The Internet of Things is knocking at your door. Many businesses and private individuals have already admitted IoT to their offices and homes, unfortunately often without knowing what they’ve let themselves in for. A naive belief in progress opens all gates, doors and windows to attackers. This is a serious matter. Therefore, DeepSec Conference will focus on this topic on the occasion of its 10th anniversary. The program includes lectures and workshops about the components of smart devices, smart houses and smart networks. Not all products come with a solid security concept. How to test if your devices function properly? What consequences has the total conversion to “smart”? How to proceed correctly to select appropriate systems?
Hacked by your fridge
Spectacular burglaries have always been the best material for screenplays. We know the scene where the protagonist floats on ropes over a light barrier and has to apply all kinds of special tricks to reach her goal. Several films portray hackers who operate with enormous effort the most sophisticated technology to penetrate a network and copy data. This scenario might soon be a thing of the past. With the networking of kettles, refrigerators, scales, toy dolls, phones, televisions, washing machines or toothbrushes the level of difficulty has dropped considerably. Be it because of the design or because of the limited capabilities of its hardware, everyday objects were never meant to defend your living room or office space against attackers.
Early adopters have never been bothered by this. But now the Internet of Things with all its components and implications slowly becomes the norm. Therefore, it’s high time to deal with its security concept.
Striking deficiencies in applied cryptography
An important component of information security is still used improperly: We’re talking about cryptographic methods for authentication, encryption and decryption. Since foreign networks naturally don’t advertise their level of trust, one isn’t allowed to communicate in plain text without signature any more, at the latest since the publication of the Snowden documents. However, the same applies to everyday objects and their servers nowadays, as well as to websites and apps on smartphones.
For this very reason the DeepSec conference offers lectures and workshops for decision makers, developers and engineers to advice and actively support them. Even without mathematics you must be able to properly assemble the building blocks of good security design. Even motorists without a degree in chemistry know the difference between petrol and diesel. The same principle should hold true for the development department. The lecturers also want to provide the impetus to question existing configurations with their contents. Nothing has been built to last forever.
Alas, Secure Coding in itself is no longer sufficient to help companies and their products on the IoT market, to survive in the modern networked world. You have to get the design right in the first place.
Smart Weather: Sunny with cloudy intervals
Cloud systems will also be critically examined at DeepSec Conference. Nowadays many approaches no longer think of local data management. Therefore, web browser, web applications and the surfaces of local devices are inevitably affected. The word cloud comprises a number of technologies, which are automatically included in the presented scenarios. From the viewpoint of information security, the problems have only moved to a different area. But anyway, you have to deal with it.
The conference program bridges Cloud systems, the Internet of Things and the intelligent protection of data hosted by external service providers. Machines are not only a threat, but can be used to protect your own infrastructure. Adaptive algorithms have been hotly debated in recent months. Expert lecturers will explain how to use these tools properly and inform you about their limitations.
In-depth conference programme
On the occasion of the 10th DeepSec Conference ten two-day workshops were added to the program. Topics range from wireless attacks, fixing vulnerabilities with patches, cryptography, targeted attacks on Apple’s iPhone and IoT devices, Windows PowerShell for attackers / defenders, network technology, secure web application development to social engineering. International trainers bring their expertise to the heart of Europe, thereby providing you with a unique training opportunity.
And then there’s the two-day conference program full of presentations from all areas of IT Security.
The keynote will be given by Marcus Ranum, who set up the first email server for whitehouse.gov, and will reflect over 30 years of IT Security.
Here’s the link to the entire program:
DeepSec Workshops: 8/9. November 2016.
DeepSec Conference: 10/11. November 2016.
Venue: The Imperial Riding School Vienna – A Renaissance Hotel, Ungargasse 60, 1030 Wien.
Tickets are available online:
If you need any further information please don’t hesitate to contact us.