Conference Network Survival Guide for DeepSec 2011

René Pfeiffer/ November 8, 2011/ Administrivia

For all of you who frequently visits „hacking hot spots“ this should be familiar. For all others who blindly trust the Net it should be a wake-up call. Here’s a short and probably incomplete check-list in case you are preparing for DeepSec 2011 or any other event with a public Internet access (the CCC has a more complete list on their event web site). Secure your operating system (vendor and type doesn’t matter). Backup your data. Do run a firewall or a similar filter on your device (vendor and type doesn’t matter). The hostile network starts right at your antenna or Ethernet jack (again regardless of vendor and layer 1 technology). Try to use a VPN tunnel to a trusted network (such as your company or home network). Tunnel all traffic through your VPN

Read More

Encrypted Communication with DeepSec

René Pfeiffer/ September 4, 2011/ Administrivia

For all of you who do not pay close attention to our contact section on our web site, we offer various way to communicate via encrypted messages. We have published two GPG keys, one for our role account (key 0x22860969)  and one for a person from our organisation team (key 0x6E4037AF). Use PGP/MIME format if possible (ASCII armour is so old school ☺). We have set up an e-mail forwarding service via privacybox.de. You can use a standard web form, a form suited for mobile clients and a form reachable via a TOR hidden service. While we have no idea how privacybox.de handle their own security, it’s a nice service. You can always double- or triple-encrypt if in doubt. When on IRC (channel #deepsec on irc.freenode.net, usually most active prior to and shortly after

Read More

Preliminary Schedule of DeepSec 2011 published

René Pfeiffer/ August 19, 2011/ Administrivia, Conference

Finally we have reviewed all your submissions, and we have published a preliminary schedule on our web site. We have not filled all workshop slots, because some of the workshop submissions are still under review and some submitters have been asked for further material. We wish to express our deepest thanks for your submissions! We received much more than we possibly can squeeze into the conference schedule, most of the material being absolutely new and of high interest. We had a hard time rejecting talks, so don’t be sad if you couldn’t make it this time. So, to everyone whose submission was rejected: We will contact you again. The topics range from encryption, attacking mobile devices, IT compliance management, SAP weaknesses (yes, SAP deployments can be attacked, really), cyber-peace (we’re curious as well), insights

Read More

Evaluating your CfP submissions for DeepSec 2010

René Pfeiffer/ July 31, 2011/ Administrivia

We’ve been busy attending the 1. Sicherheitspolitische Aufbauakademie des Bundesverbandes Sicherheitspolitik an Hochschulen in the past days, so we will not comment the submission for DeepSec 2011 immediately. Gathering from the summaries and descriptions so far we are every impressed. DeepSec 2011 will feature some serious talks and new content. Thanks for taking your time and considering to hold a talk at our conference! We will need some time to sort through all submissions and rank them. We may come back to you for questions, but you will get a notice on the state of your submission as soon as possible. Stay tuned! In case you want to submit a talk late, please drop it into our mailbox or use the Call for Papers manager. You will be ranked after the submission that we

Read More

Last Call for DeepSec 2011 – Reminder – Call for Papers!

René Pfeiffer/ July 17, 2011/ Administrivia, Conference

Come on, get your submissions in order and send them to us! The past weeks were full of vulnerabilities, exploits in action and illustrated security very well. Let’s recall what we are looking for. Mobile computing and communications (the protocols and the gadgets) IPv6 (again protocols and the gadgets) Security management and IT governance (a.k.a. “The Big Picture”) Cloud computing and virtualisation (a.k.a. infrastructure 2.0) Security intelligence (few have it) Psychological aspect of security (social engineering, usable security, …) Topics that have a high impact on IT security (or your/our life in general) Design flaws (“defective by design”, the bugs are out there…) We’re looking for workshops, talks and submissions from young talents (U21). Updates and reviews are welcome provided they are still a threat (the web never gets boring for example). New uses

Read More

Reminder – Call for Papers DeepSec 2011 – deadline approaching

René Pfeiffer/ June 30, 2011/ Administrivia, Conference

In case you have not yet prepared a submission for DeepSec 2011, please consider to do so. The deadline is approaching! We have already received submissions, but we have a hard time believing that everything is secure out there. That can’t be, you know it, and we know it. Submit your in-depths talks and workshops, give our programme committee some work to do, and maybe we can even have some in-depth lulz, who knows. Speaking of security and design flaws, don’t forget the ubiquitous web interfaces. Everyone and everything has a web interface – your bank, your government, your routers, your servers, your average smart meter (measuring electricity/water/gas consumption), your printers, your household appliances, your TV set, your video/audio player and possibly a lot of devices you are unaware of. Of course, feel free

Read More

Some Slides from DeepSec 2009

René Pfeiffer/ June 24, 2011/ Administrivia, Conference

Some of you might already noticed the videos from the DeepSec 2009 conference on Vimeo. Sadly we don’t have all the slides for all talks, but here are some documents from our archive. #TwitterRisks: Bot C&C, Data Loss, Intel Collection & More by Ben Feinstein – Slides Dynamic Binary Instrumentation for Deobfuscation and Unpacking by Daniel Reynaud and Jean-Yves Marion – Slides Windows Secure Kernel Development by Fermin J. Serna – Slides Stoned déjà vu – again by Peter Kleissner – Slides Key Management Death Match? Competing KM Standards Technical Deep Dive by Marc Massar – Slides USB Device Drivers: A Stepping Stone into your Kernel by Moritz Jodeit and Martin Johns – Slides eKimono: Detecting Rootkits inside Virtual Machine by Nguyen Anh Quynh – Slides Ownage 2.0 by Saumil Shah – Slides

DeepSec 2011 Focus: Usable Security

René Pfeiffer/ June 13, 2011/ Administrivia, Conference

A few days ago we uploaded the keynote speech held by Matt Watchinski at DeepSec 2009. The title was: „Technology Won’t Save You, Only People Will“ This statement can be turned into the opposite: Technology won’t threaten you, people will. We’re not talking about threats from insiders turned rogue. We are talking about holes in your defence because of  badly configured or mishandled security devices and software. This has nothing to do with being Bastard Operator from Hell and putting the blame on the users or colleagues. A modern company infrastructure has to deal with a lot of  complexity all by itself. Adding security won’t reduce this complexity. Adding badly designed user interfaces (for security devices and options), confusing status/error messages and hardly comprehensible settings will most certainly increase the risk of security incidents.

Read More

Registration for DeepSec 2011 is now open!

René Pfeiffer/ June 1, 2011/ Administrivia, Conference

The registration for DeepSec 2011 is now officially open. You can register for the conference, workshops or both. We offer three booking phases: Early Bird, Regular and Last Minute. Please keep in mind that the Early Bird tickets are the cheapest. The longer you wait, the more you have to pay. Since the Call for Papers is still running the workshop slots are empty, but you can buy workshop or conference+workshop tickets now and decide which workshop you want later (when we publish the schedule). If you have any questions, drop us a few lines.

DeepSec Conference Videos

René Pfeiffer/ May 27, 2011/ Administrivia, Conference

Finally we found some time to sort through the video recording legacy of past DeepSec conferences. We’ve been asked for video material repeatedly since we record all talks held at DeepSec (except those where the speaker does not want to be published on video). Let me explain what the state of our video archive is. All video recordings were done by different teams consisting of video professionals, volunteers from Metalab and students of the St. Pölten University of Applied Sciences. We used different camera equipment, sound feeds due to changes with the audio system on-site and various storage media because of different digital cameras on-site. The videos of DeepSec 2007 are on Google Video since June 2008. We have re-added them to our internal archive, and we noticed that killab66661 has added the videos

Read More

DeepSec 2011 Focus: Security Management and IT Governance

René Pfeiffer/ May 23, 2011/ Administrivia, Conference

Have you lost track of the risks that may or may not impact your security? How good are the facts you base your security decisions on? Does your organisation follow defined procedures in terms of deploying, monitoring or evaluating security measures? Who decides what’s next and what’s being phased out? Is there a way to get more sleep while fencing off risk factors at the same time? It’s very easy to get lost in the details and drown in the various tools of the security trade. Every day something happens. A single 0day can ruin your meticulously designed schedule. It would be nice to get a grip on the dynamics and introduce more stability. CIOs need to address the Big Picture. That’s exactly why we mentioned security management in our CfP. We’d like to

Read More

DeepSec 2011 Focus: IPv6 and Next Generation Networks

René Pfeiffer/ May 13, 2011/ Administrivia, Conference

Since 3 February 2011 the IPv4 pool is now officially and fully depleted. „Peak IPv4“ was a long time ago. IANA can no longer hand out any IPv4 address space. Everyone who needs more address space will be force to look to IPv6. What about security? Are there any benefits? Has IPv6 eliminated all the weaknesses known with IPv4? Those who attended DeepSec 2010 already know the answers to these questions. Mark Heuse conducted a workshop and held a talk about IPv6 security. There’s no doubt that IPv6 is coming to town. Due to tunnels some networks even have IPv6 connectivity, some without even knowing. Setting up a tunnel with a router in your local network is easy. The router will announce itself to local nodes which will in turn automatically grab addresses and

Read More

DeepSec 2011 – Call for Papers opened!

René Pfeiffer/ April 15, 2011/ Administrivia, Conference

For the fifth time the DeepSec In-Depth Security Conference invites security researchers and professionals to submit suggestions for talks and workshops for our conference which will take place in November 2011 in Vienna. Please visit our updated website for more details about the venue, the schedule and information about our past conferences. We’re currently migrating the old content and collect the data from the old server in order to present archives of the past conference web sites. The DeepSec offers a mix of different topics and aspects like current threats and vulnerabilities, social engineering and psychological aspects as well as security management and philosophy. Our speakers and trainers traditionally come from the security community, companies, hacker spaces and academic organisations. We’ve updated the CfP, and you can submit content for three categories: Talks for

Read More

BSidesVienna: Call For Papers

René Pfeiffer/ April 5, 2011/ Administrivia, Conference

In the wake of the 23rd annual FIRST conference there will be a B-Sides Vienna event together with the NinjaCon 11, 3rd edition. The B-Sides Vienna will be on June 18th, as will be the NinjaCon 11. The Call For Papers is now open and we ask you to submit your material! At B-Sides Vienna aka NinjaCon 11, we’re looking forward to see a selection of trainings, hands-on workshops, 50-minute presetations and 15-minute lightning talks. As we understand ourselves as an open, international event, the official conference language for all talks, trainings and workshops (as well as submitted abstracts), as always, is English. Topics of interest include (but are in no way limited to) the following: Information technology, network security, web application security, virtualisation and cloud computing, innovative attack strategies, forensics, embedded devices, physical

Read More

DeepSec 2011 – Call for Papers out soon

René Pfeiffer/ March 14, 2011/ Administrivia, Conference

We’re currently working on the Call for Papers for DeepSec 2011. The conference will take places from 15 to 18 November 2011, so you might want to save this date and mark it in your calendar. Mobile gadgets, the wonderful world of app stores filled with mal- and software, infrastructure and information war(rez)fare are top on the list of Things To Watch Out For™. We will sum up what we’re after in the CfP published on our new web site.