High Entropy

New in the DeepSec Ticket Shop: Tor Tickets for Early Birds and InfoSec Minds

Posted by on July 17, 2018 at 2:41 pm

We have a new category in the DeepSec ticket shop. We now have Tor tickets! Why is that? Well, information security relies heavily on the tools of the trade and the knowledge to use them. Tools can be created and used, knowledge can be shared and used. This is not a new insight. The special […]

How the BND monitors Communication in Austria

Posted by on July 12, 2018 at 10:41 am

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience.] How the BND monitors communication in Austria At the most important connection to the Frankfurt node DE-CIX data […]

Infrastructure Update – Privacy Shield, Call for Papers, DNSSEC, ROOTS, and Humidity

Posted by on July 11, 2018 at 10:22 pm

Our blog has been a bit silent in the past weeks, because we had to move some stuff around and rearrange our infrastructure. The old office had a problem with too much water. Leaking is for whistleblowers, not water pipes. Rain is fine if the water can get to the drains. If you take a […]

BSidesLondon 2018 Rookie Track Follow-Up

Posted by on June 8, 2018 at 12:44 pm

We would like to share some impressions about the BSidesLondon 2018 Rookie Track presentations. It gets hard and harder to tell which one of the talks is the best. And picking a winner is not the right approach. We do this, because we can only invite one person to DeepSec, and because the intention is […]

Big Data Analytica – What Attackers might be after

Posted by on June 8, 2018 at 8:15 am

A while ago the Cambridge Analytica issue rocked the news and the online discussions about how personal data and profiles should be used. Frankly the surprise of data being abused comes as a surprise. The terms and conditions of most online portals, services, and platforms contains lots of rights – which you give to the […]

DSGVO / GDPR / RGPD Update – We have Policies and Stuff!

Posted by on May 25, 2018 at 3:40 pm

In information security policies are like opinions – everyone has one or more. So this is why we did some updating. You can now find our privacy policy on the main DeepSec web site and on our blog. We use few third party services, because most of our infrastructure is hosted on our own systems. […]

#efail, Crypto, HTML, PDF, and other complex Topics

Posted by on May 14, 2018 at 3:27 pm

You probably have noticed the #efail hashtag that came with the claim that the crypto world of PGP/GPG and S/MIME is about to end. Apocalyptic announcements were made. The real news is due for 15 May 2018 (i.e. the publication with all the facts). There was even the advice to stop using encryption until more […]

Manufacturers integrate Blockchain into Processors to counter Spectre and Meltdown

Posted by on April 1, 2018 at 12:01 am

The Spectre and Meltdown security vulnerabilities gathered a lot of attention in January. Processor manufacturers have rushed to fix the design of the chips and to patch products already in production. The vulnerabilities show that secure design is critical to our modern infrastructure. Computing has become ubiquitous, so has networking. The current fixes change the […]

Metrics, Measurement, and Information Security

Posted by on March 28, 2018 at 3:00 pm

Metric is a great word. Depending how you use it, it changes its meaning. The metric of a network path is quite different from the metric system. When it comes to measuring something, the might be an agreement. Why bother? Because we have heard of the term security metrics being used for something which should […]

The Grotesqueness of the “Federal Hack” of the German Government Network

Posted by on March 19, 2018 at 1:44 pm

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience. We will follow-up on it with an article of our own about attribution, digital warfare, security intelligence, and […]

Meltdown & Spectre – Processors are Critical Infrastructure too

Posted by on January 6, 2018 at 6:04 pm

Information security researchers like to talk about and to analyse critical infrastructure. The power grid belongs to this kind of infrastructure, so does the Internet (or networks in general). Basically everything we use has components. Software developers rely on libraries. Usually you don’t want to solve a problem multiple times. Computer systems are built with […]

DeepSec 2017 Talk: How I Rob Banks – Freakyclown

Posted by on November 14, 2017 at 11:23 am

You are in for an adventure at DeepSec this year. We have a tour on robbing banks for you: A light-hearted trip through security failures both physical and electronic that have enabled me over the years to circumvent security of most of the worlds largest banks. Through the use of tales from the front line […]

Screening of “The Maze” at DeepSec 2017

Posted by on November 3, 2017 at 4:08 pm

We have some news for you. Everyone attending DeepSec 2017 will get a cinematic finish on the last day of the conference. We will be showing The Maze by Friedrich Moser. For all who don’t know Friedrich’s works: He is the director of A Good American which was screened at DeepSec 2015. The Maze is […]

The only responsible Encryption is End-to-End Encryption

Posted by on October 30, 2017 at 5:02 pm

Last week the Privacy Week 2017 took place. Seven days full of workshops and presentations about privacy. This also included some security content as well. We provided some background information about the Internet of Things, data everyone of us leaks, and the assessment of backdoors in cryptography and operating systems. It’s amazing to see for […]

DeepSec 2017 Schedule Update, Review Status, Disputes, and Trainings

Posted by on September 26, 2017 at 12:53 am

The DeepSec 2017 schedule is still preliminary. We are almost done, and we have a small update. Some of you have noticed that the schedule featured a training about mobile security. The outline as shown as in the schedule was identical to a different course from a different trainer. We received a complaint, we got […]