DeepSec 2023 ended a week ago, and it was amazing! We shout out a big thanks to all the speakers and all the attendees that made the conference memorable! Usually there is a period of several days after the conference where you hear nothing from us. We are not hibernating; we are in full post-production mode. Office life has caught up. The video material is currently being prepared for upload. Everyone who attended the conference will get early access to the presentations. Bear with us. We will send a notification once everything is ready. For everyone who missed the closing presentation, here are the dates for our events in 2024. Open your calendar, mark the dates. Also, do not forget to book early! We have a limit because of the conference venue safety regulations.
The call for papers of DeepSec 2023 and DeepINTEL 2023 is open! You can submit your ideas for presentations and trainings via our CfP manager form. Content for DeepINTEL should be sent to use directly (but you can use the same web form, just mention what you have in mind). This year’s focus will be on the wonderful world of artificial intelligence, machine learning, and related algorithms. The GPT language models have gained notoriety in the media. All the shiny algorithms still lack cognitive skills, but they are decent simulations of communication. Big companies rush to add dumb conversation simulators to their products. What does this mean from the information security perspective? If you have found weaknesses in chat simulators or AI/ML filters, please let us know. It’s your turn to tell HAL 9000
Our traditional Winter break has been a bit longer than anticipated. We are working on the call for papers for DeepSec and DeepINTEL 2023 (14 to 17 November 2023). The location has not changed, so we can focus on the content of the conferences. This is a good time to check if you are on our call for papers mailing list. If you like our regular reminders and updates, please subscribe or tell us what email address we should add. Speaking of communication, the sabotage of Twitter continues. Today the APIs for posting content are limited to paid subscribers. This deliberately stops cross-posting content to Twitter from other sources. It affects updates from our blogs and updates via mobile phones, because we never used the official Twitter app (and will not in the future).
We are a bit late with the summaries from our event. Let’s start with some public information from DeepINTEL 2022. The conference is a closed event where security experts can openly discuss updates on threats, capabilities of potential adversaries, and all kinds of intelligence information related to information security. Steph Shample, an expert from the Middle East Institute (MEI), gave an update on Iran’s capabilities in past and present APT, cybercrime, ransomware, and cryptocurrency. The connections of Iran with China and Russia were discussed, too. Given the invasion of Ukraine, Russia is trying to get support for its digital operations. Mohammed Soliman, also from the Middle East Institute, presented his research on the technology containment strategy by the US administration. The stance regarding 5G serves as a blueprint. It is important to emphasise that
We often abuse the term big picture as an analogy for a better perspective on things. With security intelligence, this is true. The DeepINTEL conference covers the strategic aspects of IT security, analyses the capabilities of potential (and actual) adversaries, and helps to bridge the gap between individual experiences of security researchers and targets. DeepINTEL 2022 has started. Topic-wise advanced persistent threats, the current geopolitical situation, psychological warfare with digital means, and techniques of malicious software in attacks are the primary focus. Selected aspects will be published in articles on this blog after the conference, because the DeepINTEL is a TLP:AMBER event.
DeepSec 2021 Press Release: Organized Espionage on Digital Devices. DeepSec Conference Warns: Searching for “Forbidden” Data on Clients Compromises Information Security.
A basic principle of information security is access control. We are all used to the fact that data is only available to people and systems with the right authorizations. The discussion about the search for prohibited image files on Apple systems sparked the discussion about the so-called Client-Side Scanning (CSS) technology. Searching for specific content past access restrictions has always been an appealing shortcut. It is now clear that CSS leads to serious problems that endanger the basis of information security and do not bring the hoped-for benefits. Instead, there are additional security loopholes. Search of end devices Lately, the EU Commission and law enforcement authorities have repeatedly addressed the issue of circumventing secure encryption. In mathematical terms, we cannot carry strong encryption out without stored duplicate keys or deliberately weakening the technologies used.
IT security has a lot of catching up to do, digitization is on an insecure foundation. The COVID-19 pandemic will celebrate its second birthday next year. Our everyday life has become more dependent on digital tools and platforms. If you want to rely on the convenience of the digital world, data and communication must not be threatened by weak points. Unfortunately, this is not the case, which is why the annual DeepSec IT security conference will again address threats for companies and authorities this year. Expectations Digitization is largely viewed uncritically as a metaphorical bringer of salvation. It should make work easier, make information more accessible, reduce administration and, in principle, solve or at least reduce problems in every area. The term Artificial Intelligence is often used when promoting the future. In the key
DeepSec 2021 Press Release: Surveillance as Organized Crime – DeepSec Conference Criticizes Pegasus Spy Software as a legal Vacuum
The information published by the Pegasus Project consortium on the systematic abuse of this monitoring software for smartphones clearly shows that rampant surveillance can hardly be distinguished from organized crime. Security experts are increasingly warning against the hoarding of unknown security vulnerabilities by companies that develop espionage products. Information security for society, authorities and the economy are incompatible with the existence of such tools. In addition, they represent a threat to the national security of every country. We can only maintain a real locational advantage for Europe through consistent IT security. Battle for Communication Content Since the first discussions about the availability of strong encryption for private individuals and companies, the security of digital communication has been hotly contested. In the 1990s, the US government wanted to enshrine access to messages and calls from
Press Release: Germany Stipulates Security Gaps by Law – DeepSec Conference Warns: Legal Anchoring of the State Trojans Destroys the Security of the Infrastructure.
People on business trips are accustomed to take precautions against untrustworthy Internet access. Employees have been equipped with Virtual Private Network (VPN) technology in order to have secure access to company resources and internal systems. VPNs are also often used to circumvent the insecurity of the so-called last mile, i.e. the connection between your own computer and the actual systems on the Internet. The law, which was passed in the German Bundestag on June 10th, creates opportunities for the use of so-called State Trojans (term literally translated from the German Staatstrojaner, meaning a malicious piece of software provided and used by authorities). This institutionalizes security gaps so that state Trojans can be installed on end systems. The safe home office is a thing of the past. Comprehensive surveillance through digital intrusions The alterations to
Planning events is still challenging. The COVID-19 pandemic celebrated its first birthday. Despite efforts not to have the second birthday of the pandemic, the ever changing regulations and statues updates regarding the infections make preparations for conferences very hard. We know you want to plan as well, therefore we have an update for you. DeepSec, ROOTS, and DeepINTEL will happen on-site here in Vienna. We closely coordinate with our conference hotel. Their staff is eager to reopen. Everything depends on the rate of vaccination and the regulations issued by the European and Austrian authorities. There is not much we can influence. Given our health protection measure we worked out last year, we are well prepared to handle everything short of a total lockdown. We don’t do any forecasts at the moment. The next months
DeepSec Press Release: DeepSec and DeepINTEL 2020 as a hybrid conference. IT security in unusual times – events enable virtual access.
There’s nothing like “business as usual” in information security. Vulnerabilities in software, malware, campaigns to attack companies and organizations as well as defending your own infrastructure know no break. In recent months, digital networking has been put to the test as the most important pillar of society and working life. It is often forgotten that not every chic app, every portal and digital trend is trustworthy. For security reasons the annual DeepSec and DeepINTEL conferences will run as a hybrid event. Virtual lectures and face-to-face presentations will be equally accessible to all participants and speakers. Digital protection has never been more important Digitization is quickly pronounced. Software is even faster labelled as secure. Unfortunately, the last few decades of security research have shown that weak points can only be reduced through consistent secure design
DeepSec 2020 Press Release: Digital information security has human weaknesses – DeepINTEL Security Intelligence Conference discusses strategic IT security in Vienna.
In the last few decades, everyday professional and private life has been increasingly permeated by modern technologies and networked communication. In addition to many conveniences, this has also created difficult challenges for information security. Therefore more and more complex technical solutions are celebrated at many security conferences. The problem with the problems that are to be solved in this way: The human factor and its weak points, which can do totally without digitization. The DeepINTEL conference therefore deals with the interrelationships and strategic background of information security in order to minimize threats and improve protection in the long term. Errors in the System are part of the Foundation Reports of data leaks and spectacular break-ins appear in the news again and again. Unfortunately, only the results are shown. Of course, the search for clues
Reading the calendar gets difficult given the many places people – including us – post dates. Furthermore, we have a habit of not detecting typos and not putting our dates in proper variables and rendering them out to the web consistently. So we create a little jump page called DeepSec Events. On this web site you will find all the most important facts about everything DeepSec. Our graphic designer went a bit overboard, but we hope the design is pleasing to your eyes.
Running an event is a highly dynamic operation. This is especially true for (information security) conferences, even more so for trainings. We have seen our share of sad faces when the training of your choice didn’t happen, because people booked the ticket too late. In order to avoid great disappointments, the ticket shops for DeepSec and DeepINTEL are now open. Spread the word! And put some SDL into your tickets – book early, book often!
We took some time off to deal with the administrative side of running the DeepSec conference. Additionally some of us were engaged in project work. 2020 started early this time. There is a lot to do behind the scenes, especially in times where reading the news doesn’t help you to navigate the rest of the year. We also finished the travel plans for the year, so we will have some information where and when to connect to DeepSec. The most important information for you: There will be a DeepSec & DeepINTEL conference in 2020. There will also be a Reversing and Offensive-oriented Trends Symposium (ROOTS) again in 2020. The call for papers are in preparation and will open in two weeks. The dates are as follows: DeepSec Trainings 17/18 November 2020 DeepINTEL Conference 18