1811, 2024

DeepSec 2024 Press Release: Choice of programming language does not determine IT security. NSA warns of memory errors while ignoring the majority of other security vulnerabilities

Sanna/ November 18, 2024/ Press

There are over 900 clearly classified defects in software applications. Some of these are because of memory errors, where code accesses memory areas incorrectly and subsequent errors can lead to crashes or other effects. In 2022, the US National Security Agency (NSA) warned against using the programming languages C and C++ to avoid memory errors. The recommendation is to use other programming languages that prevent these errors. This recommendation ignores reality, as these problems can no longer occur in modern, correct C++ code because of the language specification. Furthermore, the NSA’s proposal ignores existing code that is well tested and ready for production, and much more dangerous defects that are still possible in all programming languages. Modern C++ Bjarne Stroustrup published the C++ programming language back in 1978, and it has continued to evolve

0811, 2024

DeepSec 2024 press release: Sluggish NIS2 implementation as a security risk. DeepSec conference presents remedies against the shock paralysis in companies

Sanna/ November 8, 2024/ Conference, Press

Directive (EU) 2022/2555, abbreviated as the NIS-2 Directive, should strengthen resistance to digital attacks by potential targets in the European Union. Certain companies of a certain size in defined sectors are required to implement the directive. The directive targets critical and important companies. This year’s DeepSec conference, together with sematicon AG, will present a practical approach to implementation. Checklists and metrics are not enough Implementing security measures always requires a certain amount of preparation. A good deal of already fail at this first hurdle, because the exact knowledge of your own network and all the devices in it can vary depending on the counting method. Is a control or measuring device just a device or a full computer with operating systems? The classification determines many of the consequences when securing such devices. Correctly categorizing

0810, 2024

DeepSec 2024 Press Release: Industrial Espionage – New old Attacks through Lawful Interception Interfaces

Sanna/ October 8, 2024/ Press

Lawful interception backdoors are exploited by nation states for espionage. The Communications Assistance for Law Enforcement Act (CALEA) passed in 1994 forced telecoms providers and suppliers to equip all relevant components with backdoors that allow the recording of transported metadata and data. For over 30 years, information security experts have warned against the misuse of these accesses. The US-American telecommunication companies AT&T and Verizon have recently been the victims of an attack. The trail leads to China. Because of the legal abolition of security in networked systems, the attack comes as no surprise. The DeepSec conference therefore repeats its annual warning against deliberate weakening of information security. Fear of digitalisation CALEA began because the Federal Bureau of Investigation (FBI) was afraid of the failure of the interception technology of the time because of the

2409, 2024

DeepSec 2024 Press Release: Manipulation on Social Media is dangerous for Democracies

Sanna/ September 24, 2024/ Conference, Press

DeepSec conference publishes schedule and focuses on disinformation algorithms The original purpose of introducing Social Media was to provide individuals with a platform for expressing their own views. However, its increasing popularity has led to a creeping appropriation. Texts generated by algorithms, robot farms and dubious decisions by platform operators have turned social media into a hotbed of disinformation. The casual click on share, like buttons or the insertion of arbitrary comments, creates efficiency in mass manipulation. Political commentator Randahl Fink will analyse these practices at the opening of the DeepSec conference. Information and disinformation Most people think of technical implementations when they hear the terms information technology (IT) or information security. Of course, the foundation comprises networks, server systems, storage media and connections to the Internet. In addition, there are many end devices

0906, 2024

DeepSec 2024 Press Release: State Attacks on Information Security continue unabated. End-to-end Encryption remains an important and threatened Component of Security.

Sanna/ June 9, 2024/ Press

The introduction of strong encryption has repeatedly led to disputes with authorities and the government in the past. Whether it’s mobile networks, email systems, messengers or the World Wide Web, every iteration of the technical protocols requires backdoors that jeopardise the entire communications infrastructure. The DeepSec conference warns against opening the door to espionage. Secure or insecure, that is the Question Encryption inevitably has to do with mathematics, and the algorithms used in encryption technologies almost always originate from mathematical research. There are ready-made and well-tested components for IT infrastructures that are freely available. The critical point in securing communication is always to prevent messages from being intercepted. The only way to do this is with end-to-end encryption (EE2E). The keys involved remain exclusively with the sender and recipient. All parties involved in forwarding

0406, 2024

DeepSec 2024 Press Release: The limits of ‘AI’ language models lie in security. DeepSec warns: ‘AI’ language models generate content and override authorisations

Sanna/ June 4, 2024/ Conference, Press

Language model algorithms, also known as generative artificial intelligence, continue to celebrate their supposed triumphant advance through many media platforms. Security researchers have analysed the products and revealed a number of weaknesses in the ‘AI’ applications. This year’s DeepSec conference is dedicated to the threats posed by ‘AI’ learning models that use incomplete restrictions to analyse public and sensitive data. Large Language Models (LLMs) as Auto-Completion The technical description of the many ‘artificial intelligence’ (‘AI’) products on the market is impressive. In simple terms, the concept behind the advertising campaigns consists of algorithms that copy as much data as possible, break it down and then recombine it to provide answers to any questions. The learning process when creating the language model is not initially monitored or moderated. Only in later phases does

2009, 2023

DeepSec 2023 Press Release: Digitalisation Requires More Than Just Technology – DeepSec Conference Combines Digitalisation With IT Security Trainings

Sanna/ September 20, 2023/ Conference, Press

Digitalisation is a great opportunity and has arrived in all areas of society. However, there is more to it than using digital data and computer systems. Processes and ways of working need to be adapted. In addition, information security must be considered throughout, from design to implementation. The DeepSec conference again has extensive training on this topic in its programme. Digitalisation generates opportunities and markets The basic idea of digitalised processes in companies and administration is simplification through the use of IT infrastructure. Data is more easily available. Documents can be searched and found more easily. This also means that more information is available in digital form. The opportunities and markets generated by this are not all legal. In 2022, data from one billion Chinese nationals was copied. In 2018, the Indian government reported

3008, 2023

DeepSec 2023 Press Release: Language Models do no cognitive Work –

Sanna/ August 30, 2023/ Conference, Press

The term Artificial intelligence (AI) is in the media, but it consists only of language simulations. If one follows the logic of the products currently offered under the AI label, we could easily remedy the shortage of skilled workers in the information technology sector. Take random people and let them consume tutorials, code examples, training videos and other documents related to the field of application for a few months. After this learning phase, skilled workers would automatically be available. TThe DeepSec conference is asking why there is still a lack of qualified personnel in IT. Algorithmically, the problem already seems to have been solved. Large Language Models (LLMs) and AI The so-called generative AI, which is now on everyone’s lips, is mathematically assigned to the research field of artificial intelligence. GPT, LLaMa, LaMDA or

3008, 2023

DeepSec 2023 Press Release: DeepSec 2023 publishes Programme – This year’s conference focuses on language models and infrastructure

Sanna/ August 30, 2023/ Conference, Press

Everyone is discussing Artificial Intelligence language models that have vast amounts of learning data. Language models are supposed to revolutionise information technology overnight, but their first applications are actually digital attacks. TThe current state of deep fake detection, social engineering attacks, and security incident response benefits will be highlighted at the DeepSec security conference this year. Of course, there are many more presentations that are indispensable for digital defence. Language models do not think, they forge Attacks through phishing emails and social engineering bypass technical measures through communication. By imitating victims’ language, attackers try to get them to support the attack with their own actions. Artificial persuasion is the speciality of AI language models, as they are designed to simulate conversation. Alexander Hurbean discusses which tools are available for these attacks and how

2404, 2023

#DeepSec Press Release: IT Security Has A Deficit In Defence

Sanna/ April 24, 2023/ Press, Security

[DeepSec traditionally leans more on the defence side of things. So we published this article.] Many people are now aware of the importance of information security, but how to operate secure systems is often not obvious. The reason lies in the deficit of real defence measures. This may sound paradoxical, but many products on the market deal with the activities after a successful attack. The prevention of attacks is mostly ignored. This year’s DeepSec conference therefore wants to provide some tuition in digital defence measures. Fire extinguishers instead of fire protection A simple scenario will serve as an illustration. Imagine that a company accumulates flammable material in its offices for historical reasons. Grown procedures lead to the fact that more and more hazardous materials are distributed throughout the premises. There is plenty of space.

0203, 2023

Press Release: A 40-year Step Backwards for Secure Communication

Sanna/ March 2, 2023/ Press

The UK government’s Online Safety Bill wants to set back the state-of-the art for secure communication 40 years backwards. The proposal includes compulsory backdoors for communication platforms and will lead modern encryption technologies into complete futility. If implemented, the secure messenger Signal will withdraw from the British market. The law is a serious threat to businesses and represents an unprotected gateway for espionage. “Crypto Wars” – the fight against security Secure communication has been under constant legal attack since it became widespread. The secure exchange of messages is perceived as a threat because, technically, no monitoring of correspondence can be implemented. The encryption software Pretty Good Privacy (PGP) was created in 1991 by Phil Zimmermann. After the code was published on the internet and spread internationally in the following years, Zimmermann became the target

1602, 2023

Press Release: IT World in AI Mania

Sanna/ February 16, 2023/ Development, Legal, Press, Security

Artificial intelligence (AI) is on everyone’s lips, but its results fall short of all expectations. Wouldn’t it be nice if computers could effortlessly give meaningful results to all kinds of questions from all kinds of unstructured data collections? Periodically, algorithms that do incredible things are celebrated in information technology. At the moment, it is the turn of artificial intelligence algorithms. Search engines are retrofitting AI. But the supposed product is far from real cognitive performance. Many open questions remain. History of Algorithms The first experts to work with algorithms to emulate human thought processes came from the fields of mathematics and philosophy. They wanted to formalise analytical thinking from the subfield of logic and describe it in models. In the 1950s, the algorithms were implemented on the computers that were emerging at the time.

0211, 2022

DeepSec Press Release: Analysis IT Security – DeepSec conference offers rich education for digital defence

Sanna/ November 2, 2022/ Conference, Press

Defending one’s digital infrastructure has never been more important. The fundamental problem of many defensive structures is the lack of an overview. Penetration tests help little if you don’t know exactly how your systems are connected to the rest of the world. This year’s DeepSec security conference offers rich support and content to sustainably increase one’s own security. On board is our supporter, the company NVISO, focusing specially on companies and organisations in critical areas. Security landscape requires collaboration Modern information technology is based on complex and extensive architectures. How do you determine the state of your own security? Many companies are not familiar with the different approaches of testing methods. The term “penetration test” has already entered the minds of many, but what findings and facts are obtained during such tests is often

0709, 2022

Press Release: Attacks On IT Through Desktop And Mobile Devices

Sanna/ September 7, 2022/ Press

DeepSec conference focuses on everyday devices as a risk for corporate IT. Attacks on the digital infrastructure of companies, authorities and organizations are often staged as a cinema spectacle in the reporting. Unfortunately the opposite is the case. A burglary in digital infrastructure happens without any broken glass or smashed doors. Attackers can only be successful if superficially everything continues as before. They don’t come through the windows or the underground car park, but via everyday applications on the desktop or smartphone. This year’s DeepSec security conference is therefore trying to sharpen the view on everyday life in the office and at the workplace. Two-day training sessions are offered focusing on workplace hazards, as well as two days of lectures to bring you up to speed. War for the desktop and personal devices Few

0308, 2022

Press Release: Spy Tools must not become Standard Software

Sanna/ August 3, 2022/ Press

DeepSec security conference warns of the growing market for spy tools. Information technology has gained a new acronym: Private-Sector Offensive Actor (PSOA). PSOA means something like a private-sector offensive opponent. The specific case of a PSOA has also reached Austria because of research by Microsoft®. An Austrian company is accused of being involved in digital attacks on Microsoft® customers in Europe and Central America. The case illustrates that spyware continues to be developed and used as a dangerous threat to information security. The DeepSec security conference taking place in November repeatedly warns against such technology and will deal specifically with the details of industrial espionage. Threatening security as a business model Bypassing security measures is a lucrative business model. Companies are active in this field all over the world. Some buy knowledge of security

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: