Author Archive

Nikhil Mittal has two Black Hat Europe passes for his attendees

October 21, 2015

Nikhil Mittal offers two passes for Black Hat Europe, Amsterdam, Nov. 10-13 for his workshop attendees at our DeepSec in Vienna. If more than two are interested we will make a raffle or a sweepstake. Workshop: Powershell for Penetration testers Deadline is in two weeks, when we make final decisions about our workshops. So if […]

Tags: , ,
Posted in Conference, Schedule 1 Comment »

DeepSec Talk: Got RATs? Enter Barn Cat (OSint)

October 21, 2015

We are happy to have John Bambenek (Fidelis Cybersecurity & SANS Internet Storm Center) on stage to present his new Open Source Intelligence Project Barn Cat. OSINT Barn Cat: Mining Malware for Intelligence at Scale I like the name of the project: Barn cats are the best mousers and this new project is targeted to […]

Tags: , ,
Posted in Conference, Schedule 1 Comment »

RandomPic XSA-108

October 2, 2014

What a couple of Infosec people thought about XSA-108. Apparently some were a little bit disappointed that XSA-108 affects “only” HVM. Sorry, not another catastrophy, not another heartbleed, Shellshock or something in this class. Only a vulnerability which potentially allows access to other VMs. Anyway, time for an update! (Idea shamelessly stolen from aloria)

Posted in High Entropy, RandomPic Comments Off on RandomPic XSA-108

New Use Cases for Bitcoin

May 30, 2014

Although I’m new in the Bitcoin world I had a quite promising start. Earlier this month I was able to visit the Bitcoin Conference in Amsterdam and had some very good conversations with core developers from the Bitcoin Foundation and to my honor also the chance to talk to Gavin Andreesen, long-time lead developer and […]

Tags:
Posted in Security, Stories 1 Comment »

Musings about PRISM and the Like, or an Appeal to Reasoning

July 17, 2013

Spying and Distrust are not new, Full Stop. We are old enough to have witnessed many large spying programs in “real time”, starting in the 90ies and continuing until now. Everybody spies on everybody else, everybody tries to use every resource available to gain any kind of intelligence useful for the very own benefit. Alliances, […]

Posted in Discussion, Mission Statement, Security Intelligence Comments Off on Musings about PRISM and the Like, or an Appeal to Reasoning

Accounts receivable and payable

April 1, 2013

From now on all incoming and outgoing payments for DeepSec and DeepINTEL tickets, sponsor packages, speaker travel reimbursements, hotel, accommodation, catering, support for the community etc. will only be accepted resp. paid in Bitcoins. As we do not trust electronic money transfers (hey, guys – we conduct a security conference!) the following rules will apply: […]

Tags: ,
Posted in Administrivia, Legal Comments Off on Accounts receivable and payable

A Security Conference is not a Flashmob

January 28, 2013

Suddenly: Security Speakers! (This is the first part of a series which can be regarded as our “Mission Statements”.) No, this is not what a conference should be like: By some obscure coincidence 32 speakers emerge with a talk in their pockets and hit the stage, one after the other. Rather this is true: We […]

Posted in Mission Statement Comments Off on A Security Conference is not a Flashmob

Conference seats are running low…

November 8, 2012

Honestly: We have such a big interest this year, which is beyond any expectations that we might need to close our ticket sales one or two weeks before the conference. If the trend continues like past years we will exceed the capacity for the conference rooms and the restaurant.We are negotiating with the hotel and […]

Posted in Conference 2 Comments »

Alien Technology in our Datacenters

November 5, 2012

Sometimes when I watch administrators at work, especially when I start to ask questions, I get an uneasy feeling: “this is not right”. As it turns out many of the people who maintain, manage and configure IT or communication equipment don’t understand the technology they are using. At least not in depth. Mostly they have […]

Posted in High Entropy, Security, Stories 2 Comments »

Groundhog Day (Not a Film Review)

October 20, 2012

Recently there was a re-run of the movie “Groundhog Day” on German TV and after a while I felt a familiar feeling: Our security efforts are a lot like the story. The protagonist is caught in something like a time-loop until he gets everything right. A previously cynical, disrespecting, arrogant and selfish news reporter wakes […]

Posted in High Entropy, Security 1 Comment »

High Availability is not Redundancy

October 11, 2012

This is about the “A” in the CIA triad of security: Confidentiality, Integrity, Availability Just recently I was a witness of an incident where the failure of a perceived redundant system caused an outage of more than 5 hours of the central IT services of a multinational/intercontinental enterprise. Vital services like VoIP calls and conference […]

Tags: , ,
Posted in High Entropy, Odd 1 Comment »

“The early bird gets the worm” or “Can you be faster than FUD?”

June 27, 2012

This is an old saying and like most old sayings it bears some truth: the first one to notice an opportunity does indeed have an advantage. But I don’t want to philosophize about “ancient wisdom” or something the like but I want to address a quite up-to-date topic: 0-day prevention, early warning systems, heuristic detection […]

Tags: , ,
Posted in Conference, Security Intelligence Comments Off on “The early bird gets the worm” or “Can you be faster than FUD?”

The Internet: Agora or Boudoir?

June 10, 2012

Some people believe the Internet is like the Agora of ancient Greek cities where everybody meets and everything happens in public and open sight while others regard it is as their boudoir where they can pursue their private business without anyone peeping through the keyhole. The challenge is that the Internet is both and this […]

Tags: ,
Posted in Discussion, Internet Comments Off on The Internet: Agora or Boudoir?

What to expect from DeepINTEL

May 31, 2012

Preliminary schedule soon (CFP is still open) DeepINTEL will be a conference about security intelligence on September 3rd and 4th 2012 in the heart of Europe. We have prepared this project for a long time and we were monitoring the security intelligence landscape for quite a while. During the last year we had many chances […]

Tags: ,
Posted in Conference, Security Intelligence Comments Off on What to expect from DeepINTEL

Security in the Trenches (or how to get dirty and stay clean)

February 27, 2012

Sometimes you have to get dirty, sometimes it’s fun to get dirty. No it’s not what might come to mind, it’s about the dirty business of information security: you have to break things to see if they are secure enough and to learn about weak points. But what to break? Your own systems? Someone else’s […]

Tags: , ,
Posted in Security, Stories Comments Off on Security in the Trenches (or how to get dirty and stay clean)