Change of Ticket System for DeepSec and DeepINTEL

René Pfeiffer/ January 31, 2018/ Administrivia, Conference

We have made some changes behind the scenes, as always when preparing the new events for the year. This time we decided to change the ticket shop for both DeepINTEL and DeepSec. The reason for the new shop is its focus on privacy and security. Most shops are part of a social media network or collect too much information (can be both, depends on the interaction and the platform). It doesn’t matter if the collected information is being protected by privacy procedures or not. Our intent was to streamline the process. For you this means that you can buy your tickets as easy as before. We still have vouchers, too. Ask our sponsors. Furthermore the payment is done directly to us, so we can manage your visit to DeepSec and DeepINTEL more efficiently. Also

Read More

DeepSec 2018 calls for Trainings and Content – Focus Mobility

René Pfeiffer/ January 31, 2018/ Call for Papers, Conference, Discussion

The DeepSec 2018 Call for Papers is open. The focus for this year is mobility. Mobile networks and mobile devices have established themselves firmly in our society. And mobility doesn’t end here. Transport is transforming into new technologies by incorporating access to data networks (yes, that’s the „Cloud“), the power grid (think electric vehicles), drones, new propulsion systems, artificial intelligent (sometimes even both!) personal assistants and algorithms (mathematics has become mainstream). The ever growing number of dependencies between components are a fertile breeding ground for cascading errors that impact more than your new car or your latest order from your favourite online shop. Information security must become as mobile as home deliveries of goods and electric power. And it must become common. Infosec isn’t optional any more. Since bug logos have captured the minds

Read More

Secret Router Security Discussion in Germany

René Pfeiffer/ January 26, 2018/ Internet, Security

Routers are the main component when it comes to connect sites, homes, and businesses. They often „just“ take care of the access to the Internet. The firewall comes after this access device. The German Telekom suffered an attack on their routers on 2016. The German Federal Office for Information Security now tries to create a policy for securing these critical systems. In theory this should add a set of documents on how to securely operate a router for the last mile access. Information security basically runs on checklists and policies. The trouble starts with the firmware. In Germany these is a discussion about using alternative devices as access components, enabling customers and organisations to use products of their own choice. Since firmware is the worst code on this planet, changing models and code is

Read More

Save the Dates for DeepSec 2018 and DeepINTEL 2018

René Pfeiffer/ January 24, 2018/ Administrivia, Conference

While everyone was busy with the holidays, Meltdown and Spectre, we did some updates behind the scenes. DeepSec 2018 will be held from 27 to 30 November 2018. We tried not to collide with Thanksgiving, so that you can come to Vienna after being with your family. As always, the first two days will be the trainings followed by two days of conference. DeepINTEL 2018 will be on 17 / 18 September 2018. We have a topical focus for both events and will present each of them in a separate article. There still some details to work out. Wordsmithing and administrivia are the equivalence of dependencies and patches in software development – necessary, but they take time. It’s worth it, you will see for yourself. We have a special message for anyone who intends

Read More

Meltdown & Spectre – Processors are Critical Infrastructure too

René Pfeiffer/ January 6, 2018/ Discussion, High Entropy

Information security researchers like to talk about and to analyse critical infrastructure. The power grid belongs to this kind of infrastructure, so does the Internet (or networks in general). Basically everything we use has components. Software developers rely on libraries. Usually you don’t want to solve a problem multiple times. Computer systems are built with many components. Even a System on a Chip (SoC) has components, albeit smaller and close to each other. 2018 begins with critical bugs in critical infrastructure of processors. Meltdown and Spectre haunt the majority of our computing infrastructure, be it the Cloud, local systems, servers, telephones, laptops, tablets, and many more. Information security relies on the weakest link. Once your core components have flaws, then the whole platform may be in jeopardy. In 2017 malicious hypervisors in terms of

Read More