Lectures on Information Security
It’s time for an editorial to end our premature Covid-19 induced Summer break. We (as in the staff behind DeepSec/DeepINTEL) were busy with projects, preparations, following the news about the pandemic, and collecting information for our event(s) in November. Personally I have been involved in teaching for decades. The past months have shifted the focus heavily on virtual presences in the form of teleconferences. Keeping hundreds of students busy while explaining how operating systems work and how secure code looks tends to take up some of your time. Good network connections and decent hardware helped a lot, but there are a couple of problems with conveying content, concepts, and ideas. Let me show you what I mean.
Getting good tutorials is hard. The new agile way of computer science is to ditch good documentation in favour of quickly created code, or so it seems after wading through endless piles of markup/-down, incomplete README files, forum discussions, and fragments of manuals. Since my background is physics I started with published lectures in the library. Lecture in written form, ideally as published books, take a lot of knowledge and a lot of work. It has a lot to do with security/penetration testing where you retrace your steps, review the documentation of the attacks and scans, put everything into a sensible form, and write summaries of what has been seen and what should be done about it. The process is similar to teaching. Going back to the wonderful world of apps and source repositories the picture turns into dependency hell, bad examples, unfinished projects, and, again, missing tutorials on how to do things right. If you spent more time tormenting search engines than thinking about problems and implementations, then something is wrong.
A couple of years ago we started to collect articles for the DeepSec Chronicles. Stefan Schumacher and me wanted to address the problem of unstructured content. Good presentations are helpful, but the typical talk with slides depends on the spoken word, the gestures, the facial expressions, and interaction with the audience. If you ever watched recorded presentations you will notice that something is missing. Thus we collect articles for the DeepSec Chronicles. The intention is to have information in a form that is meant to be consumed after the conference. This is radically different from putting a video of the talk online and converting the slides to PDF. An article is more difficult to produce, because you cannot explain anything to the reader. There is no voice over. Furthermore you have to prepare the examples in more detail. Reading requires more information in higher quality. Every time I research a question of code, use of a tool, constructs of a programming language, or security controls and end up in forums discussions and badly written „torturials“ I see a confirmation of why collecting well-written articles (and helping other to create them) is something we should do more often.
This brings me to our still open Call for Papers for DeepSec, DeepINTEL, and ROOTS 2020. It is not a Call for Presentations. It’s definitely a Call for Content. We have had a lot of highly talented speakers in the past year (right to the first DeepSec in 2007). If you are working on something and want to get the word out, we would like to help you. Year by year we have taken steps increase the value of the research presented at DeepSec. The DeepSec Chronicles are one step further, as is the Reversing and Offensive-oriented Trends Symposium (ROOTS). Our scholarship program to support researchers is another piece of the puzzle. Mentoring to actively help creating solid results is our project for the future.
So if you have some interesting stuff you want to talk about, let’s hear it. You are encouraged to submit your research to the DeepSec Chronicles. The Internet does not need more broken links and buggy example code.