Discussion

Translated RadioFM4 Article: Hype about “Chinese Espionage Chips” stems from the Pentagon

Posted by on October 16, 2018 at 11:55 am

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience, because the author raises some important questions.] In the FM4 fact check the sensational report by the business […]

Translated Press Release: Systemic Errors as Vulnerabilities – Backdoors and Trojan Horses

Posted by on October 9, 2018 at 9:01 pm

DeepSec and Privacy Week highlight consequences of backdoors in IT Vienna (pts009/09.10.2018/09:15) – Ever since the first messages were sent, people try to intercept them. Today, our modern communication society writes more small, digital notes than one can read along. Everything is protected with methods of mathematics – encryption is omnipresent on the Internet. The […]

DeepSec 2018 Talk: Left of Boom – Brian Contos

Posted by on September 13, 2018 at 8:45 am

By Brian Contos, CISO of Verodin: “The idea for my presentation “Left of Boom” was based on conversations I was having with some of my co-workers at Verodin. Many people on our team are former military and some served in Iraq and Afghanistan where they engaged in anti-IED (Improvised Explosive Device) missions. During these conversations […]

DeepSec 2018 Talk: Can not See the Wood for the Trees – Too Many Security Standards for Automation Industry – Frank Ackermann

Posted by on September 4, 2018 at 9:05 am

“Plant operators and manufacturers are currently faced with many challenges in the field of automation.”, says Frank Ackermann. “Issues such as digitization, Industry 4.0, legal requirements or complex business processes that connect IT and OT are paramount. Related security problems and risks need to be addressed promptly and lastingly. Existing and newly created industry security […]

New in the DeepSec Ticket Shop: Tor Tickets for Early Birds and InfoSec Minds

Posted by on July 17, 2018 at 2:41 pm

We have a new category in the DeepSec ticket shop. We now have Tor tickets! Why is that? Well, information security relies heavily on the tools of the trade and the knowledge to use them. Tools can be created and used, knowledge can be shared and used. This is not a new insight. The special […]

Thoughts on the Information Security Skill Set

Posted by on July 13, 2018 at 5:55 pm

As mentioned in an earlier blog article we moved our office infrastructure to a new location. Once you use a space for more than a decade things inevitably pile up. So I had to sort through hardware, software (on optical storage hardware and floppy disks), lecture notes from a previous life, ancient project documentation, and […]

BSidesLondon 2018 Rookie Track Follow-Up

Posted by on June 8, 2018 at 12:44 pm

We would like to share some impressions about the BSidesLondon 2018 Rookie Track presentations. It gets hard and harder to tell which one of the talks is the best. And picking a winner is not the right approach. We do this, because we can only invite one person to DeepSec, and because the intention is […]

Big Data Analytica – What Attackers might be after

Posted by on June 8, 2018 at 8:15 am

A while ago the Cambridge Analytica issue rocked the news and the online discussions about how personal data and profiles should be used. Frankly the surprise of data being abused comes as a surprise. The terms and conditions of most online portals, services, and platforms contains lots of rights – which you give to the […]

Manufacturers integrate Blockchain into Processors to counter Spectre and Meltdown

Posted by on April 1, 2018 at 12:01 am

The Spectre and Meltdown security vulnerabilities gathered a lot of attention in January. Processor manufacturers have rushed to fix the design of the chips and to patch products already in production. The vulnerabilities show that secure design is critical to our modern infrastructure. Computing has become ubiquitous, so has networking. The current fixes change the […]

Metrics, Measurement, and Information Security

Posted by on March 28, 2018 at 3:00 pm

Metric is a great word. Depending how you use it, it changes its meaning. The metric of a network path is quite different from the metric system. When it comes to measuring something, the might be an agreement. Why bother? Because we have heard of the term security metrics being used for something which should […]

Advanced and In-Depth Persistent Defence

Posted by on March 26, 2018 at 12:32 pm

The attribution problem in digital attacks is one of these problems that get solved over and over again. Of course, there are forensics methods, analysis of code samples, false flags, mistakes, and plenty of information to get things wrong. This is nothing new. Covering tracks is being done for thousands of years. Why should the […]

DeepSec 2018 calls for Trainings and Content – Focus Mobility

Posted by on January 31, 2018 at 2:05 pm

The DeepSec 2018 Call for Papers is open. The focus for this year is mobility. Mobile networks and mobile devices have established themselves firmly in our society. And mobility doesn’t end here. Transport is transforming into new technologies by incorporating access to data networks (yes, that’s the „Cloud“), the power grid (think electric vehicles), drones, […]

Meltdown & Spectre – Processors are Critical Infrastructure too

Posted by on January 6, 2018 at 6:04 pm

Information security researchers like to talk about and to analyse critical infrastructure. The power grid belongs to this kind of infrastructure, so does the Internet (or networks in general). Basically everything we use has components. Software developers rely on libraries. Usually you don’t want to solve a problem multiple times. Computer systems are built with […]

Notes on the ROOTS Schedule and the Conference

Posted by on November 14, 2017 at 11:35 am

We are all set for the conference on Thursday. We did some last minute changes to the schedule due to some speakers running into issues, but we can confirm almost all presentations.You may have noticed the ROOTS schedule. It’s a bit shorter than DeepSec’s, but both events are not competing. The review for ROOTS is […]

DeepSec 2017 Talk: Hacking The Brain For Fun And Profit – Stefan Hager

Posted by on October 2, 2017 at 8:15 am

You are what you think. At least we think so. Is this mental model the right way to explore our surroundings and our interconnected world? Well, let’s find out by thinking about it. When we’re talking and thinking about security, we very often have a rather fixed mindset and keep using what we think are […]