The presentation „Analyzing Radicalization on the Internet – Method and Results of the COMRAD-Project“ has been from today moved to 19 November 2021 at 16:50. The presentation has not been cancelled. We had to move the talk because of a collision and technical problems.
You can find the live streams of DeepSec 2021 by using the following links: DeepSec 2021 Arabella Track DeepSec 2021 Boheme Track The streams also feature a live chat if you want to comment on the presentations.
The City of Vienna has announced changes to the health protection regulations. The regulations are still not in effect, but we expect them to be in place in the course of the next week. The city council is more strict than the rest of Austria, so make sure to update on local regulations. We have updated the health protection document on our web site. Basically the access to the conference is limited to persons having recovered from CVOID-19 and vaccinated persons. Additional information can be found by using one of the following links: Latest COVID-19 information Information about COVID-19 (City of Vienna) DeepSec will be at the conference hotel and feature live streams for every track. Some speakers will present remotely. All presentation will be available on site and via the streams. Links for
The City of Vienna has announced stricter regulations regarding conferences and restaurant businesses. This directly affects our conferences. Beginning with 15 November 2021, attending events requires a proof of either having recovered from a COVID-19 infection („genesen“) or be fully vaccinated („geimpft“). This is called the „2G rule“ because of the German words used for the terms. We will update our procedures for the conference accordingly. Our conference hotel has to follow the regulations as well. This means that you cannot attend either DeepSec or DeepINTEL with only a test (of any kind). There will be no exceptions. Further information can be found at the following links: What is „3G“ rule? Questions and answers regarding coronavirus and the COVID-19 disease Up-to-date Information on the Coronavirus Situation Some of the information web sites will get
Bluetooth communication has become a standard for many handheld devices, personal computers, and local area networks. Since the protocol was first published, it has gone through many improvements. Security researchers and hackers have subjected Bluetooth devices and the protocol to security tests and analysis. The most recent discovery has to do with the key agreement protocols of Bluetooth. This topic will be presented at Hardwear.io by Tristan Claverie and Jose Lopes Esteves. We have asked both of them a few questions: Bluetooth has come a long way from the first attacks almost twenty years ago. Are there fundamental design weaknesses that impact Bluetooth security up to newer protocols? If we look at recent protocols (the most recent ones being the ones standardized for Bluetooth Mesh), there is still the ability for two devices to
Portable storage devices are small and can be easily lost. Using security measures to protect the data on them is therefore a good idea. Vendors offer USB storage devices with built-in encryption capabilities. What happens if you analyse how they work? What are the attack modes on these devices? There will be a presentation at Hardwear.io regarding a specific brand of storage devices. We have asked the author Sergei Skorobogatov about the security properties of IronKey devices. HDD and SSD vendors have provided their devices with secure deletion and encryption features. How do IronKey devices compare to normal storage media? Some HDD and SSD devices do offer encryption and secure deletion, as well as vendors of other USB Flash drives. The fundamental difference is that IronKey devices are certified with FIPS140-2 Level 3. This
In system administration there is an easy way to distinguish between software and hardware: hardware are the parts that can be kicked. This happens usually when things break. Since breaking things is a major part of security research, we have teamed up with the Hardwear.io Security Conference. The Spectre and Meltdown bugs have shown that hardware is a crucial part of everyone’s security architecture. Few software developers realise that this foundation can cause a lot of havoc. So we recommend checking out the schedule. Reverse engineering hardware can be very rewarding, because you learn a lot on how it reacts to perturbations. There will be a training at Hardwear.io on how to do this with celullar baseband firmware. This piece of code sits on the gateway to the mobile network. During the training you
Dear readers, gossip has been a bit rare in the past weeks. This was because of the intense summer heat here in Vienna. The opposite of the chill factor made working in the hot city extremely difficult. Additionally, we tackled dealing with backend archaeology. A part of our internal application for managing the call for papers, the reviews, and the schedule celebrates its 10th birthday. I like code that runs smoothly despite platform updates, but now is the time for some changes. And no, we do not expose the code to the Internet. You can stop looking for it. 😉 We just finished the major part of reviews of the submissions. It always takes a while, given that we start with the final review in August. Contacting people during Summer adds extra round trip
We confess. Our review cycle was interrupted by a week of holiday. Our team takes turns before the fourth wave breaks. We will keep watching the regulations for travel and our conference hotel. This being said, the schedule for DeepSec 2021 is ready and is published on our web site. 🥳 The contributions from our speakers and trainers look very promising. We tried to select the submissions according to a mix of technical details, academic research, ways to improve your defence, and details of attack techniques which might be deployed against your organisation. The trainings cover a wide range of topics from attacks on modern desktops app, fallacies of mobile networks, penetration testing of industrial control systems, breaking single sign-on systems, and dealing with threats and defence. We hope to offer you in-depth knowledge
In the past months we kept blogging about various issues in information security and news regarding our event in November. The Summer months are hard on the process of following news with articles. A lot of things happen, and software still has security-relevant bugs. It’s just that fewer people (than usual) care. We care, and therefore we will complete the reviews of your submissions. The preliminary schedule will be published soon. Thanks for taking your time! We appreciate your contributions. You have made the reviews very hard, as every year. 😉 If you still have some ideas, feel free to submit them!
The call for papers of DeepSec and DeepINTEL 2021 have their first deadline on 31 July 2021. Use the remaining days to send us your idea for your presentation. We are interested in your research, your ideas, and your reports about new threats. If you can’t find the time for writing your submission in the scorching heat, let the Pegasus malware take care of your personal communication for a while. We passed on the opportunity to write about surveillance gone out of control, because we wrote about security failures regularly since 2007. That being said, the Pegasus malware is of course a hot topic for DeepINTEL. High-powered and unchecked surveillance software can do a lot of damage to businesses and national security. Code has a significant impact on society and politics alike. Let’s hear
Communication is a vital part of modern life and business processes around the world. The rise of the Internet has put sending and receiving information at the centre of most activities. Anyone who has access to personal messages can use them to a significant advantage. Messengers live on billions of smartphones around the world. A compromised telephone opens the door to a treasure trove of highly valuable data. Welcome to the world of information warfare! Repeatedly we issued press articles covering broken secure communication and backdoors to devices. The most recent publications cover the initiative of the German government for mandatory security vulnerabilities in digital infrastructure. Information security cannot distinguish between the purpose of how technology is used. Especially the integrity of computer systems is either preserved or destroyed. There is no middle ground.
Logistics and supplies are the fuel that keeps modern society rolling. The COVID-19 pandemic has shown that delivery of goods, medical supplies, and work place administration is a part of our daily lives. The container ship Ever Given blocking the Suez Canal serves as an illustration of how important these lifelines are. Even the digital world is based on supply chains. The computer you use receives updates regularly. Chances are high that you even have some data in online platforms (a.k.a. The Cloud™) somewhere. Thinking in terms of information security, these dependencies are a natural target for attackers. Swedish supermarket customers currently suffer from a digital attack on the US-American company Kaseya. The company develops software for managing IT infrastructure. The REvil malware hit them and disabled clients using the VSA remote managing software
The year 2021 features some milestone anniversaries. Some of these anniversaries are tragedies. Others are milestones for change. A lot of them affect the world of information security. Technologies come and go, because more often than not we find better solutions. Implementations mature. Some don’t. So let’s take the anniversary of the RSA SecureID faux pas and combine it with the deleted tweet suggesting to replace TCP/IP with Something Based On Blockchain™. In order to grow and develop better applications, we should strife to improve how we approach the challenges of information security. Here is how we will do this. Read on. The DeepSec and DeepINTEL 2021 call for papers are still open. If you have in-depth content or have some observations to share, please submit your ideas! DeepSec is a 100% blockchain-free zone,
Being curious is the first step of answering a question. DeepSec has a long history of pushing the results of research on a public stage. Information security is a branch of computer science. Therefore, the scientific approach is the best way to tackle digital security. Past conferences have featured presentations about the work of dedicated groups of curious people. Now it’s your turn to get some extra support for your project. We have extended the deadline for the DeepSec scholarship program until the end of July 2021. We felt that having some extra time is never a bad idea. So if you have an idea for a research project, please let us know. Drop us an email or a message in a bottle.