DeepSec Scuttlebutt: Fun with Fuzzing, LLMs, and Backdoors

René Pfeiffer/ July 31, 2023/ Call for Papers, Scuttlebutt

[This is the blog version of our monthly DeepSec Scuttlebutt musings. You can subscribe to the DeepSec Scuttlebug mailing list, if you want to read the content directly in your email client.] Dear readers, the Summer temperatures are rising. The year 2023 features the highest measured temperatures in measurement history. This is no surprise. The models predicting what we see and feel now have been created in the 1970s by Exxon. So far, the model has been quite accurate. What has this to do with information security? Well, infosec also uses models for attack and defence, too. The principles of information security has stayed the same, despite the various trends. These are the building blocks of our security models. They can be adapted, but the overall principles have little changed from two-hosts-networks to the

Read More

Nuclear powered Air-Planes, Hashcash, and the AI Revolution

René Pfeiffer/ April 28, 2023/ Scuttlebutt

[This article is part of the monthly publication on our scuttlebutt mailing list. Not all the scuttlebutt messages are published on our blog. You are encouraged to subscribe to our mailing list.] Dear readers, the world of information technology and information security is driven by trends. This is very similar to the fashion industry or other aspects of our society. However, the impact on all of us is much bigger when a trend shifts the attention of the whole IT industry. Let me give you an example from the world of physics. During my time at the university, I read two books with anecdotes from the life of Richard Feynman. In the context of his work at the Manhattan Project, he told the story that someone from the US government asked him about the

Read More

Scuttlebutt – Musings about the Energy Cost of Information Security

René Pfeiffer/ September 16, 2022/ Conference, Discussion, High Entropy, Scuttlebutt

[Of course, this is the August 2022 article from the DeepSec Scuttlebutt mailing list. We publish the postings one month later on our blog. For timely scuttlebutt, please subscribe to the mailing list.] Dear readers, the Summer is burning Europe and other parts of the world. The climate is changing and poses the biggest challenge to all aspects of our society. And this is without other man-made catastrophes, such as war, lack of raw materials, logistics, health protection, and many more trouble spots. DeepSec is about information security, so I will stick to the digital parts of the story. There are already too much “experts” on social media. No need to add more. Have you ever wondered what amount of energy is used for digital security measures? Have you ever tried an estimate? I

Read More

NFTs, AI, and more trend technologies

René Pfeiffer/ February 13, 2022/ Scuttlebutt

[The scuttlebutt news are also available via the DeepSec scuttlebutt mailing list. This posting was sent to the list on 10 February 2022.] Dear readers, February is a week old. Even though it is still Winter, we do not hibernate. We currently work on our call for papers and the locations for this year’s events. Following the IT news these days is no helping with selecting interesting topics. Information technology has taken a steep turn into the past. Reading product information has more in common with fantasy novels than with hard facts. Magic is hard at work given the many wonderful features modern applications may or may not have. Code based on the blockchain is getting a lot of news coverage. DeepSec deliberately did not include content this technology in our past conferences. Mentioning

Read More

Blockchain, bad data, and bad code

René Pfeiffer/ February 10, 2022/ Scuttlebutt, Security

[The scuttlebutt news are also available via the DeepSec scuttlebutt mailing list. This posting was sent to the list on 11 January 2022.] Dear readers, the pandemic is still not over. 2022 greets us with a new variant of SARS-CoV-2. I hope all of you stay safe and stay healthy. The organisation of DeepSec events continues. The wonderful world of IT has plenty of topics to research and check for security vulnerabilities. There is one issue I would like to describe in some more depth. DeepSec itself and parts of its staff and helpers have strong ties to cryptography. We supported the Crypto Party events in Vienna back in 2012. Back then, Bitcoin (₿) was three years old. It was regarded as a curiosity. For us, crypto still means cryptography. We considered accepting Bitcoin

Read More

Scuttlebutt – Summer in the city, reviews, and more security content

René Pfeiffer/ August 22, 2021/ Scuttlebutt

Dear readers, gossip has been a bit rare in the past weeks. This was because of the intense summer heat here in Vienna. The opposite of the chill factor made working in the hot city extremely difficult. Additionally, we tackled dealing with backend archaeology. A part of our internal application for managing the call for papers, the reviews, and the schedule celebrates its 10th birthday. I like code that runs smoothly despite platform updates, but now is the time for some changes. And no, we do not expose the code to the Internet. You can stop looking for it. 😉 We just finished the major part of reviews of the submissions. It always takes a while, given that we start with the final review in August. Contacting people during Summer adds extra round trip

Read More