DeepSec conference focuses on everyday devices as a risk for corporate IT. Attacks on the digital infrastructure of companies, authorities and organizations are often staged as a cinema spectacle in the reporting. Unfortunately the opposite is the case. A burglary in digital infrastructure happens without any broken glass or smashed doors. Attackers can only be successful if superficially everything continues as before. They don’t come through the windows or the underground car park, but via everyday applications on the desktop or smartphone. This year’s DeepSec security conference is therefore trying to sharpen the view on everyday life in the office and at the workplace. Two-day training sessions are offered focusing on workplace hazards, as well as two days of lectures to bring you up to speed. War for the desktop and personal devices Few
DeepSec security conference warns of the growing market for spy tools. Information technology has gained a new acronym: Private-Sector Offensive Actor (PSOA). PSOA means something like a private-sector offensive opponent. The specific case of a PSOA has also reached Austria because of research by Microsoft®. An Austrian company is accused of being involved in digital attacks on Microsoft® customers in Europe and Central America. The case illustrates that spyware continues to be developed and used as a dangerous threat to information security. The DeepSec security conference taking place in November repeatedly warns against such technology and will deal specifically with the details of industrial espionage. Threatening security as a business model Bypassing security measures is a lucrative business model. Companies are active in this field all over the world. Some buy knowledge of security
DeepSec security conference reminds you of basic IT protection and secure system architecture. Malware attacks that encrypt data of victims seem to have increased recently. In fact, these ransomware attacks are only part of an evolution among the attackers. Attack software moves with the times. An important reason for the accumulation is the standstill in defense. This year’s DeepSec security conference offers exchange with experts and high-quality further training for protecting your own IT. Basic Misunderstandings Comparing the reports of incidents involving ransomware attacks, one might conclude that these are inevitable natural events. Of course, that’s not the case. If one sticks to the biological analogy of the virus, a favorable combination of prerequisites for the infestation of ransomware results. In the beginning, there is always a deception in the form of a fake
DeepSec 2021 Press Release: Organized Espionage on Digital Devices. DeepSec Conference Warns: Searching for “Forbidden” Data on Clients Compromises Information Security.
A basic principle of information security is access control. We are all used to the fact that data is only available to people and systems with the right authorizations. The discussion about the search for prohibited image files on Apple systems sparked the discussion about the so-called Client-Side Scanning (CSS) technology. Searching for specific content past access restrictions has always been an appealing shortcut. It is now clear that CSS leads to serious problems that endanger the basis of information security and do not bring the hoped-for benefits. Instead, there are additional security loopholes. Search of end devices Lately, the EU Commission and law enforcement authorities have repeatedly addressed the issue of circumventing secure encryption. In mathematical terms, we cannot carry strong encryption out without stored duplicate keys or deliberately weakening the technologies used.
Home office relocates the digital company door across countries and cities into the living space. Teleworking has been around for over 50 years. The virtual way of working has gained a lot in importance since last year. The pandemic has increased the distance and technology for the home workplace has made a real breakthrough. Unfortunately, the same cannot be said for information security. Many installations lack basic security, especially when using personal devices without company in-house configuration. The DeepSec conference and Certitude Consulting warn against the use of systems without adequate protection. Bring your own demise with private hardware The COVID-19 pandemic has created great pressure to give employees access to their work environment from home. The implementation requires careful planning and the use of secure end devices and protocols in network transmission. Popular
IT security has a lot of catching up to do, digitization is on an insecure foundation. The COVID-19 pandemic will celebrate its second birthday next year. Our everyday life has become more dependent on digital tools and platforms. If you want to rely on the convenience of the digital world, data and communication must not be threatened by weak points. Unfortunately, this is not the case, which is why the annual DeepSec IT security conference will again address threats for companies and authorities this year. Expectations Digitization is largely viewed uncritically as a metaphorical bringer of salvation. It should make work easier, make information more accessible, reduce administration and, in principle, solve or at least reduce problems in every area. The term Artificial Intelligence is often used when promoting the future. In the key
DeepSec 2021 Press Release: Surveillance as Organized Crime – DeepSec Conference Criticizes Pegasus Spy Software as a legal Vacuum
The information published by the Pegasus Project consortium on the systematic abuse of this monitoring software for smartphones clearly shows that rampant surveillance can hardly be distinguished from organized crime. Security experts are increasingly warning against the hoarding of unknown security vulnerabilities by companies that develop espionage products. Information security for society, authorities and the economy are incompatible with the existence of such tools. In addition, they represent a threat to the national security of every country. We can only maintain a real locational advantage for Europe through consistent IT security. Battle for Communication Content Since the first discussions about the availability of strong encryption for private individuals and companies, the security of digital communication has been hotly contested. In the 1990s, the US government wanted to enshrine access to messages and calls from
Communiqué de Presse: Les Environnements de Bureau Modernes : Une Faille dans la Sécurité – La Conférence DeepSec propose des Formations et des Tests pour des Applications Sécurisées
Qu’est-ce qu’une application bureautique moderne a en commun avec un oléoduc en panne ? L’environnement de bureau qui a conduit à la catastrophe. Les interfaces utilisateur graphiques pour l’exploitation des ordinateurs remontent à des recherches menées dans les années 1960 et 1970. À l’époque, on réfléchissait à la manière dont les ordinateurs pourraient aider au mieux les gens. À partir des années 1990, le bureau est devenu un champ de bataille pour la domination du marché. Cela n’a pas changé, mais on retrouve désormais également des aspects liés à la sécurité. Après tout, l’environnement de bureau est souvent la première étape que les pirates informatiques franchissent pour accéder aux trésors numériques d’une entreprise. La conférence annuelle DeepSec propose aux professionnels de la sécurité et aux développeurs un cours intensif de deux jours consacré à la
Press Release: Germany Stipulates Security Gaps by Law – DeepSec Conference Warns: Legal Anchoring of the State Trojans Destroys the Security of the Infrastructure.
People on business trips are accustomed to take precautions against untrustworthy Internet access. Employees have been equipped with Virtual Private Network (VPN) technology in order to have secure access to company resources and internal systems. VPNs are also often used to circumvent the insecurity of the so-called last mile, i.e. the connection between your own computer and the actual systems on the Internet. The law, which was passed in the German Bundestag on June 10th, creates opportunities for the use of so-called State Trojans (term literally translated from the German Staatstrojaner, meaning a malicious piece of software provided and used by authorities). This institutionalizes security gaps so that state Trojans can be installed on end systems. The safe home office is a thing of the past. Comprehensive surveillance through digital intrusions The alterations to
Communiqué de Presse: Menaces Actuelles sur les Réseaux Mobiles – La Conférence DeepSec sur la Sécurité propose une Formation à L’utilisation des Technologies Mobiles Actuelles
En 40 ans, la technologie des communications mobiles a connu un véritable essor. La disponibilité, la stabilité et les débits de données ont considérablement augmenté par rapport aux origines des réseaux 1G/2G. En revanche, la recherche sur la sécurité dans ce domaine n’a pas connu un succès comparable. Il existe encore des faiblesses et des lacunes en matière de sécurité de l’information. En 2007, la première conférence DeepSec a exposé les faiblesses du chiffrement A5. La conférence de cette année proposera donc à nouveau un atelier de deux jours sur la sécurité des technologies actuelles de communication mobile. La base de la société de communication De nombreuses commodités de la vie moderne seraient inconcevables sans les réseaux mobiles. L’Internet est presque toujours à notre disposition. La communication est également très facile en dehors des
Communiqué de Presse: Attaques « low-tech »: Infrastructures Critiques mal Sécurisées – Les Attaques contre Colonial Pipeline reposaient sur des outils d’accès standard
En mai, l’entreprise américaine Colonial Pipeline a été victime d’une attaque par ransomware. Après de tels événements, il y a toujours une demande en sécurité accrue et en nouvelles mesures. Pourtant, l’analyse de ces attaques révèle souvent des lacunes dans la sécurité de base. Il n’est souvent pas nécessaire d’utiliser des outils compliqués et sophistiqués pour cibler des infrastructures critiques. Les attaquants aiment utiliser des outils standards, disponibles partout, pour éviter d’être détectés. Ceci est rendu possible par une sécurité de base insuffisante. Un camouflage adapté Pour défendre ses propres systèmes et réseaux, il est nécessaire de connaître en profondeur les particularités de son infrastructure. Les groupes organisés qui ciblent les entreprises recherchent exactement ce qu’utilise la cible avant d’attaquer. Suite à cette phase de planification, ils utilisent seulement des outils que la victime
Press Release: Modern Desktops as a Security Hole – DeepSec Conference offers Trainings and Tests for Secure Applications
What do a modern office application and a fancy oil pipeline have in common? A desktop that led to disaster. Graphical interfaces for operating computers go back to research in the 1960s and 1970s. At that time people thought about how computers can best support people. By the 1990s at the latest, the desktop became a battleground for market dominance. That has stayed the same, only there are additional security aspects. After all, the desktop is often the first step from an attacker to a company’s digital treasures. The annual DeepSec conference offers security experts and developers a two-day crash course on desktop security. No attack without interaction Many successful attacks on companies or infrastructure depend on cooperation with the victims. Malware is executed using tricks and only then does it compromise the system.
Press Release: Current Threats in Cellular Networks – DeepSec Security Conference offers Security Training in dealing with Current Cellular Technology
In the past 40 years, cellular technology has achieved a veritable triumph. Availability, stability and data rates have increased significantly compared to the origins of 1G / 2G networks. The enthusiasm for security research in this area is not quite as enthusiastic. There are still weak points and tradeoffs in information security. At the first DeepSec conference in 2007, the weaknesses of A5 encryption were revealed. This year’s conference therefore again offers a two-day workshop on the security of current cellular technology. Basis of the communication society Many of the conveniences of modern life are inconceivable without cellular networks. The internet is almost always available. Communication is very easy even outside of cities, during leisure activities or when going for a walk, reception is of course required. The evolution of the technological generations up
Press Release: Low-tech Attacks. Critical Infrastructure poorly secured – Attacks against Colonial Pipeline used Standard Access Tools
In May, the operator of the US Colonial Pipeline was the victim of a ransomware attack. After such reports, calls for better security and additional measures are always loud. In fact, analyzes of these attacks often reveal deficiencies in basic security. Often it is not even necessary to use complicated and sophisticated tools to attack critical infrastructure. Attackers like to use standard tools that are available everywhere so as not to attract attention. The lack of basic security makes it possible. Custom camouflage When defending your own systems and networks, it is necessary to know exactly what the infrastructure is like. Organized groups that attack companies research exactly what is being used at the target before the attack. According to this planning phase, only tools are used that are plausible to the victim and
DeepSec 2021: A lack of software security paralyzes the economy in times of crisis – visit DeepSec 2021 to train your developers
In every crisis, one’s own infrastructure and logistics are put to serious tests. The COVID-19 pandemic illustrates this particularly drastically through the many structural failures in the past 12 months. They try to solve biological problems with smartphones, favor dead-end technologies such as blockchain, discover the lack of network expansion in recent decades and then panic and publish software applications that are only subjected to serious tests after they have been published. All these quick fixes are snapshots of a lack of sustainability. But the economy is dependent on stable solutions based on many years of experience, especially now. In November 2021, the DeepSec conference would like to give support to everyone who works with software through trainings and the transfer of experience from security researchers. Code rules the World The word digitization is