About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.

2910, 2015

MJS Article: The Compromised Devices of the Carna Botnet by Parth Shukla

René Pfeiffer/ October 29, 2015/ Internet, Report, Security

Last year we talked about publishing the proceedings of past DeepSec conferences  with a collection of articles covering presentation held in Vienna. We like to introduce Parth Shukla, who presented a report of the devices compromised by the Carna Botnet. This article will showcase the latest analysis and the progress of industry collaboration on the problem of Internet facing devices that have default credential logins through telnet. The Carna Botnet, which was used to perform the first-ever map of the Internet – Internet Census 2012 – highlighted a major information security concern with devices that allow default credential login from the Internet by default. For more information on the Internet Census 2012, please refer to the anonymous researcher’s paper. A complete list of compromised devices that formed part of the Carna Botnet was obtained

Read More

2810, 2015

Special Screening of the Documentary “A Good American” during DeepSec 2015

René Pfeiffer/ October 28, 2015/ Conference, Discussion, High Entropy, Security Intelligence

Attendees of DeepSec 2015 will receive a special treat. We have been talking to Friedrich Moser, and he has agreed to show his documentary „A Good American“ on 20 November 2015 exclusively. The private screening will take place in Vienna. It starts at 2100 at the Burg Kino, known for showing „The Third Man“. „A Good American“ explains how to do threat intelligence in a more efficient way, according to the creator of ThinThread: „A codebreaker genius, a revolutionary surveillance program and corruption across the board of NSA. Against this backdrop unfolds the feature documentary A GOOD AMERICAN. The film tells the story of Bill Binney and his program ThinThread and how this perfect alternative to mass surveillance got ditched by NSA for money.“ After the film Friedrich Moser, Duncan Campbell, James Bamford, and

Read More

2710, 2015

DeepSec 2015 Keynote: Can Societies manage the SIGINT Monster?

René Pfeiffer/ October 27, 2015/ Conference, Discussion

Gathering data has become very important in the past years. Everyone is talking about intelligence of all shades, few know what it actually means and how you do it properly (we got a workshop for that, if you are interested). Information security needs to anticipate threats and adapt the defences accordingly. The same is true for other areas where security plays an important role, such as national defence. There are also new threats. Surveillance systems expand steadily, and the facts about them were published after 2013. The impact effects all of us, especially companies moving data around and communicating digitally. Although is it difficult to gauge what it means for your daily business, you should not close your eyes and assume that it is somebody else’s problem. We have asked Duncan Campbell to paint

Read More

2310, 2015

Thanks to University of Applied Sciences Upper Austria for sponsoring DeepSec 2015!

René Pfeiffer/ October 23, 2015/ Conference

Since information security experts don’t grow on trees, we maintain close relationships to academic partners. The science in computer science has to come from somewhere. So we are very happy to welcome the University of Applied Sciences Upper Austria among the supporters of DeepSec 2015. The University of Applied Sciences Upper Austria is a national leader in its field. They offer internationally recognised, practice-oriented degree programmes at four locations in the heart of Upper Austria. As part of their commitment to developing international links, they maintain contacts with some 200 partner universities around the world. How’s that for an open mind? One of their major focuses is the national economy, and their research and development centres are continually developing cutting edge products for a wide range of practical applications. This solid combination of theory and

Read More

2210, 2015

Thanks to CERT.at for sponsoring DeepSec 2015!

René Pfeiffer/ October 22, 2015/ Conference

The Austrian Computer Emergency Response Team (CERT.at) is the primary contact point for IT-security in a national context. When things go wrong and point to organisations, companies, or private persons in Austria, then CERT.at can help. Their team is instrumental in informing businesses about incidents, thus helping IT staff to respond quickly to attacks. When it comes to fixing the damage and removing compromised hosts from the Internet, you want every bit of information as soon as possible. There you go. CERT.at is a long-time supporter of DeepSec events. We are glad to welcome them among the sponsors of DeepSec 2015! Make sure to pay them a visit, because they always present cool stuff at their booth. They are keen to answer your questions, so bring loads of them. Also bring coffee, because you

Read More

2210, 2015

Thanks to UBIT Vienna for sponsoring DeepSec 2015!

René Pfeiffer/ October 22, 2015/ Conference

The Austrian Economic Chambers are the voice of Austrian companies and support their business throughout the years. The specialist group UBIT Vienna is the professional association of business consulting, accountants and IT service provider within the Viennese Chamber of Commerce. With around 20,000 members UBIT is one of the largest Austrian trade groups. The services and consulting activities of UBITs members form an important basis for securing and further developing the business location Vienna. The rapid growth of this specialist group reflects the importance of the three occupational groups UBIT consists of: Around 65% of UBIT members work as one-person companies and nearly half of the companies were founded in the last five years. UBIT Vienna is supporting the DeepSec 2015 conference. Get in touch with their representatives attending DeepSec if you look for

Read More

2010, 2015

DeepSec Workshops: Digitale Verteidigung – Wissen ist Macht

René Pfeiffer/ October 20, 2015/ Conference, Internet, Training

Wann haben Sie Ihren letzten Geschäftsbrief geschrieben? Und wann haben Sie das letzte Mal Stift und Papier dazu benutzt? Es macht nichts wenn Sie sich nicht daran erinnern können: Digitale Kommunikation ist Teil unseres Alltagslebens, nicht nur in der Geschäftswelt. Wir haben uns so sehr daran gewöhnt ständig online zu kommunizieren, das offline sein sich schon fast unnatürlich anfühlt. Das heißt natürlich auch, dass wir ständig irgendwelchen Netzwerken ausgeliefert sind, vor allem dem Internet. Unsere Tür steht Tag und Nacht offen. Wir können sie nicht mehr schließen und laden somit offen auch ungebetene Gäste ein, die dieselben Netzwerke nutzen wie wir. Es ist Zeit ernsthaft darüber nachzudenken. Was für Bedrohungen gibt es da draußen? Und wie können wir uns vor Ihnen schützen? Cyber Kriminalität und Datenschutz Alles ist „Cyber“ heutzutage. Kriminalität genauso wie Sicherheitsbestrebungen.

Read More

2010, 2015

Thanks to Microsoft for sponsoring DeepSec 2015!

René Pfeiffer/ October 20, 2015/ Conference

When it comes to information security, Microsoft has a lot of stories to tell. The Windows® platform is widely deployed and used all over the world. A lot of exploits exist for this system. Being well-known has it disadvantages. For all of you who have followed the Way of Disclosure, you will certainly remember that there were a lot of discussions on Bugtraq and other forums about vulnerabilities and how to publish them. Those were the days of RFPolicy by Rain Forest Puppy (and before). Microsoft sponsors the DeepSec conference since the first day. Members of the Microsoft Security Team have attended our conference regularly. So if you like to get in touch, drop by and talk to them. As they put it during DeepSec 2007, they have learned to listen. Take advantage of

Read More

1310, 2015

Defence – Beating the Odds with Knowledge

René Pfeiffer/ October 13, 2015/ Conference, Discussion, Mission Statement, Training

When did you write your last business letter? You probably don’t recall, because you write one all of the time. When did you last use ink and paper to do this? If you can’t remember the answer to this question, don’t bother trying. Digital communication is part of our daily life, not only in the business world. We are very accustomed to communicate in the here and now, up to the point where being offline feels unnatural. In turn this means that we are constantly exposed to networks of all kinds, especially the Internet. Our door is open all around the clock. We can’t close it any more, thus openly inviting every kind of threat also using networks. It’s time to seriously think about this. What does it mean? What do we need to

Read More

0810, 2015

Digital Naval Warfare – European Safe Harbor Decree has been invalidated

René Pfeiffer/ October 8, 2015/ Discussion, High Entropy, Internet, Legal

The global cargo traffic on the Internet needs to revise its routes. The Court of Justice of the European Union has declared the so-called „Safe Harbor“ agreement between the European Commission (EC) and US-American companies as invalid. The agreement was a workaround to export the EU Directive 95/46/EC on the protection of personal data to non-EU countries. The ruling was a result of the ‘Europe v Facebook’ lawsuit by Austrian law student and privacy activist Max Schrems. This means that European companies might violate the EU privacy laws when storing or processing personal data on US-American servers. Among the arguments was that the rights of the European data protection supervision authorities must not be constrained and that due to the NSA PRISM program the protection of personal data according to EU directives is not

Read More

3009, 2015

DeepSec 2015 Talk: Cryptography Tools, Identity Vectors for „Djihadists“ – Julie Gommes

René Pfeiffer/ September 30, 2015/ Conference, Security, Security Intelligence

Some speak of Crypto Wars 2.0. For others the Crypto Wars have never ended. FBI Directory James Comey does not get tired of demanding back doors to IT infrastructure and devices (there is no difference between back door and front door, mind you). Let’s take a step back and look at the threats. We did this in 2011 with a talk by Duncan Campbell titled How Terrorists Encrypt. The audience at DeepSec 2011 was informed that encryption does not play a major role in major terror plots. What about today? Have terrorists adopted new means of communication? Since the authorities demanding access to protected information do not have statistics readily available, we turned to researchers who might answer this question. Julie Gommes will present the results of studies analysing the communication culture of criminal

Read More

0809, 2015

Social Engineering: Cold Call Warning (EHS, EHM)

René Pfeiffer/ September 8, 2015/ Administrivia, Odd

While we have a workshop on social engineering for you at DeepSec 2015, we do not do any trainings or exercises before the DeepSec event starts. A speaker alerted us that he got a cold call from a company offering cheap rates for accommodation. In case you have received any call from Exhibition Housing Management (EHM) and Exhibitors Housing Services (EHS), you can safely hang up. Both organisations have been used for scams in the past. Apparently they are alive and kicking. We thank EHS/EHM for providing exercise material and contact data for use during the conference.

0709, 2015

DeepSec 2015 Talk: Deactivating Endpoint Protection Software in an Unauthorized Manner

René Pfeiffer/ September 7, 2015/ Conference, Security

Your infrastructure is full of endpoints. Did you know that? You even have endpoints if you use your employees’ devices (BYOD!) or the „Cloud“ (YMMV!). Can’t escape them. Since the bad girls and guys knows this, they will attack these weak points first. How are your endpoints (a.k.a. clients in the old days) protected? In case you use software to protect these vulnerable systems, then you should attend Matthias Deeg’s talk. He will show you the art of Deactivating Endpoint Protection Software in an Unauthorized Manner: Endpoint protection software such as anti-virus or firewall software often have a password protection in order to restrict access to a management console for changing settings or deactivating protection features to authorized users only. Sometimes the protection can only be deactivated temporarily for a few minutes, sometimes it

Read More

0709, 2015

DeepSec 2015 Schedule is almost stable & BSidesVienna CfP Deadline

René Pfeiffer/ September 7, 2015/ Administrivia, Conference

The schedule of DeepSec 2015 is almost done. We’re still reviewing submissions and talk to authors. We are confident to call the schedule stable soon. Until this happens, we will describe the presentations and trainings with a little more detail here. Take a good look, but don’t wait too long before booking a ticket. The workshops can only accommodate a limited amount of attendees. Don’t miss the opportunity! We also like to point out that the Call for Papers for the BSidesVienna event is ending on 15th September 2015! If you have interesting content, please submit!

3007, 2015

Last Reminder – the DeepSec 2015 Call for Papers closes today!

René Pfeiffer/ July 30, 2015/ Call for Papers, Conference

Take advantage of our Call for Papers! We can’t believe that all the devices, networks, services, and shiny things around us are completely secure. Once it got Wi-Fi, a SIM card, memory, or a processor there is bound to be an accident. It’s not just hunting rifles, jeeps, currencies, experts, and airplanes that can be hacked. There is more. Tell us! Don’t let the IT crowd of today repeat the mistakes of our ancestors. Submit a two-day training and help to save some souls! We are especially interested in secure application development, intrusion detection/prevention, penetration testing, crypto & secure communication, mobiles devices, the Internet of Things, security intelligence, wireless hacking (Wi-Fi, mobile networks, …), forensics, and your workshop that really knocks the socks off our attendees! Drop your training submission into our CfP manager!

Read More