Discussion

Manufacturers integrate Blockchain into Processors to counter Spectre and Meltdown

Posted by on April 1, 2018 at 12:01 am

The Spectre and Meltdown security vulnerabilities gathered a lot of attention in January. Processor manufacturers have rushed to fix the design of the chips and to patch products already in production. The vulnerabilities show that secure design is critical to our modern infrastructure. Computing has become ubiquitous, so has networking. The current fixes change the […]

Metrics, Measurement, and Information Security

Posted by on March 28, 2018 at 3:00 pm

Metric is a great word. Depending how you use it, it changes its meaning. The metric of a network path is quite different from the metric system. When it comes to measuring something, the might be an agreement. Why bother? Because we have heard of the term security metrics being used for something which should […]

Advanced and In-Depth Persistent Defence

Posted by on March 26, 2018 at 12:32 pm

The attribution problem in digital attacks is one of these problems that get solved over and over again. Of course, there are forensics methods, analysis of code samples, false flags, mistakes, and plenty of information to get things wrong. This is nothing new. Covering tracks is being done for thousands of years. Why should the […]

DeepSec 2018 calls for Trainings and Content – Focus Mobility

Posted by on January 31, 2018 at 2:05 pm

The DeepSec 2018 Call for Papers is open. The focus for this year is mobility. Mobile networks and mobile devices have established themselves firmly in our society. And mobility doesn’t end here. Transport is transforming into new technologies by incorporating access to data networks (yes, that’s the „Cloud“), the power grid (think electric vehicles), drones, […]

Meltdown & Spectre – Processors are Critical Infrastructure too

Posted by on January 6, 2018 at 6:04 pm

Information security researchers like to talk about and to analyse critical infrastructure. The power grid belongs to this kind of infrastructure, so does the Internet (or networks in general). Basically everything we use has components. Software developers rely on libraries. Usually you don’t want to solve a problem multiple times. Computer systems are built with […]

Notes on the ROOTS Schedule and the Conference

Posted by on November 14, 2017 at 11:35 am

We are all set for the conference on Thursday. We did some last minute changes to the schedule due to some speakers running into issues, but we can confirm almost all presentations.You may have noticed the ROOTS schedule. It’s a bit shorter than DeepSec’s, but both events are not competing. The review for ROOTS is […]

DeepSec 2017 Talk: Hacking The Brain For Fun And Profit – Stefan Hager

Posted by on October 2, 2017 at 8:15 am

You are what you think. At least we think so. Is this mental model the right way to explore our surroundings and our interconnected world? Well, let’s find out by thinking about it. When we’re talking and thinking about security, we very often have a rather fixed mindset and keep using what we think are […]

DeepINTEL Conference approaches the next generation of IT Security

Posted by on August 31, 2017 at 1:39 pm

Strategic Information Security: Predicting the Present DeepINTEL Conference presents Approaches to the Next Generation of Security Many products and approaches of information security are trying hard to predict the future. There is always a lot of talk about threats of the future, detection of attacks before they arise or the magic word “pro-active”.  But the […]

Decline of the Scientific Method: New (Austrian) “Trojan” Law without Technical Expertise

Posted by on August 3, 2017 at 2:27 pm

The Crypto Wars are still raging despite everyone relying on secure communication. Everyone means everyone. The good thing is that mathematics still works, even though some people wouldn’t want it to. The latest cryptographic review comes from Amber Rudd, the current UK Home Secretary. She said recently: “Real people often prefer ease of use and […]

Unicorns in the Wild – Information Security Skills and how to achieve them

Posted by on July 27, 2017 at 12:22 pm

Everyone talks about information security, countering „cyber“ threats, endless feats of hackers gone wrong/wild, and more epic stories. Once you have realised that you are reading the news and not a script for a TV series, you are left with one question: What are information security skills? The next question will probably be: How do […]

Malicious Software explores new Business Models – Politics

Posted by on July 19, 2017 at 2:25 pm

Malicious software has become a major component of criminal business and geopolitics. In addition it is a convenient explanation for anything one does not want to investigate. Since code always come from somewhere you have to ask yourself many more questions when it comes to infected networks and compromised hosts. What is the agenda of […]

BSidesLondon 2017 – Sharing is indeed Caring

Posted by on June 20, 2017 at 12:11 pm

When airport security meets information security it’s usually BSidesLondon time. It was a great experience. And since DeepSec sponsors the Rookie Track we had a very tough decision to make. It’s really hard to pick a winner. A lot of presentations were excellent, and the presenters made the most out of the 15 minutes. The […]

Disinformation Warfare – Attribution makes you Wannacry

Posted by on May 16, 2017 at 11:31 am

After the Wannacry malware wreaked havoc in networks, ticket vending machines, companies, and hospitals the clean-up has begun. This also means that the blame game has started. The first round of blame was distributed between Microsoft and the alleged inspiration for the code. The stance on vulnerabilities of security researchers is quite clear. Weaknesses in […]

Putting the Science into Security – Infosec with Style

Posted by on January 27, 2017 at 9:00 am

The world of information security is full of publications. It’s like being in a maze of twisted little documents, all of them alike. Sometimes these works of art lack structure, deep analysis, or simply reproducibility. Others are perfectly researched, contain (a defence of) arguments, proofs of concept, and solid code or documentation to make a point. […]

The Sound of „Cyber“ of Zero Days in the Wild – don’t forget the Facts

Posted by on January 26, 2017 at 11:40 am

The information security world is full of buzzwords. This fact is partly due to the relationship with information technology. No trend goes without the right amount of acronyms and leetspeaktechnobabble. For many decades this was not a problem. A while ago the Internet entered mainstream. Everyone is online. The digital world is highly connected. Terms […]