Scanning for TR-069 is neither Cyber nor War

The Deutsche Telekom was in the news. The reason was a major malfunction of routers at the end of the last mile. Or something like that. As always theories and wild assumptions are the first wave. Apparently a modified Mirai botnet tried to gain access to routers in order to install malicious software. The attacks lasted from Sunday to Monday and affected over 900,000 customers. These routers often are the first point of contact when it comes to a leased line. Firewalls and other security equipment usually comes after the first contact with the router. There are even management ports available, provided the ISP has no filters in place. The TR-069 (Technical Report 069) specification is one management interface, and it has its security risks.

Now that the dust has settled the Deutsche Telekom and politicians are quick to point out that „Cyber“ is going on, a „Cyber NATO“ is needed, the law needs to be amended (because once you have a law against something, It™ will never ever happen again), someone needs to take the blame, and more meaningless phrases are needed to not address the problem at hand. Golem.de has published a good summary and a comment on these remarks (in German). A detailed in-depth analysis showed that no TR-069 exploit was working on the targets. Instead the devices just failed to work. Which is very different from warfare or any other targeted attack.

Let’s face it. Most devices out there (Internet of Things or not) can be fried by using the ISIC (IP Stack Integrity Checker) tool for a couple of minutes. You should try this at home. There is not war, and there is no „cyber“ going on. It’s just the missing defence-in-depth concept at work.

Disclosures, Jenkins, Conferences, and the Joys of 0Days

DeepSec 2016 was great. We have slightly recovered and deal with the aftermath in terms of administrivia. As announced on Twitter, we would like to publish a few thoughts on the remote code execution issue found by Matthias Kaiser. He mentioned the possibility in this presentation titled Java Deserialization Vulnerabilities – The Forgotten Bug Class. First let’s explain some things about how DeepSec runs the Call for Papers, the submissions, and the conference.

During the Call for Papers process our speakers send us title, abstract, and mostly an in-depth description of the presentation’s content. This means that we usually know what’s going to happen, except for the things that are actually said and shown during the presentation slot. Since we do not offer any live video streams and publish all presentation slides after we have given the speaker a chance to redact and change things, the disclosure of anything is limited to the audience at DeepSec. Even if you do a full disclosure, it is technically not. That’s a fact, not an excuse. Furthermore we support all of our speakers during the submission process, on stage, and after that. If you as a conference do not give this support for anything that might happen, then what’s the point in inviting someone? Once you publish the schedule, you’re in. Don’t cop out!

Any kind of disclosure comes with a discussion on how to do it. Basically you get disclosure in all shades and all flavours. In our heart we very much like full disclosure (we grew up with reading Bugtraq and stuff like that years before). We suggest reading the superb article Full Disclosure is a necessary evil written by Aleph One in 2001. True, most vendors/developers/communities like to get some advance information on critical bugs in order to fix the problem. Sadly this statement is based on the assumption that whoever produces the code is willing to do this. There are records of bugs that were critical and weren’t fixed for years (or longer). This is still the case. So, no matter what flavour of disclosure you like, the information about the bug has to be published, and it has to be published with a fixed deadline. There is nothing to postpone. The bug is real, it affects users, it is being exploited. Time is running out. End of story.

Lastly we don’t like the term 0day (or zero-day). It’s a fancy word. It sounds dangerous (it might be, it might be not, most of the time it is, but then it depends on what the affected code does). The 0day is at the end of the life cycle from vulnerability to bug and to a working and tested exploit. In order to wreak havoc you have to do some software development including testing to come up with results that can be recreated. Neither a vulnerability nor a bug is a 0day.

Of course we understand vendors, developers, and communities that care about the security record of their code. Plus we like security researchers who don’t give out the details too early. Thanks to Matthias Kaiser for being responsible and professional. In case you got the wrong impression from a medium that asks you to explain quantum field theory in 140 characters, then something went wrong. We are sorry for any conclusions derived from instant news messages.

We hope to see vendors, developers, security researchers, user, and everyone else at  DeepSec 2017. We can discuss the joys of 0days live with as many characters and coffee as we want.

DeepSec 2016 – expect 48 Hours of Failures and Fixes in Information Security

The conference part of DeepSec 2016 has officially started. During the workshops we already discussed a lot of challenges (to phrase it lightly) for infrastructure and all kinds of software alike. The Internet of Things (IoT) has only delivered major flaws and gigantic Distributed Denial of Service attacks so far. There is even a worm for LEDs these days. And we haven started the conference preparations yet.

So we have plenty of reasons to talk about what went wrong, what will go wrong, and what we can do about it. The world of information security is not always about good news. Something has to break, before it can be repaired – usually. Systems administrators know this, for some it’s their daily routine. Nevertheless we hope everyone at DeepSec gets some new insights, fresh ideas, and more ways to tackle the Wonderful World of Information Security. We can’t wait to see the presentations!

Enjoy the conference!

Screening of “A Good American” in Vienna with Bill Binney

There will be a screening of the documentary A Good American in Vienna tomorrow. We highly recommend watching this film, even if you are not directly connected to information security. Threat intelligence has far-reaching consequences, and in the case of the world’s biggest intelligence agency it also affects you.

A Good American will be shown

All of this takes place in the course of a lecture about the topic. Markus Huber and Martin Schmiedecker have kindly organised everything. Bill Binney will be present, too. So you can directly talk to him and ask him questions. We highly recommend not to miss this opportunity.

DeepSec 2016 Talk: Obfuscated Financial Fraud Android Malware: Detection And Behavior Tracking – Inseung Yang

In Korea in particular, hackers have distributed sophisticated and complex financial fraud android malware through various means of distribution, such as SMS phishing, Google play, compromised web servers and home routers (IoT). In some cases, both smartphone and PC users are targeted simultaneously.

Inseung Yang and his team collect mobile android malware via an automated analysis system, detect obfuscations and malicious packer apps. In his presentation Inseung Yang will describe trends of malicious android apps and obfuscated mobile malware in Korea. He’ll explain the policy methods for Korean mobile banking and the attack methods used by hackers, f.ex. the stealing of certifications, fake banking apps that require the  security numbers issued to users when they open their accounts, Automatic Response Service(ARS) phishing attacks in conjunction with Call Forwarding, and the requesting of the One Time Password(OTP) number.

But Inseung will not only talk about recent trends of obfuscated malicious android apps in Korea, he’ll also explain various mobile protection techniques to prevent you from obfuscation, packing and anti-debugging and other methods used to obstruct the detection and analysis of malware.

inseung-yangInseung Yang is a member of the Analysis Team at KrCERT/CC, KISA.

 

DeepSec 2016 Keynote: Security in my Rear-View Mirror – Marcus J. Ranum

Everything that’s old is new again, and if you work in security long enough, you’ll see the same ideas re-invented and marketed as the new new thing. Or, you see solutions in search of a problem, dusted off and re-marketed in a new niche.

At this year’s DeepSec conference the keynote will be given by Marcus Ranum, who set up the first email server for whitehouse.gov. He will reflect upon over 30 years of IT security and make a few wild guesses for where this all may wind up. Spoiler alert: Security will not be a “solved” problem.

Marcus answered a few questions beforehand:

Please tell us the Top 5 facts about your talk.

  • I’ll be talking about how the security market evolves from here.
  • I’ll be talking about the relationship between security and management
  • It’s going to be depressing.
  • I have been working in security since the mid/late 1980s and I don’t think we have made any progress at all
  • I don’t think we will make much progress in the near-term future, either.

Is there something you want everyone to know?

It’s all about management cost.

marcus-ranumMarcus J. Ranum works for Tenable Security, Inc. and is a world-renowned expert on security system design and implementation. He has been involved in every level of the security industry from product coder to CEO of a successful start-up. He is an ISSA fellow and holds achievement and service awards from several industry groups.

DeepSec 2016 Talk: Systematic Fuzzing and Testing of TLS Libraries – Juraj Somorovsky

In his talk Juraj Somorovsky presents TLS-Attacker, a novel framework for evaluating the security of TLS libraries. Using a simple interface, TLS-Attacker allows security engineers to create custom TLS message flows and arbitrarily modify TLS message contents in order to test the behavior of their TLS libraries. Based on TLS-Attacker, he and his team first developed a two-stage TLS fuzzing approach. This approach automatically searches for cryptographic failures and boundary violation vulnerabilities. It allowed him to find unusual padding oracle vulnerabilities and overflows/overreads in widely used TLS libraries, including OpenSSL, Botan, and MatrixSSL.

Juraj’s findings encouraged the use of comprehensive test suites for the evaluation of TLS libraries, including positive as well as negative tests. He and his team used TLS-Attacker to create such a test suite framework, which finds further problems in TLS libraries.

TLS-Attacker is an open source tool, and is currently being deployed for internal tests in Botan and MatrixSSL. We asked Juraj Somorovsky some questions about his matter of interest.

Please tell us the top 5 facts about your talk.

  • It gives an overview of the recent attacks on TLS (Transport Layer Security).
  • It presents an open source framework for the evaluation of TLS libraries, which can be used by security researchers or developers: TLS-Attacker.
  • It shows how to use TLS-Attacker to test and fuzz TLS libraries, or how to create custom proof-of-concept attacks.
  • It presents vulnerabilities found with TLS-Attacker, including padding oracles in OpenSSL, Botan and MatrixSSL.
  • It shows a video from South Park.

How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?

In the recent years we could observe many vulnerabilities in important TLS implementations. We saw attacks targeting improper encryption algorithms and configurations, complex state machine attacks, or buffer overflows and overreads. This motivated us to create a tool that allows security researchers to easily implement proof-of-concept attacks, or execute fuzzing and find such attacks automatically.

Why do you think this is an important topic?

TLS is arguably the most important cryptographic protocol. We use it every day in our browser to login on our favourite web sites or to execute secure payments. Its security evaluation is therefore of a huge importance.

Is there something you want everybody to know – some good advice for our readers maybe?

This talk is for everybody who is interested in TLS and secure crypto protocols. As a security researcher or pentester you will learn how to execute specific attacks like padding oracles. As a security developer you will learn how to evaluate the security of your TLS servers.

A prediction about the future – what do you think will be the next innovations or future downfalls when it comes to particularly your field of expertise / the topic of your talk?

The new TLS 1.3 standard is being developed. This standard will be integrated into new TLS libraries, including further novel TLS features and extensions. These new implementations will lead to novel security bugs and problems. We hope that with a careful systematic TLS fuzzing and testing new security problems can be eliminated.

 

photo_jurajDr. Juraj Somorovsky is a security researcher at the Ruhr University Bochum, and co-founder of Hackmanit GmbH. He is a co-author of several TLS attacks (e.g., DROWN), and the main developer of a flexible tool for TLS analyses: TLS-Attacker (https://github.com/RUB-NDS/TLS-Attacker). He presented his work at many scientific and industry conferences, including Usenix Security, Blackhat, Deepsec or OWASP Europe.

DeepSec2016 Talk: Smart Sheriff, Dumb Idea: The Wild West of Government Assisted Parenting – Abraham Aranguren & Fabian Fäßler

Would you want to let your kids discover the darker corners of the Internet without protection? Wouldn’t it be handy to know what they do online, to be alerted when they search for dangerous keywords and to be able to control what websites they can visit and even when they play games?

Worry no longer, the South Korean government got you covered. Simply install the “Smart Sheriff” app on your and your kids’ phones. Smart Sheriff is the first parental-control mobile app that has been made a legally required, obligatory install in an entire country! Yay, monitoring!

Well, something shady yet mandatory like this cannot come about without an external pentest. And even better, one that wasn’t solicited by the maintainer but initiated by the OTF and CitizenLab and executed by the Cure53 team! In this talk, two of the Cure53 testers involved in the first and, who would have guessed, second penetration test against the “Smart Sheriff” app, will share their findings. Maybe everything went allright, maybe the million kids forced to have this app run on their devices are safe. Maybe. But if so would there be a talk about it?

We all know, mandated surveillance apps to protect children are a great idea, and outsourcing to the lowest bidder, always delivers the best results. Right?

Going over the first and second pentest results we will share our impressions about the “security” of this ecosystem and show examples about the “comprehensive” vendor response, addressing “all” the findings impeccably. This talk is a great example of how security research concerning a serious political decision and mandatory measures might achieve nothing at all – or of how a simple pentest together with excellent activist work may spark a political discussion and more.

 

abraham-arangurenAbraham was an honors student in Information Security at university. From 2000 until 2007 his work experience was mostly defensive: Fixing vulnerabilities, source code reviews and later on trying to prevent vulnerabilities at the design level as an application and framework architect. From 2007 forward Abraham focused more on the offensive side of security with a special focus on web app security. He is a senior member of the Cure53 team, and a senior consultant for Version 1 – the top IT consultancy in Ireland. Abraham is also the creator of “Practical Web Defense” – a hands-on eLearnSecurity attack and defense course, as well as an OWASP OWTF project leader, and sometimes writes on http://7-a.org or twitter as @7a_ and @owtfp.
Abraham holds a Major degree and a Diploma in Computer Science apart from a number of information security certifications: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+.

As a shell scripting fan trained by unix dinosaurs Abraham wears a proud manly beard.

Previous presentations and some recordings can be found here and here.

fabian-fa%cc%88slerFabian did his bachelors degree in collaboration with IBM and is now doing his masters degree at the technical university in Berlin. He was always interested in IT security and started to seriously get into it after he discovered CTF competitions in 2011, and has since won the the German Cyber Security Challenge twice.

Fabian is a senior penetration tester for Cure53 and holds an Offensive Security Certified Professional (OSCP) certification.

Fabian is interested in all computer topics from low level hardware up to high level web applications and writes about it on his blog and on  twitter .

Contrary to Abraham, Fabian cannot grow a full beard.

DeepSec 2016: Social Engineering remains the most dangerous Threat to Companies – DeepSec offers a Workshop on the Defence of social Manipulation as part of IT

If you follow the news on information security, you see superlative after superlative. Millions of passwords were stolen. Hundreds of thousands of cameras suddenly became tools for blackmail. Countless data got copied unauthorized. Often, after a few paragraphs, your read about technical solutions that should put a stop to these burglaries. Therefore one forgets that nowadays hermetically locked doors can be easily opened just by a telephone call or an e-mail message. According to a publication of the British Federation of Small Businesses, almost 50% of attacks are social engineering attacks, which means attacks through social manipulation.Thus, investments in technical defense measures remain completely ineffective.

Mere security awareness does not help anymore

In the past approaches to defend against attacks on the weak spot human being have focused on awareness trainings. But in our modern business world awareness is not enough. The knowledge of the dangers of social engineering aka social manipulation is already available. Countermeasures must now become much more concrete. Employees must be able to understand, recognize and independently avert the methods of their adversaries. This competency can not be achieved only through security awareness. Let’s use the analogy of fire-fighting to underline this point:

The knowledge about a possible fire in the workplace is of little help if nobody is able or allowed to use a fire extinguisher in the event of a crisis. All classic trainings focusing on the defense against social engineering only deal with the topic up to a certain point. Unfortunately, what has to be done after the fire spot has been discovered is often no matter of discussion. But exactly at this point, training has to become tangible, otherwise it does not contribute to the protection of a company.

Social engineering, the poor relation of information security

The serious implications of attacks against the psyche of employees are strongly underestimated. While technical solutions, due to their inscrutable complexity, seem to be highly effective, the studies of habits, communication styles, absences, internal company celebrations, daily lunches or after-work activities seem almost banal. But each piece of seemingly banal information is a building block in the attacker’s plan. This is easier said than done, but you must build counter-measures as a complete campaign. Many companies have guidelines for dealing with strangers and sensitive information. Their IT departments are also inaugurated.

But one has to connect the individual parts to form a network to protect the weak points of human communication in office life, otherwise the best fire protection system will not suffice. Do not consider your personnel as a potential risk, but as an vital part of your security architecture. Everyone can fall victim to social engineering attacks; there is no shame in that. It is therefore crucial to offer ways to your employees to report weaknesses anonymously. If all shall pull together, the threshold for co-operation must be as low as possible, especially when it comes to security.

Hands-on workshop with practical exercises, based on examples from the real world

One of the focus points of the 10th DeepSec In-Depth Security Conference will be social engineering and how to defend yourself against it. The conference program includes not only lectures on the subject but also a training conducted by two experts in this field. In a two-day workshop, Cyni Winegard and Bethany Ward will present real-world scenarios and enact them with their participants. The course aims not only to create awareness, but to use practical examples and role playing for participants to gain experiences that can be incorporated into their own habits. All examples will be tailored to the abilities of the participants – and to the weaknesses of their professional environment.

When it comes to defense, it has to acknowledge and withstand the ability of your opponents. The workshops Penetration Testing Humans helps to create a real defense of the human psyche. The trainers bring their experiences from many years of safety tests and confront the participants with real dialogues and actions from successful attacks.

The complete program of the DeepSec Conference is available at

https://deepsec.net/schedule.html

The workshops will be held on the 8/9 November 2016.

The conference takes place on 10/11. November.

Workshop & Conference Venue: The Imperial Riding School Vienna – A Renaissance Hotel, Ungargasse 60, 1030 Vienna.

IT-SeCX 2016: Talk about Relationship between Software Development and IT Security

The IT-SeCX 2016 event takes place on 4 November at the St. Pölten University of Applied Sciences LLC. It’s a night of security talks, held by various speakers from the industry, academic world, and other institutions. We will give a presentation exploring the relationship between the fine art of software development and the dark art of information security. We all know about bugs, glitches, error conditions, and flat failures of software design. There are links between the development cycle and the work of information security experts (or sysadmins who always have to deal with things that break). If you deal with any of these professions mentioned, you should drop by and attend the talk.

IT-Security Community Exchange 2016, 4 November 2016, at 1915 – Wechselwirkungen zwischen Softwareentwicklung und IT Security

FH St. Pölten
Matthias Corvinus-Straße 15
3100 St. Pölten

DeepSec2016 Talk: Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets – Gerhard Klostermeier

Wireless desktop sets have become more popular and more widespread in the last couple of years. From an attacker’s perspective, these radio-based devices represent an attractive target both allowing to take control of a computer system and to gain knowledge of sensitive data like passwords. Wireless transmissions offer attackers a big advantage: you don’t have to be around to attack something or someone. Plus the victims often don’t know what it happening.

At DeepSec 2016 Gerhard Klostermeier will present the results of research on the matter of wireless mouse/keyboard attacks. Furthermore you he will demonstrate ways in which modern wireless desktop sets of several manufacturers can be attacked by practically exploiting different security vulnerabilities.

We recommend this talk to anyone still using old-fashioned input devices for creating content.

gerhard_klostermeier_small

Gerhard is interested in all things concerning IT security – especially when it comes to hardware or radio protocols. He successfully studied IT security at Aalen University and is working at SySS GmbH since 2014 as IT security consultant and penetration tester. Gerhard was speaker at GPN 2013 – a conference organized by the Chaos Computer Club (CCC) in Karlsruhe – where he talked about hacking RFID-based student cards. He is also author of the Mifare Classic Tool Android app.

DeepSec 2016 Talk: Assessing the Hacking Capabilities of Institutional and Non-institutional Players – Stefan Schumacher

Cyberwar, Cyberterror and Cybercrime have been buzzwords for several years now. Given the correct context, using cyber has merits. However Cyber-Headlines are full with Cyber-Reports about Cyber-Incidents, Cyber-Hacking and Cyber-Cyber in general. However, that whole discussion does not only suffer from sensationalism of journalists and bloggers, there are also some fundamental problems, says Stefan Schumacher. We are still lacking useful definitions for modern IT security threats and we still have to think about the assessment of capabilities in the IT field.Besides institutional actors like states and their military and intelligence community we also have to assess the capabilities of non-institutional actors like terrorist groups or organised crime.

Unlike the assessment of classic military strength (eg. fighting power or Kriegsstärkenachweise), assessing the capabilities and powers of actors in the IT field is much more complicated and complex.In his talk Stefan will introduce the first tools, methods and statistics to compare hacking capabilites and assess the »cyber fighting power« of different actors. He will look into the capabilities of state actors and their agencies as well as the capabilities of their economies and how well they can be translated into IT security.

Additionally, Stefan Schumacher will try to assess the capabilities of independent groups like organised cyber crime, terrorists and hacking groups. Their capabilities are much harder to assess, so he will look also into their history, culture and ethics to find answers. Finally, Stefan will introduce some tools from IO psychology that can be used to assess the technical capabilities of organisations and the motives and motivations of their members.

stefan-schumacherStefan Schumacher is the president of the Magdeburg Institute for Security Research and editor of the Magdeburg Journal for Security Research in Magdeburg/Germany. He started his hacking career before the fall of the Berlin Wall, on a small East German computer with 1.75 MHz and a Datasette drive.
Ever since he liked to explore technical and social systems, with a focus on security and how to exploit them. He was a NetBSD developer for some years and  involved in several other Open Source projects and events. He studied Educational Science and Psychology, has done a lot of unique research about the Psychology of Security with a focus on Social Engineering, User Training and Didactics of Security/Cryptography. Currently he’s leading the research project Psychology of Security,focusing on fundamental qualitative and quantitative research about the perception and construction of security. He presents the results of his research regularly at international conferences like AusCert Australia, Chaos Communication Congress, Chaos Communciation Camp, DeepSec Vienna, DeepIntel Salzburg, Positive Hack Days Moscow or LinuxDays Luxembourg and in security related journals and books.

DeepSec 2016 Talk: Why Companies Must Control Their Data in the Era of IoT – and How To – Kurt Kammerer

In his talk Kurt Kammerer addresses any company’s dilemma: The need for data sharing in the era of IoT while at the same time controlling access and ownership. In order to succeed in business, it is imperative to make data available to customers, suppliers and business partners. However, the explosion and the proclaimed free flow of data can turn against an organisation and threaten its very existence, if not professionally controlled. We asked Mr. Kammerer a few questions beforehand.

Please tell us the top 5 facts about your talk.

  1. The relevance of “data” increases by the day and “data” is imperative to compete. Therefore, it is an asset companies must control.
  2. Data ownership is increasingly being challenged in the era of cloud/IoT (who created the data and who actually owns it?)
  3. Not exercising enough control over your data will dilute your business model.
  4. Data privacy and data ownership are cornerstones for any IoT use case
  5. IoT will control you (rather than the other way round) unless you take data governance, ownership and control seriously.

How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?

My talk addresses the major “data dilemma” that enterprises have to face:

  • On the one hand, data has emerged as the strongest competitive asset that a company has. Limiting access to such data is vital for the survival of any company.
  • On the other hand, only if you share and publish data within your commercial ecosystem, you can have commercial success.

Reconciling these contradictory requirements in daily business life requires full dedication, skill and discipline from all stakeholders of an organisation or ecosystem. At the same time, consumers must be aware of this in order to make informed decisions about with whom they want to share which data.

Why do you think this is an important topic?

In the era of IoT, data is king!

Is there something you want everybody to know – some good advice for our readers maybe?

Whoever is in control of your data, will be able to control your destiny.

A prediction about the future – What do you think will be the next innovations or future downfalls when it comes to particularly your field of expertise / the topic of your talk?

Being in control means being in control of your critical data, and not all data available. We will see gigantic “big data” initiatives fail due to the daunting and cumbersome task to identify “the needles in the haystack” if the haystack experiences explosive growth. In contrast, we will see “smart data” solutions succeed that do not bet on sheer processing power, but also take relevance into account. Therefore, keeping your “haystack” at a size that fits your barn by filtering out the noise will remain critically important.

kurt-kammerer

Kurt is CEO and co-founder of regify, a software company that focuses on trusted e-communications. As a serial entrepreneur, Kurt has established several software and communication businesses. From 2003 to 2008, he led the growth of US-based VI Agents, a pioneer in business applications delivered as a service. From 1996 to 2002, Kurt served as CEO of living systems AG, an international supplier of e-commerce software which he had co-founded in 1996.

Kurt holds a Business and IT degree from the University of Karlsruhe, Germany. He was honored as a “Technology Pioneer” by the World Economic Forum. He also received awards from the Asia-Europe Young Entrepreneurs Forum in Singapore and the Wharton Infosys Business Forum.

Why you should attend DeepSec 2016 – Last Call

There are many reasons to go to DeepSec this year. It doesn’t matter if you worked on your presentation slides on the way to work, got hacked by a nation state, own a smart device, defused cyber weapons, or simply fight the T-Virus in a hospital. The DeepSec conference is the place to be for exchanging war stories (hey, everyone is at cyber war with someone these days) or talking about ideas to do the next project right. Plus we have to celebrate 10 years of DeepSec conferences!

Tickets are still available via our online booking service. In case you have problems booking online, please get in contact with us. We can work something out.

Looking forward to see all of you in Vienna next week!

Posted in Conference by . 5 Comments

FHOÖ supports DeepSec 2016 Conference!

We are glad to announce that the University of Applied Sciences Upper Austria supports the DeepSec 2016 conference! Their motto teaching and learning with pleasure – researching with curiosity fits perfectly to information security. Their courses cover more than just computer science. If you are interested in engineering, economics, management, media, communications, environment, or energy, then you should take a look at their courses.

University of Applied Sciences Upper AustriaYou can talk to students and staff at their booth. They will show your a selection of projects from the field of information security. Don’t hesitate, ask them with curiosity!