0411, 2023

DeepSec on Air – Live on Radio Orange, 1000 (CEST), 6 November 2023

René Pfeiffer/ November 4, 2023/ Communication, Conference/ 0 comments

We do not maintain a podcast or a video streaming channel. It’s hard to keep up with writing texts. On Monday, 6 November 2023, at 1000 (CEST) there will be a live broadcast. We will talk about the upcoming DeepSec and DeepINTEL events, the topics on the DeepSec schedule, and many more aspects. If you can spare an hour of your time, you can listen to us. The conversation will be in German, though. Maybe some stochastic parrot with a filter can produce a transcript later. The show announcement can be found on the Radio Orange web site. For the sake of convenience, here is a quote: 14. bis 17. November findet die DeepSec 2023 statt, am 15. folgt die DeepINTEL, dazwischen treibt der Third-Person-Track sein Wesen. Vier Tage, an denen im Rahmen von

Read More

3107, 2023

Helpful Hints for writing Presentations

René Pfeiffer/ July 31, 2023/ Call for Papers, Communication, Conference/ 0 comments

Today the call for papers for DeepSec 2023 and DeepINTEL 2023 ends. If you have some ideas, please let us know by submitting a proposal. Since we have a lot of experience with reviewing presentation outlines. Before you create a brief description of your mind-blowing talk, please have a look at our suggestions. The title is important! Don’t go overboard with cryptic memes, insider jokes, or movie titles. Not everyone will have the knowledge of understanding what the presentation is about. Your title needs to reflect what you are talking about. You can always use subtitles or a tag line if you really want to mimic film posters. Also keep it short! The 80 letter limit is not only for Usenet veterans. Long titles are hard to memorise. Your title should not replace the

Read More

0707, 2023

Reminder – Call for Papers DeepSec and DeepINTEL 2023

René Pfeiffer/ July 7, 2023/ Call for Papers, Communication/ 0 comments

The Summer holidays may already be here, but we have something to think about over the weekend. The call for papers for both DeepSec and DeepINTEL 2023 is still open. It ends on 31 July 2023. The focus for DeepSec will be on the use of large language model algorithms (we don’t like the term artificial intelligence, because there are not cognitive functions involved in the current LLMs). How can these toys be used for offensive of defensive purposes? Can you improve existing security measures by adding LLMs? What are the dangers of these LLMs for your own digital assets? Let us know. DeepINTEL is looking for all things security intelligence. The focus is on detecting and analysing attacks. Estimating the capabilities of (y)our adversaries is also of interest. In case you have some

Read More

1304, 2023

No more automatic Updates for our Twitter Account

René Pfeiffer/ April 13, 2023/ Administrivia, Communication

There will be no more automatic updates on our Twitter account. The synchronisation between our blog and Twitter has been deactivated. The reason is the erratic course Twitter is on. All social media platform benefit from their users and the content that these platforms receive free of charge. We do not want to contribute to a forum any longer that doesn’t respect the efforts of journalists working on fact-based articles. There are a lot more reasons for stopping to use Twitter as a publication platform. Our motivation was the article titled „Danke für den Fisch!“ (translated “Thanks for the fish!”) by Michael Seemann, a German journalist. The article is in German, so you probably need to translate it. Michael explains some strong points for leaving Twitter. Synchronised content and more news about DeepSec and

Read More

0902, 2023

Call for Papers Preparations, Social Media, and other Updates

René Pfeiffer/ February 9, 2023/ Administrivia, Communication, DeepIntel

Our traditional Winter break has been a bit longer than anticipated. We are working on the call for papers for DeepSec and DeepINTEL 2023 (14 to 17 November 2023). The location has not changed, so we can focus on the content of the conferences. This is a good time to check if you are on our call for papers mailing list. If you like our regular reminders and updates, please subscribe or tell us what email address we should add. Speaking of communication, the sabotage of Twitter continues. Today the APIs for posting content are limited to paid subscribers. This deliberately stops cross-posting content to Twitter from other sources. It affects updates from our blogs and updates via mobile phones, because we never used the official Twitter app (and will not in the future).

Read More

2112, 2022

Translated Article: Russia’s Satellite Spy Station in Vienna with Technology from NATO Suppliers.

Sanna/ December 21, 2022/ Communication, Stories

Russlands Sat-Spionagestation in Wien mit Technik von NATO-Lieferanten by Erich Moechel for fm4.ORF.at [Nobody can hide from geopolitics, neither hacker, nor governments, or even satellite antennas. Erich is a passionate ham radio operator and investigative journalist. He inspected OSINT sources and wrote a summary about an installation in Vienna run by the Russian Federation. If you are interested in wireless technology, then this article is for you.] All components of the four large dishes come either from the Canadian company Norsat or from Swedish Microwave (SMW). Norsat is a contracting company of NATO and the Pentagon, SMW likewise primarily supplies military. An analysis of high-resolution photos of the antennas on the roof of Russia’s UN embassy in Vienna’s 22nd district has revealed something astonishing. Most of the receiver modules of the most powerful antennas come

Read More

0306, 2019

Translated Article: EU Prosecutors call for Security Holes in 5G Standards

Sanna/ June 3, 2019/ Communication, Discussion, High Entropy, Security

EU-Strafverfolger fordern Sicherheitslücken in 5G-Standards for fm4 by Erich Moechel The telecoms are to be forced to align the technical design of their 5G networks with the monitoring needs of the police authorities. In addition, security holes in the 5G protocols are required to enable monitoring by IMSI catchers. Gilles de Kerchove, EU counter-terrorism coordinator, warns against the planned security standards for the new 5G mobile networks. The reason for this are neither network components of the Chinese manufacturer Huawei, nor technical defects. De Kerchove’s warnings are directed against the planned high degree of network security, according to an internal document of the EU Council of Ministers, available to ORF.at. These measures to protect against criminals as well as the planned 5G network architecture stand in the way of the installation of backdoors for

Read More

0304, 2019

BSidesLondon Rookie Track – Personalities, Stories, Presentations

René Pfeiffer/ April 3, 2019/ Communication, Conference

In past articles we have written about the BSidesLondon Rookie Track. We also spread to call for mentors a while ago. Let’s talk about the people who will present at the Rookie Track and who haven’t spoken at conferences yet. While there exist a lot of helpful advice out there on how to speak, how to prepare, how to structure your presentation, there is one thing that can’t be created from scratch – your personality. It defines a lot of what you will be doing on the stage. It will also be a key component of your talk, so you should spend some time to think about this important factor. Social media, blogs, and discussions sometimes mention the term infosec rock star. This label carries a lot of different meanings. More often than not

Read More

0610, 2017

DeepSec 2017 Talk: Insecurity In Information Technology – Tanya Janca

Sanna/ October 6, 2017/ Communication, Conference, Security

A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation is further strained. This silo-filled, tension-laced situation, coupled with short deadlines and mounting pressure from management, often leads to stress, anxiety and less-than-ideal reactions from developers and security people alike. In this talk Tanya Janca will explain how people’s personal insecurities can be brought out by leadership decisions in the way we manage our application security programs, and how this can lead to real-life vulnerabilities in software and other IT products.  This is not a soft talk about “feelings”, this is a talk about creating

Read More

2101, 2017

Putting the Context into the Crypto of Secure Messengers

René Pfeiffer/ January 21, 2017/ Communication, Discussion, Internet

Every once in a while the world of encrypted/secure/authenticated messaging hits the wall of usability. In the case for email Pretty Good Privacy (PGP) is an ancient piece of software. These days we have modern tools such as GnuPG, but the concept of creating keys, verifying identities (i.e. determining who is to trust), synchronising trust/keys with communication partners, and handling the software in case something goes wrong is quite a challenge. Plus things might change. People revoke their keys, devices get lost, data gets deleted, people create new keys or even (digital) identities, or do lots of things that is either anticipated by the software developers or not. Communication is not static. There are moving parts involved, especially the communication partners might move a lot. So crypto is hard, we know this. Discussing secure

Read More

1407, 2016

The Internet of Threats revisited

René Pfeiffer/ July 14, 2016/ Communication, High Entropy, Internet

Everyone is talking about the Internet of Things. Connecting household applications (yes, applications, appliances is so 1990s) to a network hasn’t been more fun than now. Also measuring things is great. Today most sensors are deployed to generate endless streams of data because we can, not because there is a need for it. And I haven’t even talked about the information security aspect yet. Let’s take a step back into 1995/1996. Those were the days of the first browser wars. Jamie Zawinski has a quote of the Law of Software Envelopment on his web site. Every program attempts to expand until it can read mail. Those programs which cannot so expand are replaced by ones which can. The proof of concept was undertaken by creating the Netscape Mail and News client. Processing email once

Read More

0303, 2016

DeepSec Video: Visualizing Wi-Fi Packets the Hacker’s Way

René Pfeiffer/ March 3, 2016/ Communication, Conference, Security, Stories

Like the Force wireless data/infrastructure packets are all around us. Both have a light and a dark side. It all depends on your intentions. Lacking the midi-chlorians we have to rely on other sources to get a picture of the wireless forces in and around the (network) perimeter. At DeepSec 2015 Milan Gabor held a presentation about visualisation of wi-fi packets: Today visualizing Wi-Fi traffic is more or less limited to console windows and analyze different logs from an aircrack-ng toolset. There are some commercial tools, but if we want to stay in the Open/Free Source Code (FOSS) area we need to find better solutions. So we used ELK stack to gather, hold, index and visualize data and a modified version of an airodump tool for input. With this you can create amazing dashboards,

Read More

1811, 2015

Terrorism – No Time for Backdoors

René Pfeiffer/ November 18, 2015/ Communication, Discussion, High Entropy, Security

Every successful project needs proper planning and a good project management. You know this from your business life, probably. Projects can’t be done without tools for communication. We all use these day by day. Email, telephone, collaboration platforms, social media, instant messengers, and more software is readily available. Access to communication tools has spread. Exchanging messages has also evolved a lot since the 1990s. Given the diversity of the Internet, messages are now encrypted (hopefully). It is a very basic defence against any third parties, or Eve, both being unable to eavesdrop on the conversation. Especially when you do business and talk money, encryption is your closest friend. Why else would you meet indoors and control the access of persons to your office space? Why not discuss business internals while riding public transport? Some

Read More

0202, 2015

Encrypted Messaging, Secure by Design – RedPhone and TextSecure for iOS

René Pfeiffer/ February 2, 2015/ Communication, Security

Encrypted communication is periodically in the news. A few weeks ago politicians asked companies and individuals all over the world to break the design of all secure communication. Demanding less security in an age where digital threats are increasing is a tremendously bad idea. Cryptographic algorithms are a basic component of information security. Encryption is used to protect data while being transported or stored on devices. Strong authentication is a part of this as well. If you don’t know who or what talks to you, then you are easy prey for frauds. Should you be interested in ways to improve the security of your messaging and phone calls, we recommend watching the presentation of Dr. Christine Corbett Moran. She is the lead developer of the iOS team at Open WhisperSystems. She talks about bringing

Read More

0201, 2014

Applied Crypto Hardening (ACH) Project

René Pfeiffer/ January 2, 2014/ Communication, Security

DeepSec 2013 featured a talk about the Applied Crypto Hardening (ACH) project. In the wake of the discussion about attacks on cryptography itself and implementations of cryptographic standards almost every aspect of encrypted communication needs to be reviewed. Since system administrators, developers, and other IT staff usually has not the same expertise as crypto experts, the ACH project was formed. Its goal is to compile a reference for the best practice configuration of systems that use cryptographic components. The ACH guide covers SSL/TLS, virtual private network (VPN), algorithms, key sizes, (pseudo) random generators, and more. The advice is targeted at everyone seeking to improve the cryptographic capabilities of software and appliances. Hardening crypto is part of the basic security measures everyone should take care of. It needs to become a habit, just like everything

Read More