About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.

2211, 2017

DeepSec 2017 thanks you and DeepSec 2018 is almost ready

René Pfeiffer/ November 22, 2017/ Administrivia, Conference, Mission Statement

We caught up on sleep and are right in the middle of post-processing DeepSec 2017. Thanks to you all for attending, presenting, sending feedback, and being part of a great event. The slides will be online soon. The videos are being converted. We will upload them as bandwidth permits. All speakers and attendees will get a code to access them early. Thanks for your feedback as well! We listen, and we have some plans to address the issues you reported. 2018 will see a lot of improvements. We will announce the dates for DeepSec and DeepINTEL 2018 soon. The events will stay in November and September. We just need to coordinate with the venue and will let you know as soon as possible. The Calls for Papers open early in 2018, as does the

Read More

1411, 2017

Notes on the ROOTS Schedule and the Conference

René Pfeiffer/ November 14, 2017/ Administrivia, Conference, Discussion

We are all set for the conference on Thursday. We did some last minute changes to the schedule due to some speakers running into issues, but we can confirm almost all presentations.You may have noticed the ROOTS schedule. It’s a bit shorter than DeepSec’s, but both events are not competing. The review for ROOTS is a lot harder, because the presentation is about a scientific publication. This means your submission gets peer-reviewed and voted by the programme committee. We received some content more suitable for, let’s say, standard events. This won’t do, and this is why you see the best submissions of ROOTS published in the schedule. All in all we are very glad to present you high quality presentations from speakers who really know information security. Enjoy! See you at DeepSec!

0311, 2017

Screening of “The Maze” at DeepSec 2017

René Pfeiffer/ November 3, 2017/ Administrivia, Conference, High Entropy

We have some news for you. Everyone attending DeepSec 2017 will get a cinematic finish on the last day of the conference. We will be showing The Maze by Friedrich Moser. For all who don’t know Friedrich’s works: He is the director of A Good American which was screened at DeepSec 2015. The Maze is a documentary covering terrorism, counter-terrorism, surveillance, business, and politics. So it’s basically information security in a nutshell. Right after the closing of DeepSec you can enjoy The Maze – with popcorn and hopefully everyone who is attending DeepSec. We have seen the documentary before, and we highly recommend it! The Maze from Friedrich Moser on Vimeo.

3010, 2017

The only responsible Encryption is End-to-End Encryption

René Pfeiffer/ October 30, 2017/ High Entropy, Security

Last week the Privacy Week 2017 took place. Seven days full of workshops and presentations about privacy. This also included some security content as well. We provided some background information about the Internet of Things, data everyone of us leaks, and the assessment of backdoors in cryptography and operating systems. It’s amazing to see for how long the Crypto Wars have been raging. The call for backdoors and structural weaknesses in encryption was never silenced. Occasionally the emperor gets new clothes, but this doesn’t change the fact that some groups wish to destroy crypto for all of us. The next battle is fought under the disguise of responsible encryption. Deputy Attorney General Rod J. Rosenstein invented this phrase to come up with a new marketing strategy for backdoors. Once you have backdoors in any

Read More

1210, 2017

Science First! – University of Applied Sciences Upper Austria (FHOOe) supports DeepSec

René Pfeiffer/ October 12, 2017/ Conference, Security

The motto of DeepSec 2017 is „Science first!“. This is expressed by the co-located ROOTS workshop, many speakers from academics, topics fresh from the front lines of research, and a mindset that favours facts over fake content or showmanship. This is why we want to thank the University of Applied Sciences Upper Austria for their continued support of DeepSec! Their motto is Teaching and learning with pleasure – researching with curiosity, which fits nicely into the mindset of most information security researchers. They have a wide range of very interesting research projects. If you are interested in courses or collaboration as a company, let them now. We are happy to support you with your enquiry. Lest you forget: DeepSec offers a steep discount for anyone in academic research – be it student or professor.

Read More

1210, 2017

DeepSec 2017 Workshop: Hunting The Adversary – Developing And Using Threat Intelligence – John Bambenek

René Pfeiffer/ October 12, 2017/ Conference, Security Intelligence, Training

The arsenal of components you can use for securing your organisation’s digital assets is vast. The market offers a sheer endless supply of application level gateways (formerly know as „firewalls“), network intrusion detection/prevention systems, anti-virus filters for any kind of platform (almost down to the refrigerator in the office), security tokens, biometrics, strong cryptography (just stay away from the fancy stuff), and all kinds of Big Data applications that can turn shoddy metrics into beautiful forecasts of Things to Come™ (possibly with a Magic Quadrant on top, think cherry). What could possibly go wrong? Well, it seems attackers still compromise systems, copy protected data, and get away with it. Why is that? Easy: You lack threat intelligence. Security often doesn’t „add up“, i.e. you cannot improve your „security performance“ by buying fancy appliances/applications and

Read More

1210, 2017

Google supports DeepSec 2017

René Pfeiffer/ October 12, 2017/ Conference, Internet

You have probably heard of Google. Well, you will be hearing more from them if you come to DeepSec 2017. They have agreed to support our conference. They will be on site, and you will be able to talk to them. Every year we aim to give you opportunities for a short-cut, for exchanging ideas, and for thinking of ways to improve information security. A big part of this process is fulfilled by vendors and companies offering service in the information security industry. This includes the many good people at CERTs and the countless brave individuals in the respective security team. So we hope you take advantage of Google’s presence at DeepSec. See you in Vienna!

2609, 2017

DeepSec 2017 Schedule Update, Review Status, Disputes, and Trainings

René Pfeiffer/ September 26, 2017/ Administrivia, Conference, High Entropy

The DeepSec 2017 schedule is still preliminary. We are almost done, and we have a small update. Some of you have noticed that the schedule featured a training about mobile security. The outline as shown as in the schedule was identical to a different course from a different trainer. We received a complaint, we got the course materials to compare, and it turned out that only the outline of the workshop as shown online was identical, and the original table of contents was not part of the submission we received during the call for papers. The dispute has been settled. The trainer has apologised to the creator of the original table of contents. Nevertheless the trainer has asked to withdraw his submission. This means we will try to replace the slot in the schedule

Read More

2209, 2017

DeepSec 2017 Early Bird Tariff ends on 25 September

René Pfeiffer/ September 22, 2017/ Administrivia, Conference

The early bird tariff for DeepSec 2017 (and ROOTS) ends on 25 September 2017. We recommend buying your ticket now. Save some money! In addition we ask you to book the workshop you want to visit as early as possible! Every year we see sad faces, because the workshop of your choice had to be cancelled. Our trainers need a minimum number of attendees. Some trainers need to catch flights and spend good parts of a whole day travelling. They can’t come to Vienna if the minimum number of trainees is not met. So do yourself a favour, make up your mind now, and book the training you want to have. In case you cannot use online payment, let us know. We can invoice the ticket to you directly, if needed. Just drop us

Read More

2009, 2017

Workshops, Trainings, Talks: DeepSec and ROOTS Schedule Update

René Pfeiffer/ September 20, 2017/ Administrivia, Conference

As you might have noticed, the DeepSec schedule is not complete yet. Furthermore the ROOTS schedule is not published at all. The reason for this are the still pending reviews. The major part concerns ROOTS. ROOTS is an academic workshop where academic publications are presented. There has been some confusion about the term workshop. In the context of ROOTS this means presentations. This is why we have replaced the word workshops on the DeepSec web site and in (hopefully) all texts with the word training. Trainings are the two-day, well, trainings in advance of the DeepSec conference days. ROOTS features presentations, also called workshops in ROOTS-context, as does the DeepSec conference (on the conference days). So we have trainings (the two-day training courses; one, the ARM exploit laboratory is for three days, be careful)

Read More

2009, 2017

44CON revisited: Secure Design in Software is still a new Concept

René Pfeiffer/ September 20, 2017/ High Entropy, Interview, Security

We have been to 44CON, and we returned with lots of ideas and scary news about the state of security in devices and applications. Given the ever spreading Internet of Things (IoT) you can see why connecting random devices via a network with no second thoughts about design, updates, or quality control is a bad idea. Don Bailey illustrated this perfectly in the keynote titled The Internet of Us. His presentation touched all of information security, but IoT featured a prominent role. We are really surrounded by the Internet of SIM cards (sadly which we cannot call IoS). This opens up a new perspective and demystifies the IoT hype. You should watch Matt Wixey’s talk Hacking invisibly and silently with light and sound as soon as the videos are published. Matt discussed hardware hacking

Read More

2908, 2017

DeepSec 2017 Training: The ARM IoT Exploit Laboratory

René Pfeiffer/ August 29, 2017/ Conference, Security, Training

If the Internet of Things (IoT) will ever leave puberty, it has to deal with the real world. This means dealing with lies, fraud, abuse, exploits, overload, bad tempered clients (and servers), and much more. Analysing applications is best done by looking at what’s behind the scenes. IoT devices, their infrastructure, billions of mobile devices, and servers are powered by processors using the Advanced RISC Machine (ARM) architecture. This design is different from the (still?) widespread Intel® x86 or the AMD™ AMD64 architecture. For security researchers dealing with exploits the change of design means that the assembly language and the behaviour of the processor is different. Developing ways to inject and modify code requires knowledge. Now for everyone who has dealt with opcodes, registers and oddities of CPUs, this is nothing new. Grab the

Read More

2208, 2017

Administrivia: How to access ROOTS and DeepSec 2017

René Pfeiffer/ August 22, 2017/ Administrivia, Conference

We have received some question on how to attend the presentations of the 1st Reversing and Offensive-oriented Trends Symposium (ROOTS) 2017. It’s very easy. ROOTS is co-hosted with DeepSec 2017. This means if you attend DeepSec, you also attend ROOTS. In turn attending ROOTS gives you also access to the DeepSec conference. So you only need one ticket to access both events. Bear in mind that our sponsors can give you discount codes for buying tickets. In addition we have a special programme for academics to give you the academic discount for the tickets. Don’t forget: Buying early means saving money! The early bird tariff is still valid until 25 September 2017. After that the ticket price increases. Do us and yourself a favour and book as early as possible. Thank you! See you

Read More

1708, 2017

DeepSec 2017 Preliminary Schedule published

René Pfeiffer/ August 17, 2017/ Administrivia, Conference, Training

After two weeks of intense reviewing we have published the preliminary schedule for DeepSec 2017. There are some blanks to fill, but this will be done in the coming weeks. We still have to do some reviews and wait for the speaker’s confirmation. In case you noticed, the ROOTS track is not filled yet. The call for papers was extended to 26 August. This means the ROOTS schedule will be published at the end of September. We have to give the programme committee ample time to review all submissions. So if you want to present your research at ROOTS 2017, please ready your submission. Science first!

0308, 2017

DeepSec 2017 Schedule, ROOTS, and Closing of Call for Papers

René Pfeiffer/ August 3, 2017/ Administrivia, Conference

Thanks a lot for your submissions! We are currently in the final phase of the review. Expect the first draft of the schedule for the end of the week. Important: Don’t forget that the Call for Papers for the 1st Reversing and Offensive-oriented Trends Symposium 2017 (ROOTS) is still open and was extended to 15 August 2017! Please submit and help us to put more science into infosec! Given the headlines in the IT (security) news we need all the facts we can get.