[This is the blog version of our monthly DeepSec Scuttlebutt musings. You can subscribe to the DeepSec Scuttlebug mailing list, if you want to read the content directly in your email client.] Dear readers, the Summer temperatures are rising. The year 2023 features the highest measured temperatures in measurement history. This is no surprise. The models predicting what we see and feel now have been created in the 1970s by Exxon. So far, the model has been quite accurate. What has this to do with information security? Well, infosec also uses models for attack and defence, too. The principles of information security has stayed the same, despite the various trends. These are the building blocks of our security models. They can be adapted, but the overall principles have little changed from two-hosts-networks to the
Today the call for papers for DeepSec 2023 and DeepINTEL 2023 ends. If you have some ideas, please let us know by submitting a proposal. Since we have a lot of experience with reviewing presentation outlines. Before you create a brief description of your mind-blowing talk, please have a look at our suggestions. The title is important! Don’t go overboard with cryptic memes, insider jokes, or movie titles. Not everyone will have the knowledge of understanding what the presentation is about. Your title needs to reflect what you are talking about. You can always use subtitles or a tag line if you really want to mimic film posters. Also keep it short! The 80 letter limit is not only for Usenet veterans. Long titles are hard to memorise. Your title should not replace the
The Summer holidays may already be here, but we have something to think about over the weekend. The call for papers for both DeepSec and DeepINTEL 2023 is still open. It ends on 31 July 2023. The focus for DeepSec will be on the use of large language model algorithms (we don’t like the term artificial intelligence, because there are not cognitive functions involved in the current LLMs). How can these toys be used for offensive of defensive purposes? Can you improve existing security measures by adding LLMs? What are the dangers of these LLMs for your own digital assets? Let us know. DeepINTEL is looking for all things security intelligence. The focus is on detecting and analysing attacks. Estimating the capabilities of (y)our adversaries is also of interest. In case you have some
[This message was published via our DeepSec Scuttlebutt mailing list. The text was written by a human. This is a repost via our blog and Mastodon. Our Call for Papers for DeepSec 2023 is still running. If you have interesting content, please submit your idea.] Dear readers, the wonderful world of computer science and teaching courses has kept me busy. The scuttlebutt mailing list has the aim of having at least one letter per month. It is now the end of June, and the Summer has begun here in Vienna. The university courses have finished. The grades are ready. More projects are waiting. In information society, it is never a good idea to wait until something happens. A lot of blue teams are busy improving defences, testing configurations, and rehearsing their processes. However, there
The call for papers of DeepSec 2023 and DeepINTEL 2023 is open! You can submit your ideas for presentations and trainings via our CfP manager form. Content for DeepINTEL should be sent to use directly (but you can use the same web form, just mention what you have in mind). This year’s focus will be on the wonderful world of artificial intelligence, machine learning, and related algorithms. The GPT language models have gained notoriety in the media. All the shiny algorithms still lack cognitive skills, but they are decent simulations of communication. Big companies rush to add dumb conversation simulators to their products. What does this mean from the information security perspective? If you have found weaknesses in chat simulators or AI/ML filters, please let us know. It’s your turn to tell HAL 9000
We have been radio silent for quite a while. This is not because of the lack of content or ideas. Information security has long attained mainstream status. We all rely on software and hardware all the time. Instead, we were stuck in administrative tasks. We have found a new location for the conference. In addition, we are working behind the scenes on code updates of our web page. The call for papers manager, the functions that create the schedule and render the website have aged. Speaking of the call for papers, it is still open! We are looking for presentations about the current state of security. If you found a bug or a design flaw, let’s hear about it. There are lots of applications out there. There must be something that’s broken. CVE has
We have been busy behind the scenes, as always. The call for papers for DeepSec 2022 is open. We accept submissions for presentations and trainings. This also includes ROOTS 2022 and DeepINTEL 2022. The dates are the same as announced at the closing of DeepSec 2021. DeepSec 2022 Trainings – 15 / 16 November 2022 DeepINTEL 2022 – 16 November 2022 DeepSec 2022 / ROOTS 2022 Conference – 17 / 18 November 2022 We ask all trainers to submit proposals for trainings as early as possible. We will select submitted trainings and publish a preliminary schedule in April. Hope to see you in November!
Planning events is still challenging. The COVID-19 pandemic celebrated its first birthday. Despite efforts not to have the second birthday of the pandemic, the ever changing regulations and statues updates regarding the infections make preparations for conferences very hard. We know you want to plan as well, therefore we have an update for you. DeepSec, ROOTS, and DeepINTEL will happen on-site here in Vienna. We closely coordinate with our conference hotel. Their staff is eager to reopen. Everything depends on the rate of vaccination and the regulations issued by the European and Austrian authorities. There is not much we can influence. Given our health protection measure we worked out last year, we are well prepared to handle everything short of a total lockdown. We don’t do any forecasts at the moment. The next months
DeepSec 2021 is looking for your ideas, solutions, incident reports, insights, and expertise. The call for papers is open. You can submit your contribution via our call for papers manager online. If you have questions or want to submit additional material, please use the online form and send an email to us. DeepSec has always presented a mix of attack and defence presentations. The motto for 2021 connects both approaches. Studying how adversaries work, what tools they employ, how they plan their attack, and what they do once they get access is vital to your defence. IT infrastructure has grown over the years. Defence has a lot to take care of. If you have any ideas how to help the defenders, please let us know. Topics covering attacks should always contain some advice on
The Call for Papers of DeepSec, DeepINTEL, and ROOTS have a deadline. DeepSec and DeepINTEL have set he first deadline to 31 July 2020. We will accept submissions after this date, but everyone who submitted before the deadline will be reviewed first. Since all speakers are entitled to benefits which depend on their presence at the conference we decided to extend these offers. If you submit your presentation for the 2020 events and cannot attend, then all benefits such as entry to the conference, travel cost reimbursement, our famous speaker’s dinner, your stay at the hotel, and everything else will stay valid until DeepSec 2021. The only condition is that your content must be presented (either virtually or by proxy). The offer is valid for DeepSec and ROOTS. DeepINTEL is a special case, because
We have added another training to the schedule. Irene Michlin (IBM) will teach you about threat modelling and how to integrate threats into your software development life cycle. Further details will be published in our blog. Speaking of content – the call for papers for both DeepSec and DeepINTEL are still open. We are looking for your contribution. And then there is the inevitable update on DeepSec and the current pandemic situation. A lot of countries discuss how to proceed in terms of regulations, health protection, and logistics such as travel. We would very much link to official information on travel, accommodation, additional procedures during our event, and how DeepSec will look like in November. Sadly we cannot do this yet. The facts are that the Austrian hotels open on 29 May 2020 again.
The spread of Sars-Cov-2 keeps everyone on their toes. Given the emotional state after weeks and months of physical distancing (which we recommend; social distancing has been the norm for decades). We have closed our office in March and heavily rely on telecommunication. Fortunately we did not need to reinvent the Internet. Many of you have probably done the same. We hope that you manage to stay healthy until things can get back to “normal”. Speaking of communication and normality, there are some aspects of the current situation we like to point out. Every security conference features presentations shedding light on important tools, libraries, applications, or protocols people rely on. Humans like to communicate. The degree varies, but essentially few can do without talking, writing, hearing, or seeing stuff (i.e. messages). This is even
We are looking for presentations and trainings for the next DeepSec In-Depth Security Conference. DeepSec 2020 will explore the focus masquerade. Attribution is hard. To make matters worse for everyone connected to information security – masquerade is ubiquitously present in hardware and software. You might also call some of it disinformation, which was the world of the year 2019. Security-wise many things hide behind a façade. Disinformation is the tool of the trade these days. So DeepSec 2020 has chosen the motto “Masquerade” for this year. Tell us where the veils are, what camouflages are used, and expose the real threats! You can submit your content via our call for papers page on our web site. We have also a special email address for content submissions. You can either use cfp [at] deepsec [dot]
BSidesLondon has opened the Rookie Track registration. Submit your project ideas. Get a chance to present at an information security event. Let mentors guide you to the stage. We are pretty sure that you have something to share with us. This won’t be the last reminder. Deadlines are closer than you think, quite similar to objects in the rear view mirror. We enjoyed many Rookie presentations at BSidesLondon, and your content is valuable to the audience. The fact that seats get scarce very quickly is a good indicator that your contribution should be submitted to the Rookie Track registration before the call for presentation closes. The best two rookies will get the opportunity to travel to Vienna in November and attend DeepSec 2020. The first rookie can relax and enjoy our conference. The second
DeepSec 2020 wants to support your project. We have teamed up with partners to foster research in information security. We already support the BSidesLondon Rookie Track, support the Reversing and Offensive-oriented Trends Symposium (ROOTS), publish the DeepSec Chronicles, and support individuals in their research. Now we want to go one step further. Purpose: To encourage research by young professionals and academics on new and emerging cyber security issues, information security, new ways to use technology, defence, offence, and weaknesses in hardware/software/designs. Suggested Topics: Vulnerabilities in mobile devices, vulnerabilities in the Internet of Things (IoT), advances in polymorphic code, software attacks on hardware wallets, side channel attacks, hacking industrial control systems and smart cities, quantum and post quantum computing, penetration testing – defining what it means and standardization, and related topics. Let your creativity run