DeepSec Press Release: Internet of Facts and Fear in the Name of IT Security – Bits, Bytes, Security and Geopolitics
(Original press release was published on 29 August 2019 via pressetext.com)
Nobody is an island. This statement is attributed to the English writer John Donne. The sentence became known in the 17th century. In the meantime, this has changed as a result of digitization. The modern version of the statement should read: There are no more islands. Increasing networking is reaching more and more areas of everyday life and society. So this year’s DeepSec In-Depth Security Conference wants to look soberly at the Internet of facts and fear from an information security perspective. Systems are currently less isolated and much more complex than the theory of information security technically allows. The DeepSec conference therefore dedicates its two days of conference and two days of training to current technologies and their vulnerabilities. At the same time, at the DeepINTEL seminar conference, the relationship between geopolitics and IT security will be discussed on the basis of real life events.
Internet of Attacks instead of Things
Once you connect a system to the internet, you will feel it immediately. Worthwhile or vulnerable targets are automatically searched for and attacked. Connecting sensors, devices or actuators (known as “Things” in the Internet of Things) to a network is no different. The lectures at this year’s DeepSec conference seek to connect the different aspects of IT security with this background. Mobile devices have been threatened since their very existence. Modern mobile technologies rely on data. It is therefore no surprise that Luca Melette shows how to attack mobile systems exclusively via the Internet protocol in his presentation. Aleksandr Kolchanov will present how to compromise and mass read certain mobile devices. Lior Yaari shares his experience in the automotive industry. He has analyzed future components of modern cars, components that are not yet on the market, but are already in development. Lior will report on vulnerabilities that may roam our streets in a few years.
Training with Security Experts
Every year DeepSec Conference offers training for security experts to experts of your company. Sharing knowledge is the foundation of every good defense, not just a digital one. Due to the short-lived nature of information technology, one’s own level of knowledge and training is crucial for dealing with attacks and constant networking. The program therefore includes three different workshops dealing with attackers. Xavier Mertens teaches solving threats with open source security, using publicly available sources to communicate with and build internal processes. In addition, case studies provide examples of detecting suspicious patterns. Peter Manev and Eric Leblond show in their workshop how to detect attacks and suspicious processes in the network with the Suricata intrusion detection tool. Suricata is easy to use and offers many features. Since both coaches are part of the development team of Suricata, one learns details directly from the source about the internal processes of the software. In addition, participants will practice creating rules in real network traffic. The training is practice-oriented and is aimed at all who need to do network security. Thomas Fischer and Craig Jones show in their workshop how to deal with security incidents and how to find traces of attackers. Here, too, real cases and real examples are used to demonstrate the handling of the right tools.
Technology is not an Island either
Often, when considering security issues, only the technical point of view is considered. But there are external factors in information technology, as in other areas, that set specific framework conditions. A prominent example is the, since the 1990s, ever-recurring discussion about backdoors in digital systems and communication networks. What started with mobile and email encryption is now continuing with 5G, Messenger and software development. The Australian government passed a law in 2018 that can force tech companies to incorporate backdoors into their products. These predetermined breaking points will also be used by attackers in the future. The mathematics of encryption is relentless when it comes to security. Either you have secure communication or you do not have it. The current trade wars affect the IT world with long lasting impact and set the course for the implementation of new technologies in the next few years. That is why this year’s DeepSec and DeepINTEL will examine the interactions of information security with geopolitical issues. The lectures of both events were chosen from this perspective. Among other things, ways and means of attack, the classification of goals and the conditions for the use of security measures are discussed. We strongly recommend that security officers broaden their horizons in order to incorporate these aspects.
Programs and Booking
The DeepSec 2019 conference takes place on 28 and 29 November,
the DeepSec trainings on the two previous days, the 26th and 27th of November.
The DeepINTEL conference will take place on November 27th.
We will gladly send you the program upon request to deepsec@deepsec.net.
Tickets are available on the website https://deepintel.net/.
The venue for DeepSec and DeepINTEL is The Imperial Riding School Vienna – A Renaissance Hotel, Ungargasse 60, 1030 Vienna.
The program of the DeepSec conference is available at https://deepsec.net/schedule.html.
The DeepINTEL program will be provided upon request because DeepINTEL is a non-public conference.Tickets for the DeepSec conference as well as for the DeepINTEL event and DeepSec trainings can be ordered at any time at https://deepsec.net/register.html.