DeepSec 2015 is over. We had a fantastic time, great presentations, lots of conversations about the state of information security, and many other issues. You can do a lot more when you are not lost in a big crowd, not being able to connect to speakers, sponsors, and fellow IT security enthusiasts. A big thank you to all our speakers, attendees, trainers, supporters, staff, sponsors, partners, and the IT security community! See all of you in 2016!
Every successful project needs proper planning and a good project management. You know this from your business life, probably. Projects can’t be done without tools for communication. We all use these day by day. Email, telephone, collaboration platforms, social media, instant messengers, and more software is readily available. Access to communication tools has spread. Exchanging messages has also evolved a lot since the 1990s. Given the diversity of the Internet, messages are now encrypted (hopefully). It is a very basic defence against any third parties, or Eve, both being unable to eavesdrop on the conversation. Especially when you do business and talk money, encryption is your closest friend. Why else would you meet indoors and control the access of persons to your office space? Why not discuss business internals while riding public transport? Some
The Austrian SEC Consult is an international leader in application security services and information security consultancy. SEC Consult’s competence in improving the application security of enterprise applications supports major international banks, government organizations and global software vendors. When it comes to information security, it doesn’t get any more in-depth than that. SEC Consult has supported DeepSec ever since the first conference in 2007. We are very grateful for their contribution, and we appreciate their serious attitude when it comes to finding vulnerabilities or educating IT staff how to avoid making mistakes. Sec Consult staff will be at the conference. Make sure to drop by their booth and have a chat with them. They don’t avoid questions, and they always listen when you speak your mind. Don’t miss this opportunity!
History, fictive or real, is full of situations where doubts meet claims. Nearly every invention, every product will be eyed critically, analysed, and tested. There are even whole magazines fully dedicated to this sport, be it for example, consumer protection, reviews of computer games or the car of the year. When it comes to testing the sector of information security is particularly sensitive. Depending on the hard- or software concerned, testing is not only about comfort or in search of a particularly good storyline, but about incidents, which can cause real damage in the real world. How should one deal with the knowledge of a design flaw affecting the security of a system? Locks In 1851 the American lock-smith Alfred Charles Hobbs visited the Great Exhibition in London. He was the first to pick
In our economy data leaks are a constant companion. That’s the impression one gets when reading the news. Customer portals, online shops, digital communications, plans of products, personnel data, and more can be found in department stores throughout the shadow economy. Blind faith in global networks has indeed suffered in recent years, but companies and individuals still have a partially carefree attitude when it comes to the imminent risk their data is exposed to. “Who cares about our data?”, is often said. This year’s DeepSec IT Security Conference has some very specific answers to this question. Duncan Campbell and James Bamford open IT Security Conference in Vienna Duncan Campbell is a freelance British journalist, author, and television producer. Since 1975 he has specialized in intelligence and security services, defence, policing and civil liberty rights.
DeepSec 2015 Talk: Bridging the Air-Gap: Data Exfiltration from Air-Gap Networks – Mordechai Guri & Yisroel Mirsky
Air does not conduct electricity, usually. Using air gaps between parts transporting electric power by high voltages is a standard method in electrical engineering. Similar strategies are used in information security. Compartmentalisation can be done by network components, logical/physical separation, solid walls, and space filled with air. The only threat you have to worry about are wireless transmissions. Since mobile phone networks permeate our private and business life, access to wireless networks is everywhere. Unless you live in a cave, literally. Mordechai Guri and Yisroel Mirsky have found a way to use cellular frequencies as a carrier in order to transport data out of an air-gapped environment. They will present their results at DeepSec 2015. Air-gapped networks are isolated, separated both logically and physically from public networks. Although the feasibility of invading such systems