Apology – “Bad Things in Good Packages”

René Pfeiffer/ December 11, 2012/ Administrivia, Conference

We’re almost back to daily routine after having a wonderful DeepSec 2012. Given the feedback from speakers and attendees they loved the atmosphere at the conference and at the hotel. We are happy to hear about this and keep an open ear for further comments on your DeepSec experience. However, things can go wrong and they often will. There’s no way around this as every organisation team will confirm. Most of the problems were dealt with by our own damage control teams at the conference. There’s one issue that we wish to discuss openly. We received complaints via Twitter about the slides of the talk „Bad Things in Good Packages – Creative Exploit Delivery“ published by the speaker on Slideshare on 30 November 2012. The complaint was about the offensive portrayal of women. The

Read More

Using untrusted Network Environments

René Pfeiffer/ November 15, 2012/ Administrivia, Conference, Security

We mentioned on Twitter that DeepSec 2012 will again feature an open wireless network. This means that there will be no barriers when connecting to the Internet – no passwords, no login, no authentication and no encryption. Some of us are used to operate in untrusted environments, most others aren’t. So the tricky part is giving proper advice for all those who are not familiar with protecting their computing devices and network connections. We don’t know what your skills are, but we try to give some (hopefully) sensible hints. If you are well-versed with IT security and its tools, then you probably already know what you are doing. Nevertheless it’s a good habit to double-check. We caught one of our own sessions chairs with his crypto pants down and found a password – just

Read More

Booking Tickets for DeepSec 2012

René Pfeiffer/ September 27, 2012/ Administrivia

Regulars already know this. We use a ticket shop system for all tickets to DeepSec 2012 that can be booked online for both the conference and the workshops. We received some reports of failed bookings with various payment options, and we already informed the company responsible for the shop system. In case you encounter any errors, please report them to us via e-mail. The most important information is the time and date of your attempt (you know, logs and all that). Once we get this information we will try to figure out what the problem may be. We can also invoice you directly, but you have to tell us. Speaking of tickets, please make sure you book early. This is especially true for the trainings since some workshops are already close to being sold

Read More

DeepSec 2012 Schedule – In-Depth

René Pfeiffer/ September 19, 2012/ Administrivia, Conference

The schedule for DeepSec 2012 has now been online since August. The last two workshop slots have been filled with two superb training by McAfee/Foundstone. There are still some minor blind spots, but Your Favourite Editors work on this. We will start to describe every workshop in-depth with its own blog article, and we will do the same with every presentation. We will try to set every piece of DeepSec 2012’s content into perspective and context. We are really looking forward to the trainings and presentations of DeepSec 2012!

DeepSec 2012 Schedule

René Pfeiffer/ August 28, 2012/ Administrivia, Conference

The schedule for DeepSec 2012 is mostly stable (YMMV applies). We are still working on some content and will update the description. So this is the right time for you to take advantage of the early bird rates. We will describe every single workshop and presentation in our blog with an article because we want to give you more information on why we think the content is relevant and why you need to listen to the speaker. We have also contacted other security researchers for comments on the talks and will add their opinion and answer to the articles as well. Hope to see you all at DeepSec 2012!

A Word about Conference Conduct

René Pfeiffer/ August 7, 2012/ Administrivia, Conference, Discussion

You have probably been to conferences, and might even have seen hackers in the wild attending events. When it comes to events where IT security is discussed, everyone needs a friendly atmosphere so you can trust the people you meet. The DeepSec conference aims to be a place where these criteria are met. We want you to be able to talk to anyone about anything. Judging from the feedback we got this goal was met. We’d like to introduce a statement published on our web site to emphasise our mission. It’s a policy to express our intention to provide a friendly and safe environment for everyone talking at and attending DeepSec events (the policy covers all DeepSec activities). Before any of you jump to conclusions, let me explain why we added the policy as

Read More

How to register for DeepINTEL

René Pfeiffer/ July 10, 2012/ Administrivia

The link to the online registration for DeepINTEL tickets has been activated. We’ve added a shiny IFRAME and a direct link on the DeepINTEL site. Since DeepINTEL is a bit different from DeepSec, here are the steps to your ticket. Contact us by sending your name and your affiliation. We start the vetting process and might ask for additional information. You get the code for your ticket. You register, get your ticket and send us your itinerary so we can take care of accommodation and your arrival. That’s about all you need. We already explained that the DeepINTEL event contains information and knowledge exchange which will not be reflected in public. This is why we provide a little exercise in data loss prevention (difficulty level easy ☺). Any presentation materials provided by the speakers

Read More

DeepINTEL 2012 – Preliminary Schedule

René Pfeiffer/ July 3, 2012/ Administrivia, Schedule

This is the preliminary schedule of the first DeepINTEL seminar taking place in September 2012. We have more talks in the pipeline and the final decision won’t be long. Bear in mind that we will receive some additional information for some of the abstracts soon. The registration for DeepINTEL is online, too. If you are interested in attending DeepINTEL, please get in touch with us (you know, the vetting process and such). Please note that all further updates will be published at the main DeepINTEL web site. You will also find the speaker’s biographies there. Preventing and Detecting Mass-Malware and Advanced Threats (Tom “c-APT-ure” Ueltschi) Your organization has firewalls, network IDS/IPS, anti-virus on multiple layers, maybe even HIPS, hardening and patching done and feels pretty safe and secure. But lots of companies and organisations

Read More

DeepSec Announces DeepSec 365 Conference Track

René Pfeiffer/ April 1, 2012/ Administrivia, Conference, High Entropy

IT security has grown into a cornerstone of our modern society. We rely on data integrity, availability, and we do not wish our personal or business data to be mirrored on pastebin.com or other web sites. 2011 has been full of high-profile security-related incidents. 2012 will most certainly continue in this fashion. This cannot go on forever. Therefore we decided to address the lack of IT security conferences and boost their number considerably. Starting with 1 January 2013 we start the DeepSec 365 Conference Track – 365 DeepSec security conferences in 2013, one every day! We are currently finalising the deal with our conference venue. Even the tourism industry has acknowledged that there really is nothing besides hosting IT security events. Forget skiing, spas, clubbing, museums, sightseeing and all that, you want to see

Read More

Use Key Content for your Key Notes

René Pfeiffer/ March 21, 2012/ Administrivia, Security

There is some discussion about certain key note talks in the blogosphere and on mailing lists. Apparently there has been too much mentioning of mayhem and company ads lately. We will judge about this as soon as we have watched the video recordings of these talks. Until we have done that we’d like to point out that all our key note presentations go through the same Call for Papers mechanism as the „regular“ talks. This is true for DeepINTEL and DeepSec alike. It has also been true for all past DeepSec conferences. While we don’t mind provocative content, we still like our speakers to present high quality content. Paid content on the contrary is not always of high quality. As soon as you enter the realm of sponsored talks you’ll suddenly realise that presentations

Read More

DeepINTEL 2012 – Security Intelligence Call for Papers

René Pfeiffer/ February 17, 2012/ Administrivia, Security Intelligence

We already gave some hints on our security intelligence event we are planning for end of Summer. We now have a date and a venue: DeepINTEL will be held on September 3rd and 4th near Salzburg in Austria. This single track two day event addresses mainly critical infrastructure, state organizations (administrative and law enforcement), accredited CERTs, finance organizations and trusted parties and organizations with a strong relation or partnership to the aforementioned. Due to the sensitive topics and the nature of the participants and speakers we will have a vetting process for participants. We’d like to know our audience, so that we all can talk freely and openly during the event. If you have questions on this, please contact us directly via deepsec@deepsec.net or the contact information given on our web site. Here is

Read More

DeepSec 2012 – Call for Papers

René Pfeiffer/ February 10, 2012/ Administrivia, Conference

The Finux Tech Weekly episode containing an interview with MiKa and me beats our announcement of the Call for Papers by 4 hours, but here’s the text. Enjoy! DeepSec 2012 “Sector 6” – Call for Papers We are looking for talks and trainings for the DeepSec In-Depth Security Conference 2012 (“Sector 6”). We invite researchers, developers, auditors and everyone else dealing with information security to submit their work. We offer slots for talks and workshops, and we encourage everyone working on projects to present their results and findings. Please visit our updated website for more details about the venue, the schedule and information about our past conferences: https://deepsec.net/ The DeepSec offers a mix of different topics and aspects like current threats and vulnerabilities, social engineering and psychological aspects as well as security management and

Read More

DeepSec.net is on Strike!

René Pfeiffer/ January 18, 2012/ Administrivia, Internet

You have probably heard of the Stop Online Piracy Act (SOPA) and its chilling effects on the Internet and all its users. „The originally proposed bill would allow the U.S. Department of Justice, as well as copyright holders,to seek court orders against websites accused of enabling or facilitating copyright infringement. “ (quote taken from the Wikipedia article)  SOPA is a major security risk for it advocates to change the DNS zones for specific domains. Blocking would be done by DNS, so the bill compromises the Internet’s infrastructure. Speaking from the view of security researchers we would like to quote the white paper written by Steve Crocker and Dan Kaminsky: From an operational standpoint, a resolution failure from a nameserver subject to a court order and from a hacked nameserver would be indistinguishable. Users running

Read More

Intelligent Security and DeepSec Events in 2012

René Pfeiffer/ January 9, 2012/ Administrivia

After the Christmas break we are back and continue to plan DeepSec events for 2012. Judging from the news on Twitter and the web there’s ample demand to look behind the scenes and to question „well-established facts“ or myths. We could have skipped vacation and kept on blogging throughout Christmas and New Year’s Eve. There was the Stratfor hack, Anonymous activity, rumours about back doors in operating systems, leaked anti-virus source code and hacking military networks. 2012 starts right where 2011 left off. And we haven’t even watched most of the 28C3 videos! So we will have two major DeepSec events in 2012. There’s the DeepSec 2012 in November (we’re currently fixing the exact date) and there will be a second event in Summer. More details follow in the course of next week when

Read More