DeepSec 2021 Press Release: DeepSec and DeepINTEL Publish Conference Program
IT security has a lot of catching up to do, digitization is on an insecure foundation.
The COVID-19 pandemic will celebrate its second birthday next year. Our everyday life has become more dependent on digital tools and platforms. If you want to rely on the convenience of the digital world, data and communication must not be threatened by weak points. Unfortunately, this is not the case, which is why the annual DeepSec IT security conference will again address threats for companies and authorities this year.
Expectations
Digitization is largely viewed uncritically as a metaphorical bringer of salvation. It should make work easier, make information more accessible, reduce administration and, in principle, solve or at least reduce problems in every area. The term Artificial Intelligence is often used when promoting the future. In the key note Univ. Prof. Mag. Dr. Gabriele Kotsis takes up this topic and compares the results of the last 30 years of research with the current status. It is not only about the technical contribution, but also about the importance for the use of computers and the consequences for society.
The development of a capable team that has to face the dangers of IT security will be discussed in a lecture by Dr. Matthieu J. Guitton (CERVO Research Center, University of Québec). The advancing digitization requires the constant expansion of experts in this area. How can you put together and maintain a suitable team that works smoothly in every size? The focus will be on both a technical level and even more on a human level. In critical moments, personal interactions in particular determine success or failure.
Attacks from within by Trojan horses
In recent years there have been repeated calls for back doors and government malware on computers and smartphones. Andre Meister, investigative journalist from netzpolitik.org, will present the state of affairs in the attack on IT security through these measures. He has been working intensively on this topic for years. The use of such interventions has far-reaching consequences, as the scandal surrounding the espionage software Pegasus from the NSO Group has shown. If the digital infrastructure is to be a solid foundation for the future, then it must not have any predetermined breaking points. Especially in view of industrial espionage and the safeguarding of critical infrastructure, no weak points may be artificially introduced. Malware will be discussed in other lectures under other aspects.
Virtual meetings and single break-in
How well are companies prepared against attacks? Prof. Andreas Mayer from Heilbronn University examined 623 shareholder meetings worldwide that took place virtually due to COVID-19 precautions. 72% of all gatherings had at least one violation of the CIA (Confidentiality, Integrity, Availability) triad of protection goals. The voting platforms that are used for decisions at this events are particularly affected. They allow manipulations to be carried out that can have far-reaching consequences for companies.
Single Sign-On (SSO) is a widely used technology in organizations and companies. Attacking and securing SSO systems is a topic of one of the workshops offered. This course is specially designed for those responsible in companies which provide a more complex structure of applications. The protocols for implementing uniform logins are analyzed in this training so that participants can get to know the weaknesses and avoid errors.
Another workshop deals exclusively with attacks on modern desktops. Successful attacks rarely take place via well-secured servers or infrastructure. The weakest link in the chain are the employees’ desktops. These surfaces are the already opened door to the company network. In particular, switching applications to one and the same framework facilitates attacks considerably. For example, Microsoft® Teams, Skype, Bitwarden, Slack and Discord use a specific JavaScript platform. If security gaps have been found in this platform, they apply equally to a whole class of applications.
Networks under the microscope
Further courses deal with the peculiarities of networks. David Burgess offers comprehensive education about threats in mobile networks. Weaknesses in the network standards GSM, UTMS, LTE up to 5GNR are discussed. The target group are users of cellular technology in the fields of journalism, international aid organizations, corporate security and government applications. In view of the proliferation of mobile end devices for communication, knowledge of the dangers, especially when dealing with sensitive information, is very critical. The training deals with details of the radio interface, the network structure, SIM cards and the entire substructure on which smartphones build all their functions.
Network attack detection has been an area of research for over 20 years. The developers of the Intrusion Detection System Suricata explain in their course how to get the maximum amount of information out of the network traffic in real time in complex networks. All attacks use network access at some point. This allows anomalies and compromised systems to be recognized if the network activities in your own infrastructure are properly observed and evaluated. The training includes technical details of implementation and also covers cloud-based infrastructure.
Programs and booking
The DeepSec 2021 conference days are on November 18th and 19th. The DeepSec trainings will take place on the two preceding days, November 16 and 17. All trainings (with a few exceptions) and lectures are intended as face-to-face events, but due to possible future COVID-19 measures, they can take place partially or completely virtually. There will be a stream of lectures for registered participants.
The DeepINTEL Security Intelligence Conference will take place on November 17th. Since this is a closed event, we ask for direct inquiries about the program. We provide strong end-to-end encryption for communication: https://deepsec.net/contact.html
You can order tickets for the DeepSec conference and the trainings online at any time under the link https://deepsec.net/register.html. Sponsor discount codes are available. If you are interested, please contact deepsec@deepsec.net. Please note that we are dependent on timely ticket orders due to the security of planning.