New date, same Location: DeepINTEL 2018 has been moved

The DeepINTEL 2018 has been moved in time, not in space. DeepINTEL 2018 will take place on 28 November 2018. The day is the second day of trainings at DeepSec. DeepINTEL Jubilee and Munin, Ravens of the Tower of London. © User:Colin / Wikimedia Commons / CC BY-SA 4.0,_Ravens,_Tower_of_London_2016-04-30.jpgwill be in parallel, and it will be for one day instead of the original two days. We had to moved because of organisational constraints. By moving DeepINTEL we hope to create a better placement for the security intelligence platform. In addition the DeepINTEL Call for Papers is easier, allowing trainers and speakers at DeepSec to contribute to the aspect of DeepINTEL with specific content.

In case you have some content for us: he focus for 2018 are stealthy and persistent attacks. This is the classic espionage attack vector, only with modern means. Ubiquitous networking, complex trust-relationships, and the increased flow of information (and code) is the perfect breeding ground for advanced and persistent threats. We would like to discuss past and present threats in this context without the hype. Essentially we like to focus on (industrial) espionage and methods of nation state actors. If this sounds interesting and you have something to say on this topic, please let us know as soon as possible.

DeepSec Call for Papers Ended – Review Process – Melting Brains – Hard Facts

Year by year it is getting harder to review the growing numbers of submissions. Thanks a lot for your contribution! It’s always a pleasure to read what you sent us. We have started to review as soon as you submit, but given the heat and the sheer number of submissions, it will take a few more days. We only have two days of trainings and two days of conference – which isn’t nearly enough. We will try to come up with a schedule that covers current events, science, and threats of tomorrow.

Speaking of science, the Call for Papers for ROOTS 2018 is still running!A photograph of papyrus. {{PD}} Source: We like to see more solid research in information security. It’s easy to get headlines or flourish on social media, but information security needs to do its homework. This means you have to get rid of bias, make sure your results can be reproduced, and most importantly be able to defend your claims with facts. Every year we get the same rock star/best logo/much-noise-less-signal discussion. On top of that someone writing about the newest may get something wrong, thus everything get worse very fast. The motto „Science First!“ and the the birth of Reversing and Offensive-oriented Trends Symposium (ROOTS) parallel to the DeepSec conference was meant to combine information with security. Our work is based on observation, careful analysis, well-written documentation, and solid evidence. It doesn’t matter if you believe that something works or doesn’t work. In addition we should be open to analysis and question the wisdom and experience we all use every day. Maybe we missed something – if so, we need to know.

So, we try to keep our heads cool, not easy in the Summer heat, and we will continue to review what you submitted. Please relay the ROOTS CfP to everyone doing research. We’d love to have presentations about the results research in Vienna in November!

DeepSec 2018 Call for Papers – Deadline today!

Sadly the climate does not extend deadlines. The Call for Papers of DeepSec In-Depth Security Conference 2018 ends today at midnight. Please make sure that you send us your submission in time. All submissions reaching us before the deadline ends have priority over any later submissions!Barbecue fire We will leave the submission form online for a while longer in order to compensate for the heatwave currently rolling over Europe.

Don’t forget that the Call for Papers for ROOTS 2018 (the Reversing and Offensive-oriented Trends Symposium) is still open and accepts submissions! Please spread word about ROOTS. We would like to feature „Science first!“ again in 2018.

A big thank you for all who already sent us their content! As always we will have a hard time sorting through everything and selecting the presentations and trainings.

New in the DeepSec Ticket Shop: Tor Tickets for Early Birds and InfoSec Minds

Link to the DeepSec 2018 ticket shop.We have a new category in the DeepSec ticket shop. We now have Tor tickets! Why is that? Well, information security relies heavily on the tools of the trade and the knowledge to use them. Tools can be created and used, knowledge can be shared and used. This is not a new insight. The special Tor tickets are a way to help the German non-profit registered association Zwiebelfreunde e.V. for rebooting their infrastructure. They run Tor nodes and provide the necessary infrastructure to do this. Members of Zwiebelfreunde have been speakers at DeepSec in the past because they are also active security researchers. The difference between the Tor ticket and the normal ticket price will be given to them to recover the damage to their infrastructure.

Security tools such as Tor are widely used by law enforcement, agencies, security researchers, academics, normal people, businesses, and more. The Tor project maintains a list of typical Tor users. Non-profit organisations keep Tor alive, and the ticket category is our contribution. We use Tor and other security tools daily too. So if you want to contribute you just need the right ticket. We will confirm your contribution and send the price difference to Zwiebelfreunde. Security is a team effort. We hope that some of you give their support as well.

ROOTS and DeepSec 2018 Call for Papers – Reminder and Bugfix

The ROOTS and DeepSec Calls for Papers are still running! We did some bugfixing on the web page, so the deadline for any ROOTS submissions is now 26 August 2018. Please spread the word and submit your research. If you need any assistance feel free to contact us.ROOTS Call for Papers link.
The DeepSec Call for Papers closes on 31 July 2018. Now is the time for your submission. We are looking forward to see your presentation on stage at DeepSec 2018!

Thoughts on the Information Security Skill Set

Converting coffee into experience and knowledge.As mentioned in an earlier blog article we moved our office infrastructure to a new location. Once you use a space for more than a decade things inevitably pile up. So I had to sort through hardware, software (on optical storage hardware and floppy disks), lecture notes from a previous life, ancient project documentation, and notes on ideas for a brighter future. Most things were thrown away (i.e. responsibly recycled), some stuff could be saved by enthusiasts (for example the two old Amigas that were sitting in the basement). All of the things we had to move had a purpose once. The main purpose was to get familiar with technology, accumulate knowledge, and understand how things work. This is essentially the hacker mindset, also found among scientists. Given the many presentations at past DeepSec conferences, the workshops, the many hours spent with bad documentation and even worse code, there is a simple question. What do you need to know to work in information security?

I want to give you an example for illustration. During the past weeks I had to write a summary about the state of affairs regarding Transport Level Security (TLS) for email transport. If you have 20+ years actual experience as a postmaster, running MTAs and routing email, and you haven’t stopped looking at new protocols or standards, then you know all you need. Nevertheless it took days to get the document done. Written correctly, it featured almost 100 sources for everything mentioned. The introduction alone was the biggest part. You have to understand all the parts involved – Internet protocols such as DNS (which includes DNSSEC and DANE), the SMTP family, SSL/TLS obviously, but also local considerations such as storage and the intermediate end points of the message chain, cryptography (X.509, algorithms and friends), and more stuff I leave out here. After that you can get to the point and describe the current state of affairs. This says a lot about the skills necessary for a „simple“ thing as email transport. Yet you are right in the middle of information security, because even as a system administrator you are responsible for doing the best you can to protect the content your systems are transporting. End-to-end encryption is still missing in this picture.

Modern society is run and requires an army of specialists. The days in science where a researcher could know everything in all fields were probably more than 300 years ago (my teachers taught me that Gottfried Wilhelm Leibniz was the last human who could do this. They might have been wrong about this though, it’s hard to measure what people really know and what they don’t). Information security is no different. Security tests and implementations are done in teams. Learning is done in groups. Knowing a single skill set is not enough. Having worked in three different fields for some time (i.e. longer than a year) is a good start. Sysadmin’s often say: „Rome wasn’t burnt in one day.“ 😈 It’s true. 🙃 People new to information security often don’t know where to start. Well, the fact is that you have to start more than once, and you have to keep going. This is exactly why we support the Rookie Track at BSidesLondon for years. You need to be around a group of people who will share their experience and give you insights into what you can do next. Make sure never to start from unfamiliar ground. If you are interested in secure communication, then you have to know about communication in general first (you might even want to forget about digital ways to communicate to get a good start, most things don’t change when being turned digital).

The DeepSec schedule will be published in three weeks. We work hard to give you the diversity you need, topic-wise and human-wise, to get a good start in and to continue with your information security path. If you have a knack for teaching, think about submitting a presentation with these thoughts in the back of your mind. If you want to aquire a knack for teaching, please submit too. You have to start somewhere, and in information security you will never start without helping hands.

How the BND monitors Communication in Austria

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience.]

How the BND monitors communication in Austria

At the most important connection to the Frankfurt node DE-CIX data streams from Austria are copied in their entirety to lines of the BND. Selected results of their evaluation are returned by the BND to the Austrian Army Intelligence Office in Vienna.

by Erich Möchel for

The reaction of the Austrian government regarding the publication of a list of targets of the German Federal Intelligence Service (BND) in Austria has caused surprise and amusement amongst intelligence experts. The general tenor: Either the Austrian government really has no idea how the data exchange between German and Austrian intelligence services works, or this is a domestic political manoeuvre.

Really affected were the domestic intelligence services that via the BND gain insights of Austrian networks, to which f.ex. the Army Intelligence Office (HNaA) itself has no access. The communication of the Austrian targets is tapped at glass fibres with a throughput of up to 100 Gigabit/sec at the Frankfurt node DE-CIX. There is no reason to put a stop to this, because the BND has a legal mandate for tapping the targets, while the HNaA in Austria has none.

Crime Scene Frankfurt Internet Exchange

At the world’s largest Internet node located in Frankfurt the networks of international data transporters converge, one of which is the A1 Telekom. Via the DE-CIX, Internet traffic, telephone calls and metadata are forwarded to other carriers, so it deals primarily with foreign communication. On the left the graphic shows the headquarters of A1-Telekom (AS8562), already the second node (AS8447) is located at Frankfurts Internet Exchange.

The basic graphics are from the US carrier Hurricane Electric, the retro spooks were implanted by Pia Reiser (FM4).

The tip of the bold arrow marks roughly the tapping point of the BND, because that’s where all outgoing data of the A1-Telekom as well as all incoming data pass through. Only after this point, depending on their destination, the data will be split up among other carriers that are in the domain of other intelligence services. Two of AS8447’s highest-throughput connections lead to the networks of US carriers NTT America (AS2914) and Level3 (AS3356). These lines are filtered by the NSA, whose machines, thereby, receive all communications of the Austrian surveillance targets with their counterparts in the USA.

How fibre optic monitoring works

The third throughput-strong connection leads to the network of the Swedish carrier Telia (AS1299) where they also tap and evaluate the data, since the Swedish military secret service FRA has the necessary license for tapping since 2008. So there are several secret services interested in the data streams from Austria, but only the German BND has access to all data that is delivered from the A1 network in Frankfurt. However, the data streams are tapped and filtered by the same method everywhere.

The entire fibre optic line is copied via a so-called splinter to a second fibre strand. In a nutshell, at ultra-fast switches only transport-related, meaning irrelevant data are sorted out, and the relevant data are split among server batteries ,depending on their protocol (email, http, VoIP, etc.), and stored there. Only then the “selectors” of the respective secret services appear on the scene, these are telephone numbers, e-mail addresses, chat IDs, etc., which are assigned to the surveillance targets.

The data economy of the secret services

The intercepted data are used to extract insights that, however, will not remain in the sole domain of the respective intelligence. The secret services connections among each other are much closer than is commonly assumed, mainly for technical-practical reasons. As shown in the example above even the overpowering NSA has to rely on cooperation if it wants to access certain, for example Austrian, data sets. In fact, a good part of intelligence data economy consists of barter transactions with other secret services.

Only those who have enough intercepted records themselves will also receive data from intelligence partners. On behalf of the Austrian Army Intelligence Office this fact is presented in a slightly roundabout way: “The HNaA … has to procure and prepare security-related information on regions and actors that affect the national security of Austria and thus the EU and present it in the form of situation reports and situation lectures to the highest political and military leadership of the republic.” “In addition to the “essential users” of Austria, the HNaA also provides the “EU Military Staff with needs-based news”.

“The governments indignation is ridiculous”

That’s why the Graz intelligence expert Siegfried Beer described the public indignation of the Federal Government regarding the BND’s tapping activity of Austrian data sets in several interviews as “ridiculous”. As a former foreign minister, now Federal Chancellor and top recipient of the secret briefings of the HNaA, Sebastian Kurz should know how closely BND and HNaA are connected and how the data exchange between the secret services generally works. Already in 2015, as foreign minister, Kurz discussed this very topic with his German colleague Frank-Walter Steinmeier several times in detail. Since then, the BND’s tapping of lines from Austria DE-CIX, including a few monitoring targets, which are also on the list, is already known in this country.

Selectors have increased at least tenfold

That said, the research of the colleagues of “Der Standard” and “Profil” should by no means be degraded. Although what Michael Nikbakhsh and Fabian Schmid have unearthed dates back to the early days of fibre optic surveillance and already ended in 2006. However, these are selectors that directly refer to surveillance targets. And one’s own selectors are among the best-kept secrets of any secret service. Even to friendly services insight is usually granted only on an ad hoc basis and in selective extracts.

Insofar, this list is quite a rarity and it also allows for conclusions about today. If there were about 2,200 selectors by 2006, then there are at least 10 times as much in 2018. With the rapid growth in mobile communications and data traffic overall, the numbers of selectors are also growing. What’s more, Vienna is considered the world capital of espionage, because there are already as much as 18.000 accredited diplomats only located in this city. Therefore, the number of selectors now used by the BND for Austria could very well be in the mid to high five-digit range. By the way, the Frankfurt Internet Exchange has filed a lawsuit against the data-tapping machine, which is now on its way to the Federal Constitutional Court.

Infrastructure Update – Privacy Shield, Call for Papers, DNSSEC, ROOTS, and Humidity

Our blog has been a bit silent in the past weeks, because we had to move some stuff around and rearrange our infrastructure. The old office had a problem with too much water. Leaking is for whistleblowers, not water pipes. Rain is fine if the water can get to the drains. If you take a look at the photograph, imagine the scene with Summer temperatures and a high dose of humidity. Moving infrastructure around is a lot more fun when having APIs, lots of bandwidth, and server minions to take care of the storage. This wasn’t the case with our office infrastructure in meatspace. So we did a bit of a workout. It’s amazing what ancient hardware The old DeepSec office building. Keep it green!you can find when sorting through real storage space. Remember AUI Ethernet connectors with matching network interface cards? 😎

The infrastructure overhaul has brought DNSSEC to the and domains (thanks to our DNS hoster). Ask your local DNS resolver, you should see DNSSEC being used. We will also do some changes to our email infrastructure. We are unhappy with the Safe Harbor and Privacy Shield „agreements“. There is a well-deserved storm coming regarding the adequacy of the protection afforded by the EU-US Privacy Shield. We won’t wait for this to happen and move our mailboxes to a private cloud platform. It’s always nice to know where your data actually is and who has access to it. We might even implement DANE while we are at it. 🔧

The Call for Papers for DeepSec 2018 is still running. Don’t forget to submit! So far we got a lot of trainings and many interesting presentations. It will be harder than last year to decide. The schedule will be most interesting. Please prod your friends and ask them to submit to DeepSec 2018! For all you researchers out there: the Call for Papers of ROOTS 2018 is also open and waiting for your research results!

DeepSec Web Server is moving today

Z3 (computer)We are doing a little relocation of computing infrastructure today. Between 2000 and 2200 CEST we will shift the computing node to a new location. Most content is still being delivered by the reverse proxy, but you may encounter errors for the call for papers manager. For those of you who got a 5xx HTTP status code when submitting a workshop or a talk, we hope that the new infrastructure will solve this problem.

Call for Papers: Reversing and Offensive-Oriented Trends Symposium (ROOTS) 2018

ROOTS 2018

The second Reversing and Offensive-Oriented Trends Symposium (ROOTS) 2017 opens its call for papers. ROOTS is the first European symposium of its kind. ROOTS aims to provide an industry-friendly academic platform to discuss trends in exploitation, reversing, offensive techniques, and effective protections. Submissions should provide novel attack forms, describe novel reversing techniques or effective deployable defences. Submissions can also provide a comprehensive overview of the state-of-the-art, and pinpoint promising areas that have not received appropriate attention in the past.

To facilitate interaction with industry, the ROOTS ticket will be valid for all DeepSec conference tracks on both days, including the industry tracks, and the DeepSec conference tickets for the industry track will be valid for ROOTS. The usual rules for academic discounts apply. Please contact the DeepSec staff or our sponsors for discount codes.


Topics of interest include, but are not limited to:

  • New exploitation techniques and methodologies
  • New reverse engineering techniques and methodologies
  • The role of exploitation in the science of security
  • The role of reverse engineering in the science of security
  • New unintended models of programming and execution wherein the program is encoded in data, metadata, descriptors, etc.
  • Formal models of exploitation and formal methods for exploitation
  • Systematization of knowledge in exploitation
  • Systematization of knowledge in reverse engineering
  • Exploitation of trending platforms and architectures: IoT, cloud, SDNs, etc.
  • Reverse engineering of trending platforms and architectures: IoT, cloud, SDNs, etc.
  • Exploitation perspectives on emerging trust models: SGX, blockchains, etc.

PC & Publisher

The Call for Papers is open, and we welcome any kind of submissions. All submitted presentations will be reviewed by the programme committee consisting of the following persons.

Program chair: René Pfeiffer (DeepSec)
General chair: Edgar Weippl (TU Wien, SBA Research)
Co-General chair: Adrian Dabrowksi (SBA Research)

Patroklos (argp) Argyroudis (CENSUS S.A.)
Stephen Checkoway (University of Illinois at Chicago)
Lucas Davi (University of Duisburg-Essen)
Mario Heiderich (Cure53)
Marcus Niemietz (RUB)
Alexander Peslyak (Openwall)
Konrad Rieck (TU Braunschweig)
Sebastian Schinzel (FH Münster)
Juraj Somorovsky (Hackmanit)
Edgar Weippl (TU Wien, SBA Research)
Fabian Yamaguchi (TU Braunschweig, LeftShift)
Stephano Zanero (University Politecnico di Milano)

Application for inclusion in ACM DL via the International Conference Proceedings Series (ICPS) is pending. See ACM’s details about author’s rights.

The Call for Papers uses the Easychair CfP manager. All submissions must be sent until 26 August 2018. Authors will be notified by 15 September 2018. We need your camera-ready papers until 6 October 2018.

Submission Instructions

Submissions to ROOTS are not limited in page count, but their length should be commensurate with the results; 5-10 pages of two-column PDF using the sigconf template from We encourage submissions of papers based on results previously presented at industry or hacker conferences, so long as the papers themselves have not been presented elsewhere. We also encourage Systematization of Knowledge (SoK) submissions.

If you have further questions, do not hesitate to contact us.

BSidesLondon 2018 Rookie Track Follow-Up

We would like to share some impressions about the BSidesLondon 2018 Rookie Track presentations. It gets hard and harder to tell which one of the talks is the best. And picking a winner is not the right approach. We do this, because we can only invite one person to DeepSec, and because the intention is to have a motivation to work hard on the presentation. From what we have seen, we were quite impressed. The quality has much improved, also thanks to the tireless efforts of the mentors (if you see someone with a mentor badge, please buy them a drink!). Apart from the 15 minute time slot some talks were hard to distinguish from their bigger cousins in the main tracks. The topics were well-chosen. The mix was great. Every single rookie did their best, and it showed.

We will support the Rookie Track in 2019 again. So if you have something on your mind, don’t stop thinking about it. Look for a mentor, make notes, see how others present their knowledge. We love to see your submission!

Speaking of 2019, please think of the BSidesLondon crew and fill out the feedback form! It’s always nice to know what went well, what needs to be improved, and what your ideas for the future are. Feedback loops make the world go around, literally.

Speaking of submitting a talk, the DeepSec Call for Papers is still open. We have a U21 category for young talents. It’s not exactly a rookie talk slot, because you get the big stage. It’s worth it, and if you submit, we will help you with preparing your presentation.Source:

Big Data Analytica – What Attackers might be after

A while ago the Cambridge Analytica issue rocked the news and the online discussions about how personal data and profiles should be used. Frankly the surprise of data being abused comes as a surprise. The terms and conditions of most online portals, services, and platforms contains lots of rights – which you give to the owner of the platform. Once something is concentrated, cached, and accessible to digital evaluation, it will be harvested for its content and context. It’s as simple as that. This has always been the case. Penetration testers (best case) select their targets based on this criterion (among others). What has all of this to do with information security? Well, information security, just as the social media platforms, just can’t do without analysing data. The difference is how to protect and transport it. Data collected by social media interaction is refined and can be accessed via API by selected parties, i.e. customers. Your infrastructure’s data based on security metrics and its refined versions of the data should not be accessible outside tightly controlled security zones. When’s the last time you have checked this? Are you sure that there isn’t some system talking to an API out there?One of the oldest surviving fragments of Euclid's Elements..

The glory of continuous integration and the DevOps hype have led to automated systems that have access to repositories, source code, databases, documents, and possibly production systems. Build systems such as Jenkins have a lot of access privileges. Configuration management tools need to access hosts in order to do their work. In turn they get their configuration from somewhere. Monitoring systems have access to data. The Cloud introduces lots of access tokens and secret keys that are distributed. Make sure your systems only do what they have to do, and that no one interferes with your set-up. Shodan is full of systems that act as a node, interfacing different systems with different access levels. These hosts should never be there. They were the topic of one of BSidesLondon 2018’s Rookie Track. The presentation yielded some scary findings.

So apart from the truth, your data might be out there. Smart attackers won’t tell you when they get access. They might mine your data quietly, create profiles, and then know what they need to know in order to strike. Just like social media platforms. 😀

Rookie Track – BSidesLondon 2018

We are looking forward to see the Rookie Track at BSidesLondon 2018! If you are curious what the rookie have to say, drop by and have a look! Presentations are meant to be heard. Do the newbies a favour and listen to them. They have put a lot of work into their 15 minute talk slot. They deserve an audience.

Source: a topic is hard. You have to understand what you are talking about. Furthermore you need to know a bit extra, because people will ask questions. Richard Feynman once said: If you want to master something, teach it. A great way to learn is to teach. If you have ever conducted a workshop, this will sound familiar.

DeepSec sponsors the winner of the rookie track – a ticket to DeepSec 2018 and a stay in Vienna is the reward for daring to hold a presentation at BSidesLondon 2018. You have to start somewhere. 😸 And winner is the wrong word. The Rookie Track is not a competition. It’s a place to get started. Very different.

DSGVO / GDPR / RGPD Update – We have Policies and Stuff!

In information security policies are like opinions – everyone has one or more. So this is why we did some updating. You can now find our privacy policy on the main DeepSec web site and on our blog. We use few third party services, because most of our infrastructure is hosted on our own systems. When it comes to (tele)communication, payment services, and (sadly) email we have to rely on operators doing this for us. Our email infrastructure will move in the near future (i.e. in 2018). We will announce the change via your local DNS resolver when the time comes. 😊

Bear in mind that we take the agile approach when it comes to developing policies. Publish often, do rolling releases. At least that is how we understand the process. A policy is not written in stone. We may have missed something, because a lot of data is being processed and logged these days. Furthermore a lot of data protection and privacy controls are moot when people keep using devices and software which uses „telemetry“ features. We try to keep the IT ecosystem as Free (as in Free Software) as possible. This also means that we do not create profiles of attendees or speakers, keep data tied to persons only as long as we need it, and that we do not share data with third parties except for the mentioned entities described in our privacy policy.

Let us know in case we missed something. 🖋

#efail, Crypto, HTML, PDF, and other complex Topics

You probably have noticed the #efail hashtag that came with the claim that the crypto world of PGP/GPG and S/MIME is about to end. Apocalyptic announcements were made. The real news is due for 15 May 2018 (i.e. the publication with all the facts). There was even the advice to stop using encryption until more information is known. The authors of the bug claimed that responsible disclosure was being followed. Well, it seems that this is not the case. Judging from the Internet response, the bug depends on the content of the encrypted message, not on the protocol of the encryption or the encryption tools. Lessons learned so far:

  • It is a bug in some mail user client software.
  • It’s all about the content of the message and how it gets interpreted.
  • Responsible disclosure was not followed.
  • Do not use HTML in emails.
  • Use authenticated encryption.

You may note that these recommendations are heavily on the side of the protocol/data format designers, not on the user’s part or the user interface. It’s hard to point fingers into the right direction, but the vulnerability is all about the content and they way software handles it. That’s not shifting the blame. HTML content (or any active content) in emails have long been the source of heated discussions. There is a reason why a lot of phishing uses HTML. Bashing PGP/GPG or S/MIME for its complex data format is also no excuse. Have you ever taken a look at the PDF standard or the many office document standards? Why is there no recommendation to stop sending documents via emails?

The DeepSec conference in 2017 had the motto „Science first!“. We didn’t go for this slogan because of the first academic ROOTS workshop. We know that information security can do a lot better with a healthy dose of the scientific method. Your work doesn’t count and has no impact, if you can’t base it on solid facts. The claim that „There are currently no reliable fixes for the vulnerability.“ is plain wrong.

So please continue to write encrypted emails to us. We do not read HTML message in conversation.