About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.

1305, 2020

Administrivia for DeepSec, DeepINTEL, and trainings

René Pfeiffer/ May 13, 2020/ Administrivia, Conference

We cleared some administrative obstacles in the past weeks. The conference hotel has confirmed that DeepSec and DeepINTEL can happen in November. Of course, we cannot look into the future, but technically everything is in place. We still don’t know how the regulations for events will look like, but we definitely plan to have a traditional conference in November. DeepSec and especially DeepINTEL cannot be moved easily into a virtual venue. We rely on face-to-face communication, having groups of people chat in our lounge areas, and random encounters in the foyer. One way or another we are convinced that this can happen. We will let you know about any changes, but we will carefully proceed. In order to improve the way you can learn new things and practice your security skills we made some

Read More

0205, 2020

Update on DeepSec / DeepINTEL / ROOTS 2020 with regards to Covid-19

René Pfeiffer/ May 2, 2020/ Administrivia, Discussion, High Entropy

Lacking time travel we have no way to know what will happen in November 2020. That’s not news to us. We closely follow the development of the current Covid-19 crisis, and we constantly evaluate our plans for DeepSec, DeepINTEL, and ROOTS 2020. Given the current state of affairs and the experiments in various countries (including Austria) with lowering the restrictions for business and public life, we believe that our conferences can take place in November. There may be restrictions still present in November with regard to travel and protection measures at our venue. We have developed a schedule for keeping you informed. Additionally we have plans for changing the schedule in order to guarantee the minimum level of content required by our call for papers process. Updates regarding the state of our events in

Read More

0205, 2020

First DeepSec 2020 Trainings confirmed

René Pfeiffer/ May 2, 2020/ Conference

We haven’t been idle in the past weeks. The Austrian government is reducing the lock-down rules to see how normal business and private life can go on. We take this as an opportunity to announce the first three confirmed trainings for DeepSec 2020. The preliminary descriptions can be found on our schedule web site. Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation – Dawid Czagan (Silesia Security Lab) Open Hardware Hacking – Paula de la Hoz Garrido (Telefónica Security Engineering) Defending Industrial Control Systems – Tobias Zillner & Thomas Brandstetter (Limes Security) Early Bird tickets are available. Given the unusual start into 2020 we ask you to consider buying Early Bird tickets (especially for the trainings). We are exploring special attendee tickets for remote attendance of the trainings. A

Read More

1704, 2020

Contact Tracing and the Security of Things

René Pfeiffer/ April 17, 2020/ Call for Papers, Discussion

The spread of Sars-Cov-2 keeps everyone on their toes. Given the emotional state after weeks and months of physical distancing (which we recommend; social distancing has been the norm for decades). We have closed our office in March and heavily rely on telecommunication. Fortunately we did not need to reinvent the Internet. Many of you have probably done the same. We hope that you manage to stay healthy until things can get back to “normal”. Speaking of communication and normality, there are some aspects of the current situation we like to point out. Every security conference features presentations shedding light on important tools, libraries, applications, or protocols people rely on. Humans like to communicate. The degree varies, but essentially few can do without talking, writing, hearing, or seeing stuff (i.e. messages). This is even

Read More

0104, 2020

It’s April Fool’s Day – 7/24 and 365 Days of the Year

René Pfeiffer/ April 1, 2020/ Discussion, High Entropy

The first day of April is typically the time where you hide well-written pieces of misinformation to trick people into believing something that isn’t true. We published our share of April Fool’s Day articles in the past. While this was and still is fun we believe that it is time to break with this tradition. Hiding something that isn’t true within a stream of informative articles or news items has become a major way of influencing opinion. Good comedy does the same, but the outcome is different. Satirical news are a means to criticise by exaggerating or focussing on an issue. The typical audience of comedy expects this. The distinction between satire and reality have almost disappeared in the past decade. So if you are looking for entertainment there are plenty of other sources

Read More

1603, 2020

Status Update with regard to the current Sars-Cov-2 / Covid-19 Emergency

René Pfeiffer/ March 16, 2020/ Administrivia

We wrote in an earlier blog article about the current Sars-Cov-2 / Covid-19 emergency. Mathematics and biology didn’t stop, so you (hopefully) live in an area with restrictions regarding crowds and place where people can’t keep a safe distance. We, the organisation team of DeepSec, are in close contact with peers, members of the community, and reliable sources of information regarding countermeasures by the Austrian government. Given the current state of affairs the November dates of our events are still in the far future. This means that nothing has changed for our plans. Our calls for papers are still open. The only change will be no marketing messages and advertising for DeepSec and DeepINTEL. We don’t think that a crisis should be used for one’s own advantage. Please stick to facts and verified sources

Read More

1103, 2020

War Dialing Video Conference Systems

René Pfeiffer/ March 11, 2020/ Security

Do you remember the Golden Age of Wardialing? The idea back then was to try calling phone numbers and to see if a computer systems answers. This methods still works, because you can wardial any system with a suitable addressing scheme. VoIP wardialing is a lot easier since you do not need a modem. You just need to send signalling messages. Video conferencing systems are no exception. They have to do signalling, too. Furthermore, participants of a meeting need to join and leave. For joining there must be a process that authenticates participants. Usually you get a conference identification number and maybe a PIN code. Other systems require an account, so that you have to log in first. Finding conference rooms gets real easy if you just need an URL. The Bavarian Ministry of

Read More

0303, 2020

When? Where? What? Introducing https://deepsec.events/

René Pfeiffer/ March 3, 2020/ Administrivia, Conference, DeepIntel

Reading the calendar gets difficult given the many places people – including us – post dates. Furthermore, we have a habit of not detecting typos and not putting our dates in proper variables and rendering them out to the web consistently. So we create a little jump page called DeepSec Events. On this web site you will find all the most important facts about everything DeepSec. Our graphic designer went a bit overboard, but we hope the design is pleasing to your eyes.

2802, 2020

Complexity of Dependencies in Multidimensional Systems – Corona Virus

René Pfeiffer/ February 28, 2020/ Administrivia, Conference, High Entropy

This blog is often silent. Our policy is to publish if there is real information to send out. DeepSec is all about facts. We don’t do speculation. Sometimes it is hard to idly watch „news“ being published, revised, withdrawn, altered, commented, and even deleted. We, to the best of our abilities, try not to publish something which doesn’t hold. But we read and watch a lot or articles, opinion, and other sources. For the rare cases where we need to publish our opinion we have created the High Entropy category in this blog. This category is all about the things we like to discuss. This time it’s about biology, containment, and IT security defence. Let’s have a look at the current coronavirus. We are in touch with various partners in different countries. You may

Read More

2602, 2020

Continuous Integration Ticket Shop for Conference Tickets is now open – book often, book early!

René Pfeiffer/ February 26, 2020/ Administrivia, Conference, DeepIntel

Running an event is a highly dynamic operation. This is especially true for (information security) conferences, even more so for trainings. We have seen our share of sad faces when the training of your choice didn’t happen, because people booked the ticket too late. In order to avoid great disappointments, the ticket shops for DeepSec and DeepINTEL are now open. Spread the word! And put some SDL into your tickets – book early, book often!

2602, 2020

DeepSec 2020 Call for Papers is open!

René Pfeiffer/ February 26, 2020/ Call for Papers, Conference

We are looking for presentations and trainings for the next DeepSec In-Depth Security Conference. DeepSec 2020 will explore the focus masquerade. Attribution is hard. To make matters worse for everyone connected to information security – masquerade is ubiquitously present in hardware and software. You might also call some of it disinformation, which was the world of the year 2019. Security-wise many things hide behind a façade. Disinformation is the tool of the trade these days. So DeepSec 2020 has chosen the motto “Masquerade” for this year. Tell us where the veils are, what camouflages are used, and expose the real threats! You can submit your content via our call for papers page on our web site. We have also a special email address for content submissions. You can either use cfp [at] deepsec [dot]

Read More

1402, 2020

BSidesLondon – Mentors wanted!

René Pfeiffer/ February 14, 2020/ Administrivia, Conference

You may have heard of the BSides London Rookie Track. It’s the track with the 15 minutes presentation slots where people who have never presented at a security conference before can give it a try. Take me word for it, preparing these 15 minutes is hard work. Even if you had your share of presentations you still have to put some thought into the structure, the material, and the way you want to make your point(s). It’s easier for veterans. It’s hell for rookies. Even with a moderately cleaned pile of information the first drafts of your presentation take ages. In addition you probably make all the mistakes we all made before. This is where the mentors come in. Mentors are experts in their field and have presented before. And mentors we want! Why

Read More

1202, 2020

Rookie Track Registration BSidesLondon – don’t miss the deadlines!

René Pfeiffer/ February 12, 2020/ Call for Papers, Conference

BSidesLondon has opened the Rookie Track registration. Submit your project ideas. Get a chance to present at an information security event. Let mentors guide you to the stage. We are pretty sure that you have something to share with us. This won’t be the last reminder. Deadlines are closer than you think, quite similar to objects in the rear view mirror. We enjoyed many Rookie presentations at BSidesLondon, and your content is valuable to the audience. The fact that seats get scarce very quickly is a good indicator that your contribution should be submitted to the Rookie Track registration before the call for presentation closes. The best two rookies will get the opportunity to travel to Vienna in November and attend DeepSec 2020. The first rookie can relax and enjoy our conference. The second

Read More

1102, 2020

DeepSec 2020 Scholar Program – Call for Applications

René Pfeiffer/ February 11, 2020/ Administrivia, Call for Papers, Conference

DeepSec 2020 wants to support your project. We have teamed up with partners to foster research in information security. We already support the BSidesLondon Rookie Track, support the Reversing and Offensive-oriented Trends Symposium (ROOTS), publish the DeepSec Chronicles, and support individuals in their research. Now we want to go one step further. Purpose: To encourage research by young professionals and academics on new and emerging cyber security issues, information security, new ways to use technology, defence, offence, and weaknesses in hardware/software/designs. Suggested Topics: Vulnerabilities in mobile devices, vulnerabilities in the Internet of Things (IoT), advances in polymorphic code, software attacks on hardware wallets, side channel attacks, hacking industrial control systems and smart cities, quantum and post quantum computing, penetration testing – defining what it means and standardization, and related topics. Let your creativity run

Read More

0502, 2020

Secure Design – Combining Information Security with Software Development

René Pfeiffer/ February 5, 2020/ Discussion, High Entropy

Information security researchers usually see software fail. Sometimes they try to make software fail on purpose. The result is a bug description, also called vulnerability report in case the bug has a security impact. The the best case scenario this information reaches the software developers who in turn fix the problem. Then the cycle continues. This process is fun for the first iterations. After a while it gets boring. Even a while after that you ask yourself why integer overflow, injection attacks, and basic cross-anything is still an issue. Some bug classes are well over 40 years old. Polio is far older, and yet we got rid of it (mostly). What’s different in the field of software creation? The answers are simple, endless, and change depending on the current trend. Just as computing changed

Read More