About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.

DeepSec and DeepINTEL Schedule is currently in Review – Preliminary Schedule will be published soon

René Pfeiffer/ August 1, 2022/ Conference/ 0 comments

Our calls for papers have official closed. We are currently in the final phase of reviewing all your submissions. Thanks for all your efforts to send us your material on time. Our goal is to publish the preliminary schedule within the next two weeks. In case you missed the deadline, we will still accept your submissions. You can use our call for papers manager to send us your proposal. We will review your contribution. We will just start with all earlier submissions first.

DeepSec, DeepINTEL, and ROOTS Call for Papers still open!

René Pfeiffer/ July 8, 2022/ Conference/ 0 comments

Did you find some interesting bugs lately? Have you broken something which wasn’t supposed to be broken? Can you hack a nation state just by using a phone call? Do you dream of writing a smartphone app in Malbolge just for fun? If the answer is yes, then you should definitely submit a presentation for DeepSec 2022! We are still looking for your contribution. Share your insights, enlighten our audience. We are also looking for talks for DeepINTEL 2022. We would like to explore the geopolitical side of information security again. Attacks on critical infrastructure, gauging capabilities of adversaries, digital operations in terms of disinformation, and strategic defence of digital infrastructure are the focus of our next security intelligence event. If you work in this field, please get in touch with us. Security research

Read More

Preliminary Schedule DeepSec 2022 – Trainings

René Pfeiffer/ June 26, 2022/ Conference, Training/ 0 comments

👨‍🎓 👩‍🎓 The „full preliminary“ schedule of DeepSec 2022 is due in mid-August. Until then, we have some training options for you. The remaining trainings will be published as soon as we have the confirmation from the trainers. The following courses have been confirmed: Hacking JavaScript Desktop apps: Master the Future of Attack Vector – The desktop is the entry to organisations and companies. Employees are connected to the resources attackers look for. The training illustrates how modern desktop applications work, how they connect to the outside world, and how you can use them to gain access to the internal networks (or the cloud platforms used by the code). Mobile Security Testing Guide Hands-On – This course tells you all you need to know about the desktop-to-go versions of applications. Mobiles devices are a

Read More

Reminder DeepSec and DeepINTEL Call for Papers

René Pfeiffer/ June 14, 2022/ Administrivia, Call for Papers, Conference/ 0 comments

We have been radio silent for quite a while. This is not because of the lack of content or ideas. Information security has long attained mainstream status. We all rely on software and hardware all the time. Instead, we were stuck in administrative tasks. We have found a new location for the conference. In addition, we are working behind the scenes on code updates of our web page. The call for papers manager, the functions that create the schedule and render the website have aged. Speaking of the call for papers, it is still open! We are looking for presentations about the current state of security. If you found a bug or a design flaw, let’s hear about it. There are lots of applications out there. There must be something that’s broken. CVE has

Read More

IT Energy Security – Electric Power makes Cyber go around

René Pfeiffer/ April 1, 2022/ Conference/ 0 comments

This is not a typical 1 April posting. We have stopped the habit of writing satirical articles, because the actual news stories are better than any comedy these days.  Instead of having a laugh, let’s look at the core of information technology – electrical power. The energy prices have been rising for a while now. Russia’s invasion of Ukraine has put Europe’s supply of fossil fuels into the spotlight, because it is used to force political decisions. Using renewable energy sources could have been sped up twenty years ago. It hasn’t. Now the price for electrical power is rising. Information technology relies on electrical power. Computers, servers, networks, smartphones, and display devices can’t do without. The same goes for information security. Adding countermeasures to defend your digital assets and to introduce secure coding requires

Read More

Information Warfare

René Pfeiffer/ March 17, 2022/ Conference/ 0 comments

[This is the March update from our DeepSec scuttlebutt mailing list. Subscribers received this article already.] Filling a blog with articles is both hard and very easy these days. In theory, information security is more present in the news than ever. In practice, you will find few articles with in-depth content. A few days ago I had a discussion with a friend about the many web pages with the title scheme “n reasons why something is great” or “k ways to do web application filtering”. We both agreed that the title is a definite warning not to read the article. Also, most articles just give you a brief introduction into a topic and suddenly end after a few paragraphs. The term clickbait comes to mind. A lot of publishing systems use fancy techniques to

Read More

To Join or not to Join a Cyberwar – Hacking Back and Hack Attacks

René Pfeiffer/ March 1, 2022/ Conference/ 0 comments

The Russian invasion of Ukraine has put the digital sidelines into the spotlight. The world of cyber is part of conflicts, politics, and military operations. This has become very clear if you look for preparations of the current military actions in Ukraine. Information warfare most likely predates the tanks and missiles by year or even decades. This is not the focus of this article. There have been calls to attack networked targets in order to help. Is this a good idea? Let’s see. Information warfare is one aspect of the digital domain. Then there are sabotage, disrupting networks, exploiting vulnerabilities, getting access to data, and many more aspects. Joining either side of a conflict is usually a bad idea. Everything starts with the targets. Who runs a system you have decided to attack? It’s

Read More

Sven Guckes has died

René Pfeiffer/ February 23, 2022/ Conference/ 0 comments

Sven Guckes has died. Sven was a constant companion of Free Software events throughout the years. He contributed to Free Software projects in many way. He ceaselessly connected people by organising meetings in restaurants prior to, during, and after conferences. The command line was his home. He helped improve Vim configurations for countless persons and enabled them to use this editor more efficiently. Sven was session chair at past DeepSec conferences. We mourn his loss, and we fondly remember his contribution to transferring knowledge and experience between everyone he connected. Thanks, Sven! Others have published their thoughts about Sven. You can find the texts by using the following links: Remember: Be More Like Sven Sven Juckes passed away Vim-Versteher und Kommandozeilenerklärer: Sven Guckes ist tot (German) Vim 9 will be dedicated to Sven Guckes

Read More

DeepSec 2022 – Call for Papers is open

René Pfeiffer/ February 22, 2022/ Call for Papers/ 0 comments

We have been busy behind the scenes, as always. The call for papers for DeepSec 2022 is open. We accept submissions for presentations and trainings. This also includes ROOTS 2022 and DeepINTEL 2022. The dates are the same as announced at the closing of DeepSec 2021. DeepSec 2022 Trainings – 15 / 16 November 2022 DeepINTEL 2022 – 16 November 2022 DeepSec 2022 / ROOTS 2022 Conference – 17 / 18 November 2022 We ask all trainers to submit proposals for trainings as early as possible. We will select submitted trainings and publish a preliminary schedule in April. Hope to see you in November!

NFTs, AI, and more trend technologies

René Pfeiffer/ February 13, 2022/ Scuttlebutt/ 0 comments

[The scuttlebutt news are also available via the DeepSec scuttlebutt mailing list. This posting was sent to the list on 10 February 2022.] Dear readers, February is a week old. Even though it is still Winter, we do not hibernate. We currently work on our call for papers and the locations for this year’s events. Following the IT news these days is no helping with selecting interesting topics. Information technology has taken a steep turn into the past. Reading product information has more in common with fantasy novels than with hard facts. Magic is hard at work given the many wonderful features modern applications may or may not have. Code based on the blockchain is getting a lot of news coverage. DeepSec deliberately did not include content this technology in our past conferences. Mentioning

Read More

Blockchain, bad data, and bad code

René Pfeiffer/ February 10, 2022/ Scuttlebutt, Security

[The scuttlebutt news are also available via the DeepSec scuttlebutt mailing list. This posting was sent to the list on 11 January 2022.] Dear readers, the pandemic is still not over. 2022 greets us with a new variant of SARS-CoV-2. I hope all of you stay safe and stay healthy. The organisation of DeepSec events continues. The wonderful world of IT has plenty of topics to research and check for security vulnerabilities. There is one issue I would like to describe in some more depth. DeepSec itself and parts of its staff and helpers have strong ties to cryptography. We supported the Crypto Party events in Vienna back in 2012. Back then, Bitcoin (₿) was three years old. It was regarded as a curiosity. For us, crypto still means cryptography. We considered accepting Bitcoin

Read More

DeepSec Season Greetings – Slides and Videos

René Pfeiffer/ December 23, 2021/ Conference

We have been radio-silent for the past weeks, because we had to post-process the conference. The videos of DeepSec 2020 have been completed and uploaded to Vimeo. You can view them in our showcase collection for the event. We hope you can find some quiet moments in the next few days. The slides of the presentations are stored on our web server. We haven’t hidden any Log4Shell emoticons in the documents, so they are safe to view. 😉 Enjoy the holidays! See you next year!

DeepSec and DeepINTEL 2021 concluded, Dates for Events in 2022

René Pfeiffer/ November 26, 2021/ Conference

The last week was very exciting, Organising DeepSec and DeepINTEL 2021 right in the middle of changing regulation and travel restrictions was not easy. Both events were in in hybrid form with health protection measures. The pandemic has raised  a lot of questions on how scientific research impacts government, politics, and society. One of our main concerns is to put scientific methods back into information security. While nobody dies or contracts a disease when information security fails, there are parallels between warnings of experts and the lack of adequate means to protect the population. We have some dates for your calendar. Please make a note and set your alarm for our events next year: DeepSec IT & Law Convention – 26 April 2022 DeepSec 2022 Trainings – 15/16 November 2022 DeepSec 2022 Conference –

Read More

Talk “Analyzing Radicalization on the Internet – Method and Results of the COMRAD-Project” moved to 19 November 2021 16:50

René Pfeiffer/ November 18, 2021/ Administrivia, Conference

The presentation „Analyzing Radicalization on the Internet – Method and Results of the COMRAD-Project“ has been from today moved to 19 November 2021 at 16:50. The presentation has not been cancelled. We had to move the talk because of a collision and technical problems.