Security Night 2021/December

Join our ONLINE Meetup at
https://meeting.frachtwerk.de/b/mar-k9d-al6-exo
and enter this access code: 129787.

➡ WHAT TO EXPECT

Okay – let us do one more virtual night before we get back to normal (hopefully next year). We would love to use the opportunity to invite you to our next Meetup event – as an online webinar.

This time, we combine security awareness with web technology, and with the foundations of cryptology. Each and every one of these areas can significantly improve information security. For example, when developing a product, developers should always know where to look for potential security issues. This brings us to our first talk on security champions and how they can improve product development.

Second, we would like to shed some light on web browsers – a widely used product. While surfing the web, we usually want to stay safe. But, for "the best product delivery", most sites strive to track our fingerprint. Our next talk explains this problem and shows us the ubiquitous "use" in today's world.

Last, we are happy to present you another foundational talk – this time regarding cryptanalysis. For most of us a non-trivial topic, especially if combined with statistics as in this talk.

➡ THE TALKS

(1) "Super developer by habit: solid champions program" from Felipe Coe:
In this talk we share the experience in building a security champions program with the fundamentals in internal bug bounty and gamification, where the developer is in the center of the program.

(2) "Browser Fingerprinting" from Sebastian Neef:
JavaScript-based device and browser fingerprinting enables reliable re-identification of browsers without a stateful, persistent identifier. While it can be used for security purposes, it is also a strong contender to cookie-based tracking. Since JavaScript is a requirement for the majority of websites, escaping fingerprinting is almost impossible. This talk will provide a brief introduction into this important topic and share the results of our Alexa Top 10k analysis in which we expose a great variety of fingerprinting scripts and their actors.

(3) "Introduction to Statistical Cryptoanalysis – How to break weak ciphers and what to learn from it" from Kevin Niehage:
Typical introductions to statistical cryptoanalysis often only describe the theory of breaking weak ciphers like Caesar and Vigenère but leave the actual implementation up to the reader. This introduction is different as we will have a look at actual working code. From there we will derive generic problems we face when breaking encryption algorithms.

➡ SCHEDULE

7:00 pm – Welcome
7:10 pm – Talk 1 (Felipe Coe)
7:30 pm – Talk 2 (Sebastian Neef)
7:50 pm – Talk 3 (Kevin Niehage)
8:10 pm – Q&A
8:30 pm – Closing

➡ A FEW NOTES

Thank you to our friends at Frachtwerk for providing us with their webinar service for this Meetup. Please find Frachtwerk's data privacy statement at https://frachtwerk.de/datenschutz

Also, please be aware that we consider recording the talks. This includes audio/video and all chat messages. So, please choose your username wisely.

We look forward to having you!

➡ CONTACT US

This Security Night is organized by Suela Kodra, Martin Falkus, Hendrik Spiegel and Michael Prinzinger as a contribution to the Berlin security community.
You can find us offline at the events (ok, not this time) and online on our Slack channel:
https://join.slack.com/t/berlin-infosec/shared_invite/enQtNTY3ODU0OTU5NjcwLTAzMmZiNDQxNDk0NzE4NGJjOTE0ODJiOWRkMGY2Y2QwZTUxYzgzYTVlMGQ3YTllNjQ0YjFiNzVlYjZiMWU2MWY