Author Archive

DeepINTEL Update, Science First Campaign, Early Birds, and other News

April 28, 2017

The Easter break is over. We didn’t sleep (much), and we did not look for Easter eggs in software either. Instead we did a bit of work behind the scenes. DeepSec 2017 will have some more content due to the co-hosted ROOTs workshop. The full call for papers will be ready on 1 May 2017. […]

Tags: , , , ,
Posted in Administrivia, Conference No Comments »

Applied Crypto Hardening Project is looking for Help

April 25, 2017

Hopefully many of you know the Applied Crypto Hardening (ACH) project, also known as BetterCrypto.org. The project was announced at DeepSec 2013. The idea was (and is) to compile hands-on advice for system administrators, dev ops, developers, and others when it comes to selecting the right crypto configuration for an application. The BetterCrypto.org document covers […]

Tags: , ,
Posted in High Entropy, Internet No Comments »

SS8 – Replacement for Insecure Signalling System No. 7 (SS7) Protocol revealed

April 1, 2017

The ageing SS7 protocol has reached it’s end of life. Security experts around the world have criticised vulnerabilities a long time ago. SS7 even facilitated unsolicited surveillance attacks. What’s more, it has its own talks at the annual Chaos Communication Congress – which is a clear sign of fail if there is more than one presentation […]

Tags: ,
Posted in High Entropy No Comments »

DeepINTEL / DeepSec News for 2017 and Call for Papers

March 27, 2017

Changing code, layout or designs have something in common – deadlines. But you cannot rush creativity, and so the new design of the DeepSec web site took some time. The old design has served us well. We basically did not change much and used it since 2007. The new design follows the stickers we use […]

Tags: , , ,
Posted in Administrivia, Call for Papers, Conference No Comments »

Submit your Talk – Call for Papers for BSidesLondon

March 14, 2017

The Call for Papers for BSidesLondon is still running! If you haven’t submitted your talk yet, please do! The deadline is 27 March 2017. Don’t miss it! The Wonderful World of Cyber is full of stuff to talk about. There is broken software all over the Internet (of Things). 0days await. Infrastructure is ready to […]

Tags: , ,
Posted in Call for Papers No Comments »

Putting the Science into Security – Infosec with Style

January 27, 2017

The world of information security is full of publications. It’s like being in a maze of twisted little documents, all of them alike. Sometimes these works of art lack structure, deep analysis, or simply reproducibility. Others are perfectly researched, contain (a defence of) arguments, proofs of concept, and solid code or documentation to make a point. […]

Tags: , , , ,
Posted in Discussion, Security No Comments »

The Sound of „Cyber“ of Zero Days in the Wild – don’t forget the Facts

January 26, 2017

The information security world is full of buzzwords. This fact is partly due to the relationship with information technology. No trend goes without the right amount of acronyms and leetspeaktechnobabble. For many decades this was not a problem. A while ago the Internet entered mainstream. Everyone is online. The digital world is highly connected. Terms […]

Tags: , ,
Posted in Discussion, High Entropy No Comments »

Putting the Context into the Crypto of Secure Messengers

January 21, 2017

Every once in a while the world of encrypted/secure/authenticated messaging hits the wall of usability. In the case for email Pretty Good Privacy (PGP) is an ancient piece of software. These days we have modern tools such as GnuPG, but the concept of creating keys, verifying identities (i.e. determining who is to trust), synchronising trust/keys […]

Tags: , , ,
Posted in Communication, Discussion, Internet No Comments »

DeepSec Administrivia for 2017, the Year of the Cyber

January 20, 2017

2017 is in full swing, and it didn’t wait long. December was full of „hacking“ news. It seems digital war(e)fare knows no break. We will address some of the issues in a series of blog articles. Also we have uploaded the DeepSec 2016 videos to Vimeo. Attendees and speaker will get access before we publish […]

Tags: , ,
Posted in Administrivia, Conference No Comments »

Security BSides Events – Give a Present to the Community

December 23, 2016

You most certainly have heard about the security BSides events. If you are not sure what gift to get, why not help out the BSides events a bit? BSides London is looking for help. BSides Ljubljana has started its call for papers. Have a look and give them a hand. Happy Holidays!

Posted in Conference No Comments »

Scanning for TR-069 is neither Cyber nor War

November 30, 2016

The Deutsche Telekom was in the news. The reason was a major malfunction of routers at the end of the last mile. Or something like that. As always theories and wild assumptions are the first wave. Apparently a modified Mirai botnet tried to gain access to routers in order to install malicious software. The attacks […]

Tags: , , , ,
Posted in Discussion, High Entropy, Internet 3 Comments »

Disclosures, Jenkins, Conferences, and the Joys of 0Days

November 17, 2016

DeepSec 2016 was great. We have slightly recovered and deal with the aftermath in terms of administrivia. As announced on Twitter, we would like to publish a few thoughts on the remote code execution issue found by Matthias Kaiser. He mentioned the possibility in this presentation titled Java Deserialization Vulnerabilities – The Forgotten Bug Class. […]

Tags: , , ,
Posted in Conference, Discussion, High Entropy 4 Comments »

DeepSec 2016 – expect 48 Hours of Failures and Fixes in Information Security

November 10, 2016

The conference part of DeepSec 2016 has officially started. During the workshops we already discussed a lot of challenges (to phrase it lightly) for infrastructure and all kinds of software alike. The Internet of Things (IoT) has only delivered major flaws and gigantic Distributed Denial of Service attacks so far. There is even a worm […]

Tags: , , ,
Posted in Conference, Discussion 2 Comments »

Screening of “A Good American” in Vienna with Bill Binney

November 9, 2016

There will be a screening of the documentary A Good American in Vienna tomorrow. We highly recommend watching this film, even if you are not directly connected to information security. Threat intelligence has far-reaching consequences, and in the case of the world’s biggest intelligence agency it also affects you. A Good American will be shown […]

Tags: , ,
Posted in Discussion, High Entropy, Security Intelligence 1 Comment »

IT-SeCX 2016: Talk about Relationship between Software Development and IT Security

November 3, 2016

The IT-SeCX 2016 event takes place on 4 November at the St. Pölten University of Applied Sciences LLC. It’s a night of security talks, held by various speakers from the industry, academic world, and other institutions. We will give a presentation exploring the relationship between the fine art of software development and the dark art […]

Posted in Discussion, Veranstaltung No Comments »