Archive for November, 2017

DeepSec 2017 thanks you and DeepSec 2018 is almost ready

November 22, 2017

We caught up on sleep and are right in the middle of post-processing DeepSec 2017. Thanks to you all for attending, presenting, sending feedback, and being part of a great event. The slides will be online soon. The videos are being converted. We will upload them as bandwidth permits. All speakers and attendees will get […]

Tags: , ,
Posted in Administrivia, Conference, Mission Statement No Comments »

DeepSec2017 U21 Talk: Lessons Learned: How To (Not) Design Your Own Protocol – Nicolai Davidsson

November 15, 2017

“One of the first lessons of cryptography is “don’t roll your own crypto” but we were bold enough to ignore it”, says Nicolai. “Single Sign-On is so 2016 which is why we’d like to introduce its replacement, Forever Alone Sign-On – FASO. This talk will discuss one of the ugliest SSO solutions you’ll ever see, […]

Tags: , , , ,
Posted in Conference, Development, Security No Comments »

ROOTS: Out-Of-Order Execution As A Cross-VM Side Channel And Other Applications – Sophia d’Antoine

November 15, 2017

Given the rise in popularity of cloud computing and platform-as-a-service, vulnerabilities, inherent to systems which share hardware resources, will become increasingly attractive targets to malicious software authors. In this talk, Sophia will introduce a novel side channel across virtual machines through the detection of out-of-order execution. She and her colleagues created a simple duplex channel […]

Tags: , , , ,
Posted in Conference, Security No Comments »

DeepSec 2017 Talk: OpenDXL In Active Response Scenarios – Tarmo Randel

November 15, 2017

Automating response to cyber security incidents is the trend which is – considering increasing amount of incidents organizations handle and ever-increasing attack surface – already becoming mainstream. In this talk Tarmo explores the options of using OpenDXL in real life situation of mixed environments, legacy solutions and multiple vendors for connecting existing (and future) cyber security […]

Tags: , , ,
Posted in Conference No Comments »

ROOTS: On The (In-)Security Of JavaScript Object Signing and Encryption – Dennis Detering

November 14, 2017

JavaScript Object Notation (JSON) has evolved to the de-facto standard file format in the web used for application configuration, cross- and same-origin data exchange, as well as in Single Sign-On (SSO) protocols such as OpenID Connect. To protect integrity, authenticity and confidentiality of sensitive data, JavaScript Object Signing and Encryption (JOSE) was created to apply […]

Tags: , , , , , ,
Posted in Security No Comments »

DeepSec2017 Talk: Building Security Teams – Astera Schneeweisz

November 14, 2017

While ‘security is not a team’, you’ll find that most companies growing just beyond 60-80 people start employing a group of people focusing primarily on the topic. But the culture of secure engineering in a company does not only strongly correlate with when you start building a security team – it becomes (and grows as) […]

Tags: , , , , , ,
Posted in Conference No Comments »

Notes on the ROOTS Schedule and the Conference

November 14, 2017

We are all set for the conference on Thursday. We did some last minute changes to the schedule due to some speakers running into issues, but we can confirm almost all presentations.You may have noticed the ROOTS schedule. It’s a bit shorter than DeepSec’s, but both events are not competing. The review for ROOTS is […]

Tags: ,
Posted in Administrivia, Conference, Discussion No Comments »

DeepSec 2017 Talk: How I Rob Banks – Freakyclown

November 14, 2017

You are in for an adventure at DeepSec this year. We have a tour on robbing banks for you: A light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the worlds largest banks. Through the use of tales from the front line […]

Tags: , , , , ,
Posted in Conference, High Entropy, Security No Comments »

Screening of “The Maze” at DeepSec 2017

November 3, 2017

We have some news for you. Everyone attending DeepSec 2017 will get a cinematic finish on the last day of the conference. We will be showing The Maze by Friedrich Moser. For all who don’t know Friedrich’s works: He is the director of A Good American which was screened at DeepSec 2015. The Maze is […]

Tags: , , , ,
Posted in Administrivia, Conference, High Entropy No Comments »