Evaluating your CfP submissions for DeepSec 2010

René Pfeiffer/ July 31, 2011/ Administrivia

We’ve been busy attending the 1. Sicherheitspolitische Aufbauakademie des Bundesverbandes Sicherheitspolitik an Hochschulen in the past days, so we will not comment the submission for DeepSec 2011 immediately. Gathering from the summaries and descriptions so far we are every impressed. DeepSec 2011 will feature some serious talks and new content. Thanks for taking your time and considering to hold a talk at our conference! We will need some time to sort through all submissions and rank them. We may come back to you for questions, but you will get a notice on the state of your submission as soon as possible. Stay tuned! In case you want to submit a talk late, please drop it into our mailbox or use the Call for Papers manager. You will be ranked after the submission that we

Read More

Last Call for DeepSec 2011 – Reminder – Call for Papers!

René Pfeiffer/ July 17, 2011/ Administrivia, Conference

Come on, get your submissions in order and send them to us! The past weeks were full of vulnerabilities, exploits in action and illustrated security very well. Let’s recall what we are looking for. Mobile computing and communications (the protocols and the gadgets) IPv6 (again protocols and the gadgets) Security management and IT governance (a.k.a. “The Big Picture”) Cloud computing and virtualisation (a.k.a. infrastructure 2.0) Security intelligence (few have it) Psychological aspect of security (social engineering, usable security, …) Topics that have a high impact on IT security (or your/our life in general) Design flaws (“defective by design”, the bugs are out there…) We’re looking for workshops, talks and submissions from young talents (U21). Updates and reviews are welcome provided they are still a threat (the web never gets boring for example). New uses

Read More

Subverting Femto Cells – Infrastructure at Risk

René Pfeiffer/ July 14, 2011/ Security

The past DeepSec conferences featured talks about mobile telecommunication networks. Security researchers had to turn mobile phones into base stations or create their own from hardware and software. Yesterday The Hacker’s Choice have published a security analysis of Vodafone’s Femto Cells. These cells are small routers used for boosting the 3G signal. They cost about 160£ and can be purchased through the Vodafone store. Reverse engineering turns these little routers into full-blown 3G/UMTC/WCDMA interception devices. You can catch IMSIs and retrieve the secret subscriber information by requesting it from the core network. By using this secret key material you can decrypt intercepted phone calls and data transmissions. The reverse engineering process even produced the root password of the device (it’s ceolyx, but you need to decrypt it; other blogs feature the full plaintext password). This

Read More

SecInt: Radar for Anti-Security Movement

René Pfeiffer/ July 7, 2011/ High Entropy, Press, Security

We have been talking to some journalists in the past weeks. Most questions revolved around the rise in attacks against well-known web sites and their companies (or vice versa). Jeffrey Carr has published a good source for an overview of Anti-Security groups. If you are looking what to put on your radar, his article might be a good start. Security intelligence is gathering importance. Make sure that you don’t drown in tools or gadgets, and that you don’t neglect your strategic view. Quite a lot of people are confused by the many reports of incidents, „lulz“, „LOLs“, scanty slogans when it comes to motivations of attackers, damage reports, panic and media mind disruption (always remember: anonymous ≠ Anonymous). Currently we’re working on material to put the threats into perspective. It’s hard to distinguish the

Read More

Veranstaltung zum Thema Informationstechnologie und Sicherheitspolitik

René Pfeiffer/ July 1, 2011/ Veranstaltung

Zwischen dem 28. und 31. Juli 2011 findet in Berlin die 1. Sicherheitspolitische Aufbauakademie des Bundesverbandes Sicherheitspolitik an Hochschulen statt. Sie trägt den Titel „Informationstechnologie und Sicherheitspolitik – Wird der 3. Weltkrieg im Internet ausgetragen?“. Die DeepSec Konferenz wird bei dieser Veranstaltung mit zwei Vorträgen zum Thema „Angriffe gegen Funknetze – wie verwundbar ist das GSM-Netz?“ und „Ausgewählte Angriffsvektoren — Zombies, Botnetze und dDoS-Attacken“ mitwirken. Wir versuchen damit Auszüge und Zusammenfassungen der vergangenen DeepSec Konferenzen komprimiert und auch für Nichttechniker zu vermitteln. Das volle Programm ist als PDF herunterladbar. Im Rahmen der Veranstaltung sollen die Themen Sicherheitspolitik und Informationstechnologie miteinander verbunden werden. „Cyberwar“ ist in aller Munde und hat schon Eingang in Militärdoktrine gefunden. Es stellen sich daher die Fragen: Was ist „Cyberwar“? Welche Bedrohungen sind relevant? Wie kann eine Auseinandersetzung mit Mitteln der

Read More