DSGVO / GDPR / RGPD Update – We have Policies and Stuff!

René Pfeiffer/ May 25, 2018/ Administrivia, High Entropy

In information security policies are like opinions – everyone has one or more. So this is why we did some updating. You can now find our privacy policy on the main DeepSec web site and on our blog. We use few third party services, because most of our infrastructure is hosted on our own systems. When it comes to (tele)communication, payment services, and (sadly) email we have to rely on operators doing this for us. Our email infrastructure will move in the near future (i.e. in 2018). We will announce the change via your local DNS resolver when the time comes. 😊 Bear in mind that we take the agile approach when it comes to developing policies. Publish often, do rolling releases. At least that is how we understand the process. A policy is

Read More

#efail, Crypto, HTML, PDF, and other complex Topics

René Pfeiffer/ May 14, 2018/ High Entropy, Security

You probably have noticed the #efail hashtag that came with the claim that the crypto world of PGP/GPG and S/MIME is about to end. Apocalyptic announcements were made. The real news is due for 15 May 2018 (i.e. the publication with all the facts). There was even the advice to stop using encryption until more information is known. The authors of the bug claimed that responsible disclosure was being followed. Well, it seems that this is not the case. Judging from the Internet response, the bug depends on the content of the encrypted message, not on the protocol of the encryption or the encryption tools. Lessons learned so far: It is a bug in some mail user client software. It’s all about the content of the message and how it gets interpreted. Responsible disclosure

Read More

Reminder: DeepINTEL and DeepSec Call for Papers are still open

René Pfeiffer/ May 14, 2018/ Call for Papers

We have been a bit radio silent. We have to deal with the General Data Protection Regulation (GDPR), and we are moving our infrastructure across the Internet. The blog is already moved. Further services wait for their transport. The reason is simple maintenance work and hosting our data a bit more privacy-friendly. For example our new ticket portal features privacy by design. Since the threats to information security don’t have to deal with boring stuff such as privacy and upgrades, we would like to remind you that the call for papers for both DeepINTEL and DeepSec is still open.