1009, 2015

DeepSec 2015 Talk: “Yes, Now YOU Can Patch That Vulnerability Too!” A short Interview with Mitja Kolsek

Sanna/ September 10, 2015/ Discussion, Interview, Security

Patching software is a crucial task when it comes to fixing security vulnerabilities. While this totally works, usually you have to wait until the vendors or the developers provide you either an upgrade or a patch. What do you do in the meantime? Reducing the exposure of the software helps, but sometimes you have no choice. Public interfaces are public. There’s help. Do it yourself! Mitja Kolsek will tell you more. Please tell us the top 5 facts about your talk. We want to shake the security world by introducing a simple twist and essentially reinventing software patching. Attackers’ main advantage comes from software vulnerabilities (often very old and long-patched ones), which are a critical ingredient of most breaches into corporate and government networks. Unfortunately, most software vendors are lacking economical motivation for providing patches, let alone pro-actively

Read More

0309, 2015

The Enemy Within: Industrial Espionage and Your Network at DeepSec 2015

Sanna/ September 3, 2015/ Conference, High Entropy, Security

Networking is vital to aquire jobs in the business world, manage projects, and develop products. It all started with the World Wide Web, now we also interact via various clouds and social media platforms with our staff, clients, and customers. Data gets outsourced to third parties, and business letters are airily send by Instant Messenger (due to the lack of messenger ravens, sadly). But the thoughtless embrace of networks invites threats, previously known only from the silver screen – spies. And, unfortunately, in today’s digital environment, it is no longer enough to just close the door to protect yourself from prying eyes. There is much more to be considered. We’re here to help. DeepSec does not want to leave your company out in the cold: Attend our next conference which takes place in Vienna on

Read More

2406, 2015

Crypto Article: „Cornerstones of German Encryption Policy“ from 1999 are still in place

Sanna/ June 24, 2015/ Discussion, Security

We have some more translated news for you. In theory it is an article about policies and the process of law-making. In practice it concerns the use of encryption and everyone relying on service providers (mostly connected to the Internet, i.e. „cloud providers“). No matter how cool your start-up is and what its products aim to replace, information security will probably need a backdoor-free and working encryption technology as a core component. This is exactly why you cannot stay focused on the technology alone. Threats may come in the guise of new laws or regulations (think Wassenaar Arrangement). Matthias Monroy has some information about the official stance of the German government regarding the currently raging „crypto wars“. Enjoy! Federal Ministry of the Interior: The “Cornerstones of German encryption policy“ from 1999 still remain Source: netzpolitik.org Author: Matthias

Read More

2910, 2014

DeepSec 2014 Talk: Build Yourself a Risk Assessment Tool

Sanna/ October 29, 2014/ Conference, Interview

„The only advice I might give to everyone who is responsible for information security is that it is never about a tool or a methodology“, says Vlado Luknar. The never-ending quest for the “best” tool or methodology is a futile exercise. In the end it is you, the security specialist, who adds the most value to a risk assessment (RA) / threat modelling process for your company, claims Vlado Luknar (Orange Slovensko a.s. / France Telecom Orange Group).  In his talk at DeepSec Mr. Luknar will demonstrate that it is quite easy to capture your overall security knowledge in a home-made, free-of-charge tool.  But first, let’s ask Mr. Luknar a couple of questions: 1) Mr. Luknar, please tell us the top 5 facts about your talk! There is no problem with understanding existing RA

Read More

2810, 2014

DeepSec 2014 Talk: Cloud-based Data Validation Patterns… We need a new Approach!

Sanna/ October 28, 2014/ Conference, Interview

Data validation threats (e.g. sensitive data, injection attacks) account for the vast majority of security issues in any system, including cloud-based systems. Current methodology in nearly every organisation is to create data validation gates. But when an organisation implements a cloud-based strategy, these security-quality gates may inadvertently become bypassed or suppressed. Everyone relying on these filters should know how they can fail and what it means to your flow of data. Geoffrey Hill has been in the IT industry since 1990, when he developed and sold a C++ application to measure risk in the commodities markets in New York City. He was recently employed by Cigital Inc., a company that specializes in incorporating secure engineering development frameworks into the software development life-cycles of client organizations.  He was leading the software security initiative at a major phone

Read More

1907, 2013

Reminder: DeepSec – the Book: Call for Papers

Sanna/ July 19, 2013/ Administrivia, Call for Papers

Dear DeepSec speakers, this reminder goes out to you! We will publish a book about past and present DeepSec topics – To make this book a bummer we need your help! The book will be a summary, a factual overview on what’s been going on at our annual event, from 2008 – 2012, a collection of the most compelling talks and captivating topics we’ve featured at our conference so far. We want you to send us the abstracts of the talk you held at DeepSec – and we ask you to open up your topic once again. What’s been going on in the very special field you held your talk about? Have there been some new developments? Is your talk still up to date or does it seem kind of antiquated to you? If

Read More

2506, 2013

DeepSec Proceedings: The Book – Call for Papers Reminder

Sanna/ June 25, 2013/ Administrivia

Dear DeepSec speakers this goes out to you: It’s our pleasure to inform you that we will publish a book as proceedings about past and present DeepSec topics. A summary, a factual overview on what’s been going on at our annual event, from 2008 – 2012, a collection of the most compelling talks and captivating topics we’ve featured at our conference so far. To make this book a bummer we need your help. We want you to send us the abstracts of the talk you held at DeepSec – and we ask you to open up your topic once again. What’s been going on in the very special field you held your talk about? Have there been some new developments? Is your talk still up to date or does it seem kind of antiquated

Read More

2506, 2013

Timeless elegance: DeepSec T-Shirts 2011

Sanna/ June 25, 2013/ Administrivia, High Entropy

Somewhere it’s still 2011. In another dimension it’s probably always Monday. ANYWAY — for those of you who want to wear a garment of timeless elegance we have the very T-Shirt: DeepSec T-Shirt 2011 proudly presented by our favourite model, Mme Cyberduck.     Wow, look at this imprint   – neat, isn’t it? T- Shirt can be ordered either via e-mail Price: 25€ (VAT excluded) + shipping costs Payment: Prepay, either via Paypal or Credit Card or you can get them at our next conference, DeepSec 2013. C u!  

2205, 2013

We proudly present our 2012 DeepSec T-Shirts

Sanna/ May 22, 2013/ Administrivia

Finally! Our 2012 Deep Sec T’s have arrived – Yes, and they rock!     If you want a T-Shirt please write an e-mail to deepsec@deepsec.net including your size and your postal address so we can send it to you! Sizes available: M, L, XL Price: 25€ (VAT excluded) + shipping costs Payment: Prepay, either via Paypal or bank transfer If you have a VAT number please let us know, and we will include it in your invoice. Invoice will be sent with the T-Shirt. P.S.: There will be a 2011 T-Shirt Edition too –  We’ll keep you posted 🙂 Your DeepSec Crew.