2012, 2012

DeepSec 2012 Articles and Slides

René Pfeiffer/ December 20, 2012/ Conference, Press

We have collected links to articles covering DeepSec 2012. If we missed one, please let us know. Arron Finnon’s Report on the DeepSEC Conference “Breaking SAP Portal” by Alexander Polyakov DeepSec 2012: Insecurity? It’s just a matter of time (in German) DeepSec 2012: IT-Sicherheitskonferenz in Wien (in German) DeepSec 2012: Services of cyber crime and cyber weapons in the Cloud (in German) DeepSec 2012: Wargames in the Fifth Domain (in German) DeepSec 2012: When I Grow up I want to be a Cyberterrorist (in German) “Malware Analysis on a shoestring budget” commented by Michael Boman The Evolution of e-Money (by Jon Matonis) SAP Slapping (by Dave Hartley) Sicherheitschecks von iPhone-Apps für fast jeden möglich (in German) Übernahme des Hypervisors über ein Gastsystem (in German) The slides of DeepSec 2012 can be found for download

Read More

2008, 2012

Wireless (Wi-Fi) Security Interview

René Pfeiffer/ August 20, 2012/ Discussion, Press, Security, Stories

Today we had a visit from an Austrian television crew to answer some short questions about wireless security. It’s too bad that journalists always look for „hackers“ who „hack something“. While we had no idea what they were talking about, we delivered a short summary of wireless security. For most of you this is old news, but for a broad audience in front of TV sets it’s still a mystery. Usually no one really know what the difference between WPA and WPA2 is. In addition you have WEP and WPS, in-depth you have TKIP and AES, too. All of this sounds pretty intimidating. If you add some cinematic scenes, you can imagine the hero (or evil villain) discovering a wireless network, pressing some keys and gaining access mere seconds later. Defences have been breached,

Read More

2411, 2011

DeepSec 2011 – Video Interviews

René Pfeiffer/ November 24, 2011/ Press

A video team from Golem, one of Germany’s largest IT news web sites, did some interviews at DeepSec 2011. We already mentioned the interview with Sharon Conheady and Stefan Schumacher. There’s a new video available. It’s an interview with Constantinos Patsakis about the security and the automotive industry. Modern cars rely heavily on computer systems and data buses, but they lack mechanisms to control access to different components by different users. Constantinos and Kleanthis Dellios discussed this problem in their talk at DeepSec 2011 and suggested solutions to this problem. Watch the video and listen to the interview. Video: Interview C. Patsakis Sicherheit in Autos (3:08) Harald Welte, who conducted the „Attacking GSM“ training with Dieter Spaar at DeepSec 2011, gave an interview about the state of security in the GSM network. Video: Interview Harald

Read More

2211, 2011

Articles about DeepSec 2011

René Pfeiffer/ November 22, 2011/ Conference, Press

We have some more articles for you. Apparently the talks of our speakers raised a few eyebrows. Most of the articles are in German. Dradio: Das sichere Auto ist ein Mythos Interview with Mariann Unterluggauer about impressions from DeepSec 2011 and the myth of automobile security. Dradio: Nur scheinbare Datensicherheit This is a second article published on the Deutschlandfunk web site features Duncan’s talk and bugs in security software. Ö1: Können Hacker Autos fernsteuern? „Can hackers remotely control cars?“ Well, given the current design and lack of security they probably will do so in time for DeepSec 2012. Ö1: Make Cyberpeace, not Cyberwar. Ein Bericht von der DeepSec The topic of cyber warfare is still hot. Wie Terroristen verschlüsseln – Digitale Spuren kaum verwischt The Neuer Zürcher Zeitung (NZZ) has a comment about Duncan’s

Read More

1811, 2011

First Press Coverage of DeepSec 2011

René Pfeiffer/ November 18, 2011/ Conference, Press

The first articles about DeepSec 2011 are online. Most of them are in German, so you might want to use Google Translate for it. In addition Golem will publish video interviews with selected speakers soon (we will tell you as soon as they are available). Wie Terroristen verschlüsseln Duncan Campbell talks about encryption and compares it to the real world. There have been a lot of rumours about terrorist groups using modern encryption. The reality looks a bit different. Tools like PGP are around, but some groups still rely on substitution and transposition ciphers. Managing keys of modern cryptography and handling the tools isn’t as easy as changing clothes. Procedures, procedures, procedures, ask the auditors. Das Streben nach dem Cyber-Weltfrieden Stefan Schumacher illustrates the concept of cyber-peace described in his talk yesterday. Everyone invests

Read More

0311, 2011

DeepSec 2011: Techniques de cryptage des cellules terroristes, espionnage GSM, piratage informatique

René Pfeiffer/ November 3, 2011/ Press

Du 15 au 18 novembre 2011, la cinquième édition de la conférence DeepSec réunira les plus grands spécialistes internationaux  de la sécurité des réseaux et du piratage autour du thème de la sécurité informatique. Les principaux sujets abordés: techniques de cryptage des cellules terroristes, sécurité des systèmes de communication mobiles et de leurs utilisateurs et enfin, infrastructures de sécurité de la prochaine génération numérique. “Nous avons voulu, cette année encore, aborder des thématiques passionnantes et sujettes à controverse. Les sept workshops et les trente-quatre interventions de la conférence concernent directement ou indirectement une grande partie de la population” explique René Pfeiffer, organisateur du DeepSec. “C’est le cas notamment des tentatives de piratage constatées sur les réseaux GSM. C’est également le cas des problèmes de sécurité rencontrés sur IPv6 (Internet Protocol version 6), un protocole

Read More

1910, 2011

Press Release: From Car to „Zombie“ – Data-driven Attacks on Automobiles

DeepSec Organisation/ October 19, 2011/ Press

Data-driven Attacks on Automobiles Security conference DeepSec broaches the issue of automobile security  Vienna – Hacking attacks on cars sound like something out of a Hollywood blockbuster. However, they’re possible today and pose a real threat for individuals and the automotive industry. The international security conference DeepSec, which takes place between the 15th and 18th of November 2011 chose the security of mobile phones, cars and their users as central topics for this year’s conference. „As in the years before we want to present exciting and controversial topics which concern not only experts, but most of us directly or indirectly in 7 workshops and 34 talks.The liability of modern cars to attacks is on of our topics.” says René Pfeiffer, organiser of DeepSec. “DeepSec acts as neutral platform to connect the hacker-community with IT

Read More

2209, 2011

Press Release: How Terrorists encrypt, tenuous Security Situations concerning GSM Networks and IPv6 under Attack

René Pfeiffer/ September 22, 2011/ Press

Press release: From the 15th until the 18th of November international IT-security experts and hackers will meet again in Vienna, Austria, to discuss strategic security topics. The schedule is confirmed: At this year’s international IT-security conference DeepSec, the main focus lies on strategic security topics.  DeepSec 2011 takes place from the 15th-18th of November, it’ll be the 5th time that world’s elite in network-security and hacking comes together. Encryption techniques used by terrorists, secure use of mobile devices and the security awareness of their users as well as future security-infrastructures are main topics of this year’s DeepSec.  “As in the years before we want to present exciting and controversial topics which concern not only experts, but most of us directly or indirectly in 7 workshops and 34 talks.” says René Pfeiffer, organiser of DeepSec.

Read More

0707, 2011

SecInt: Radar for Anti-Security Movement

René Pfeiffer/ July 7, 2011/ High Entropy, Press, Security

We have been talking to some journalists in the past weeks. Most questions revolved around the rise in attacks against well-known web sites and their companies (or vice versa). Jeffrey Carr has published a good source for an overview of Anti-Security groups. If you are looking what to put on your radar, his article might be a good start. Security intelligence is gathering importance. Make sure that you don’t drown in tools or gadgets, and that you don’t neglect your strategic view. Quite a lot of people are confused by the many reports of incidents, „lulz“, „LOLs“, scanty slogans when it comes to motivations of attackers, damage reports, panic and media mind disruption (always remember: anonymous ≠ Anonymous). Currently we’re working on material to put the threats into perspective. It’s hard to distinguish the

Read More

0605, 2011

Article about White and Black Hats in Wiener Zeitung

René Pfeiffer/ May 6, 2011/ Press

Christoph Rella, a journalist who has been at past DeepSec conferences made telephone interviews with MiKa and me. He explored the difference between White Hats and Black Hats along with the motivations of hackers. He was interested in getting to know the reasons why the stereotype of the nice IT guy turns criminal. We think the motivations are vastly different, money being among them. Mr. Rella published a summary in an article for the Wiener Zeitung (in German).

2711, 2010

Press Conference – Impressions and Links

René Pfeiffer/ November 27, 2010/ Press

We’ve got some news from yesterday’s press conference with Ivan Ristić (Qualys), Sharon Conheady (First Defence Information Security Ltd.) and Harald Welte (hmw-consulting) followed by a seven interviews with speakers was a great success. The spirit of DeepSec – bringing people (security experts and journalists in this case) together to talk to each other – was felt every second. Here are the first links to coverage in German media: “Unverschlüsselte Internet-Kommunikation ist fahrlässig” Deepsec 2010: Sicherheitskonferenz im Zeichen mobiler Systeme DeepSec: Faktor Mensch als Sicherheitslücke DeepSec 2010: Interview mit Sharon Conheady zum Thema Social Engineering Krieg von der Couch

2011, 2010

DeepSec: Mobile Radio Networks as Targets for Virtual Warfare

René Pfeiffer/ November 20, 2010/ Press

Vienna – The times when a mobile phone was used solely to make calls are long gone, now it’s all about making pictures and surfing the Internet. The groundbreaking success of the iPhone is just one example for the fact that mobile phones have long since outgrown their original use. Youths and adults use them every day  to get information about recent news, the weather or navigation for a future trip with the car. Having the new all-purpose information device by the hand has become a habit. But what happens if criminals or assassins attack the mobile phone network? Cyber War: Public Life in the Crosshairs “The GSM radio network is used by more than 200 countries and holds many spectacular flaws which we want to illustrate.”, explains René Pfeiffer, organiser of the international

Read More

1711, 2010

DeepSec: Vacance 2.0 – Risque accru de cambriolage lié aux annonces de départ en vacance sur les réseaux sociaux.

René Pfeiffer/ November 17, 2010/ Press

La conférence sur la sécurité informatique met en garde contre les risques liés aux notifications de départ. Au début des vacances de la Toussaint, beaucoup d’allemands ont parlé de leur projet de voyage sur internet , sans se rendre compte du danger d’une telle annonce. Les risques s’accentuent encore avec l’arrivée du nouveau service de localisation «facebook lieux». Les utilisateurs y indiquent, au moyen de leurs portables, le lieu où ils sont afin de tenir leurs contacts au courant. «Au moment des vacances, beaucoup d’entre eux se laissent aller à poster sur un blog, sur twitter ou Facebook. Révéler son lieu de vacance, par exemple sur Facebook Lieux, augmente d’autant les risques d’effraction chez soi» explique René Pfeiffer, organisateur de la conférence DeepSec qui aura lieu du 23 au 26 novembre 2010 à Vienne.

Read More

1211, 2010

Conférence DeepSec: Focus sur la situation précaire de la sécurité du réseau mondial de téléphonie mobile.

René Pfeiffer/ November 12, 2010/ Press

33 interventions et 8 workshops par des experts internationaux en sécurité informatique. La conférence internationale DeepSec sur la sécurité rassemblera à Vienne, du 23 au 26 novembre 2010, l’élite mondiale dans le domaine de la sécurité des réseaux et du hacking. Cette année, l’accent sera porté sur la sécurité des systèmes mobiles et de leurs utilisateurs ainsi que sur l’infrastructure de la prochaine génération. Les sociétés d’informatique et de sécurité, les usagers, les responsables d’administrations, les chercheurs, la communauté hacker se verront à nouveau offrir la chance de participer à une programmation abondante comprenant 33 interventions et 8 workshops. «Nous sommes très heureux de permettre à tant d’experts d’échanger, pour la quatrième fois, leurs expériences et leurs idées autour du thème essentiel de la sécurité des technologies de l’information» nous explique René Pfeiffer, organisateur

Read More

0709, 2010

DeepSec conference focuses on the precarious security situation in the world-wide mobile phone network

René Pfeiffer/ September 7, 2010/ Press

DeepSec 2010 features 33 talks and 8 workshops by international experts Vienna, 31 August 2010. The international security conference DeepSec brings together the world’s elite in network security and hacking in Vienna from 23 to 26 November 2010. This year, the conference focuses on the security of mobile systems and their users, as well as on the next-generation infrastructure. IT and security companies, users, officials, researchers and the hacker community have the opportunity to take part in the conference with 33 talks and 8 workshops scheduled this year. “We are happy to offer for the fourth time so many experts the chance to exchange ideas and experiences on the most important security issues of everyday IT work in our modern days”, says René Pfeiffer, organiser of DeepSec. Live attacks on iPhone through a weak

Read More