption Algorithm and First Round Candidate in CAESAR
In this talk, we first present the current status of CAESAR, the Competition for Authenticated Encryption: Security, Applicability, and Robustness, which started officially on March 15, 2014. This contest aims to identify a portfolio of authenticated ciphers, i.e. cryptographic primitives … Continue reading
Posted in ASFWS 2014, Talks
1 Comment
Utiliser SonarQube pour les tests sécurité
SonarQube est un outil permettant de base de gérer la dette technique. Néanmoins, Il dispose de différents moyens permettant de “gérer” des indicateurs permettant d’effectuer une analyse de code statique orienté sécurité. Nous passerons en revue lors de cette présentation, … Continue reading
Posted in ASFWS 2014, Talks
1 Comment