News & Events

Soluzen and Dreamlab Technologies started a long-term strategic alliance in security audits at the beginning of March 2008. Soluzen is a security consulting company and certifier for ISO27001 based in Lyon, France. Dreamlab Technologies has found a strong partner in Soluzen. The goal is to promote OSSTMM in the French business community. We are looking forward to a successful cooperation and we are confident to set again new milestones for IT security testing standards together with Soluzen.

Security means more that only IT and network security. Security know-how and security awareness are equally important. As an official educational partner of ISECOM and member of W3C and OWASP, Dreamlab Technologies is your competent partner for the education and advanced training of your employees and yourself. We recently published the new catalogue 2008 offering a wide range of high quality training and certification courses on IT security.

There are still free spots available left for the following courses:

21.04. – 26.04.2008

OSSTMM Professional Security Tester OPST

19.05. – 24.05.2008

OSSTMM Professional Security Analyst OPSA

26.05. – 30.05.2008

Offensive Security using <<back track

Please apply for the courses above on: www.dreamlab.net/education/registration/.
All courses take place at the University of Applied Sciences in Berne.

An investment in IT security know-how is an investment into the future for you as a participant as well as for your company. Find more information about our IT security courses on our website.

Our national branch in Winterthur moved into their new office at the Brunngasse 26 in Winterthur on March 1^st. 100m² of modern office space are divided into two offices and a meeting room. The location in Winterthur offers an excellent platform to our activity in the metropolitan areas Zurich and Eastern Switzerland. The branch office in Winterthur is managed by Max Moser, Senior Security Expert and Adviser. Max Moser is supported by Philipp Schrödel, Security Expert and Adviser.

Feel free to visit us at our new location in Winterthur!

Dreamlab Technologies AG
Brunngasse 26
8400 Winterthur

Dreamlab Technologies does pioneer work: Certified Secure Web is the first internationally acknowledged certificate for web application security. With Certified Secure Web security becomes measurable, reproducible and comparable. Certification permits to communicate the quality of your web application to users and potential customers. Certified Secure Web has been promoted for the first time at this year's OpenExpo. The OpenExpo is the biggest conference on open source software in Switzerland and took place in Berne on March 12^th and March 13^th 2008.

4. – 6. März 2008. Im Rahmen der vom Bund zur Förderung des Informatik-Nachwuchses ins Leben gerufenen Informatica 08, finden an diesen Tagen an der Hochschule für Technik und Architektur in Fribourg Workshops zum Thema «Sicherheit im Internet» statt.

Als Partner der HES-So wird Dreamlab die beiden Vorträge und Workshops in deutscher Sprache abhalten.

In diesen 2-stündigen Workshops soll den Studenten vermittelt werden, wie man seinen PC schützt und sich angesichts der Gefahren des Internets korrekt verhält. Während des ersten Teils des Workshops wird erklärt, wie man sich vor Angriffen aus dem Internet zu schützen. Danach wird in einem praktische Teil gezeigt, wie man seinen Laptop und seine Anwendungen so einrichtet, dass er optimalen Schutz gewährleistet ist.

Am 12. und 13. März 2008 öffnet die OpenExpo in Bern zum vierten Mal ihre Tore. Die grösste Schweizer Konferenz und Messe zu Open Source Software organisiert durch den Verein /ch/open und die topsoft ist seit Herbst 2007 erneut gewachsen und internationaler geworden: In den 51 Fachreferaten werden neben Schweizer Experten zahlreiche Redner aus Deutschland, Österreich, Italien, Frankreich, Dänemark, Belgien, England und den USA zu begrüssen sein.

Auch Dreamlab wird in Vertretung durch Philipp Egli, Head Auditor und Geschäftsleitungsmitglied, am Eröffnungstag um 11.30 Uhr ein Fachreferat zum Thema «Certified Secure Web – Take the Best Out of Two» halten.

Certified Secure Web verbindet zwei Open Source Methodologien zur Quantifizierung operativer Sicherheit mit dem Ziel, eine zuverlässige und reproduzierbare Grundlage für die Zertifizierung der Sicherheit von Webapplikationen zu schaffen.

Daneben wird Dreamlab mit einem eigenen Messestand im Rahmen der gleichzeitig stattfindenden «Topsoft» präsent sein und hier die umfangreichen Schulungen und Produkte im IT-Security Bereich vorstellen.

Max Moser, head of Dreamlab Winterthur and senior security analyst, gives a speech at the BlackHat Briefings 2008 on how to crack 27Mhz based wireless keyboards. He is one of the first Swiss to speak on a BlackHat Briefing. The Black Hat Briefings bring together the brightest minds from government agencies and global corporations with some of the world's most respected hackers. This year's BlackHat Briefing takes place in Washington D.C from February 18th to February 21st. Max Moser will reveal unpublished details regarding the cracking of Logitech devices in his speech.

Dreamlab will publish the slides in the news section after the end of the conference.

OSSTMM 3.0 and the RAV (Risk Assessment Value) – these were the main subjects of an event organized by Dreamlab Technologies Ltd. The event was booked out and judging from the reaction of the audience the event was a great success.

ISECOM founder Pete Herzog held a highly interesting key note about the new open security manual OSSTMM 3.0. For the first time ever in public he revealed details about the new RAV in OSSTMM 3.0 making IT security now even more measurable and applicable.

After his key note a panel discussion took place. Along with Pete Herzog the following experts participated therein:

• Prof. Dr. Bernhard Hämmerli, Lucerne University of Applied Science, Vize Präsident ISSS
• Giampaolo Trenta, CISO, Bank Julius Bär, Zürich
• André Ringger, IT-Security Solution Architect, Credit Suisse, Zürich
• Pietro Brossi, Academic Director, Zurich University of Applied Science, Winterthur
• Christoph Spycher, IT-Security Manager, Bâloise, Basel

The discussion was further fueled up by inspiring and provocative contributions from the audience.

For all that missed out on the event Dreamlab provides you with the keynote slides and video as well as further downloadable information concerning the new RAV:

Nicolas Mayencourt and Philipp Egli, members of the executive board of Dreamlab Technologies AG, promote our newest research results at LIFT 2008:

Interlocks is an application which aggregates and visualizes connections between Italian companies and their members of the board. Within seconds complex relations can be queried and visualized. LIFT takes place simultaneously in Geneva (Switzerland) and Seoul (South Korea) from February 6th to 8th 2008. The focus of the conference is on new technologies and their impact on our society.

The success of OSSTMM – Open Source Security Testing Methodology Manual – as a methodological approach to problem solving is based on three principles: Cross-plattform applicability, observance of all industry standards and regulations and RAV (Risk Assessment Value). RAV makes risks measurable and therefore also calculable.

Wireless keyboards and mice are becoming an increasingly common sight on desks. However, wireless hardware carries large hidden risks. Dreamlab Technologies has shown that it is possible to capture and decrypt keystrokes, meaning that user names, passwords, bank details or confidential correspondence can be very easily eavesdropped.

For further infromation please read our whitepaper and watch our video demonstration.

Our employee Sven Vetsch, who's responsible for web technologies security at Dreamlab Switzerland, wrote a paper about an new attack type he named «XSIO – Cross Site Image Overlaying». Sven Vetsch shows how to perform a XSIO attack and details the impact such an attack would have. For more information please read the paper:

Sven Vetsch, Security Tester and Adviser at Dreamlab Technologies, published an article on web application security in the current Netzwoche (Vol.30 2007). The article gives a basic introduction to web application security and to the main attack vectors. On September 19th Sven Vetsch speaks in the name of the OWASP Switzerland Local Chapter at the Security Zone 2007. His speach on web application security testing takes place at the event hall 550 in Zurich-Oerlikon.

This is the first «IT-Security Bulletin» ever published by the experts of Dreamlab Technologies SA. Based on mutual request of our customers for more informations about actual threats and dangers in IT-Security we decided, to put together a overview of the actual situation and future prospects. This Bulletin will be reviewed at regular intervals and then automatically distributed to our mailing list. If you would like to benefit from this informations too, please send us anemail.

This month Carola Kummert and Arne Blankerts are speakers on the «Free and Open Source Conference 2007» in St. Augustin (Bonn, Germany). They have two talks about XUL, the Mozilla XML Userinterface Language. The conference itself is focussed on Open Source and Free Software, so the session panel was starting on technical issues and doesnt end up by the of some lawyer's talk about current legal situation in Germany («Hacker's article», patent situation, «archiving must» of web sites, ...).

Our colleague Carola Kummert published an article on XSS attacks and howto elude them. The article appeard in the current UpTimes issue (Vol.22007), a journal brought out by the German Unix User Group (GUUG). Carola Kummert is head of education for Dreamlab Technologies in Germany.

Today on July 1st Dreamlab Technologies opened a new branch office in Winterthur, Zurich. This expansion is part of Dreamlab Technologies global and regional expansion strategy and guarantees an optimal support service for our clients in Eastern Switzerland. The new office is managed by Max Moser, Senior Security Expert and Adviser. Max Moser is supported by Philipp Schrödel, Security Expert and Adviser.

Endre Bangerter and Nicolas Mayencourt published an article on quantification of operational security in the current Digma issue, Vol.2 2007. Digma is a quarterly journal for data law and information security, published by Schulthess, Zurich.

The Digital Culture Association has arranged the Tweakfest 2007 with the festival theme «Metaverse». At the three day festival for media culture & digital lifestyle from May 24–26, 2007 in Zurich, Switzerland, the global digital avantgarde met with icons like Steve Wozniak, Co-Founder of Apple Computer. At the Tweakfest the most innovative creatores, researchers and managers of Switzerland convene to take part in various debates and presentations. Dreamlab was also participating in this event in the form of a speak by Sven Vetsch who talked about the Open Web Application Security Project in his position as the actual leader of the OWASP Local Chapter Switzerland.

LinuxTag 2007 opens its doors from May 30 to June 2, 2007 at Berlin Expo Center under the Funkturm with the goal to invite users and experts to learn more about the potential of Linux, Open Source, and Free Software. Our colleagues Carola Kummert and Arne Blankerts manage Dreamlab’s Appearance at the LinuxTag in Berlin. Not only to provide our wide range of interesting open Source products, like the hybrid IDS Prelude, the security testing framework BackTrack, the Open Source Security Testing Methodology Manual (OSSTMM) and the security expert educational courses OPST / OPSA and OPSE but also as speakers about new web 2.0 Technologies.

Web 2.0- Applikationen mit JSON
Carola Kummert (Dreamlab Technologies AG), Arne Blankerts (Dreamlab Technologies)
June 2 , 15.00 – 16.00 / Saal 3 Berlin

Create cross- platform web applications with XUL
Carola Kummert (Dreamlab Technologies AG), Arne Blankerts (Dreamlab Technologies)
June 2, 17.00 - 18.00 / Saal 3 Berlin

Dreamlab congratulates its colleague Max Moser on the PC Professionell innovation award 2006/2007. Every year, the German testing magazine honours innovations and products which represent extraordinary inventions, innovative thinking and courage. The Linux live distribution BackTrack of Max Moser and his team at remote-exploit.org wins in the category Open Source, securing the prize against two of the most successful Linux distributions, PrOOo-Box and Ubuntu!

Sebastian Schnitzenbaumer, Security Developer at Dreamlab, was appointed member of the W3C HTML Working Group. The Working Group will maintain and produce incremental revisions to the HTML specification, which includes the series of specifications previously published as XHTML version 1. Both XML and \«classic HTML» syntaxes will be produced. Dreamlab is a member of the World Wide Web Consortium W3C.

Dreamlab was invited to promote its services and products at the OpenExpo 2007, a Swiss event for free and open source software which took place in Berne on March 7th and 8th. Thomas Bader, trainer at Dreamlab Technologies, gave a speech on «Security Audits in compliance with OSSTMM». The Open Source Security Testing Methodology Manual is the first worldwide open standard for security testing and assures quantifiable, consistent and repeatable audit results. The OSSTMM is edited by ISECOM, of whom Dreamlab is the affiliate for Switzerland, France and Germany. André Roth, solution architect at Dreamlab Technologies, discussed advantages and possibilities of VoIP telephony using the open source software Asterisk.

Dreamlab congratulates its IT security Know-How partner BFH-TI Biel on the Swiss Technology Award 2007. The team around Professor Michael Höckel, head of Fuel Cell Department, and the CEKA Ltd. receive the exceptional price «Preserve Resources» for the first commercial Swiss fuel cell stack. The second laureate is AXSionics, a spin-off company of the BFH-TI Biel, who receives the Swiss Technology Award for its biometric Internet Passport. Both projects will be demonstrated at the CeBIT 2007 in Hannover.

With the beginning of the year 2007 Dreamlab Technologies opened a new office in Hamburg, Germany. The new Dreamlab office is managed by Carola Kummert and Arne Blankerts, both specialized in IT-Security, PHP, XML and XUL internet-based implementations.

Dreamlab represents ISECOM at the CeBIT 2007 from March 15th to 20th in Hannover, Germany. Visit us at Germany's leading business event for the digital world and learn more about ISECOM.

Dreamlab has won over Max Moser to work with Dreamlab as Security Developer. Max Moser is the editor of BackTrack, the world most downloaded security Live-CD. BackTrack is open source based and contains many security related tools such as sniffers, enumeration tools, exploits, scanner and fuzzers. Max Moser is part of our team since December 1st 2006.

Our OSSTMM Security Professional Certification Course Schedule for 2006 has been updated.
Register now and join the hands-on Training for Security Professionals.
Learn more about our courses.

From May 16th to 19th 2006 Dreamlab will be present at the Solution Park of IX Europe. Meet us there and learn more about Open Standard-based Security Solutions.

Dreamlab and Swisscom Fixnet will talk about their success story of operative security excellence at EUROSEC, 4th of April 2006.

Dreamlab Security Researchers will participate at the CCC 05 to discuss the latest trends of IT Security applied.

Dreamlab has moved to larger offices at Monbijoustrasse 36 to have more space.

Dreamlab participates at the CCC 04 to get latest insights in technology trends of IT Security.

As Linux experts DreamLab has been invited by HP Interex.CH to perform a workshop at the Linux Installation Day.

DreamLab has represented ISECOM at the Chief Information Security Summit (CISO) in Geneva. MIS Training’s annual CISO Executive Summit is an intensive learning and networking experience that addresses the unique challenges faced by today’s CISO.

DreamLab is invited by the Institut en Recherche Intelligence Informationelle IR2I to take part a the colloque «Intelligence Informationelle 2004» at the Institut national des Hautes Etudes en Sécurity INHESI in Paris, France.

DreamLab has been invited by the «Informatiksicherheitsorgan Bund ISB», to present the Institute of Security and Open Methodologies ISECOM and the Open Source Security Testing Methodology Manual OSSTMM.