[This is the March update from our DeepSec scuttlebutt mailing list. Subscribers received this article already.] Filling a blog with articles is both hard and very easy these days. In theory, information security is more present in the news than ever. In practice, you will find few articles with in-depth content. A few days ago I had a discussion with a friend about the many web pages with the title scheme “n reasons why something is great” or “k ways to do web application filtering”. We both agreed that the title is a definite warning not to read the article. Also, most articles just give you a brief introduction into a topic and suddenly end after a few paragraphs. The term clickbait comes to mind. A lot of publishing systems use fancy techniques to
[Editor’s note: This article was translated before the invasion of Russian troops into Ukraine. It features SWIFT, and the discussed data mining methods still apply regardless of the sanctions.] Data-Mining der CIA in SWIFT-Finanzdaten aus Europa by Erich Moechel for fm4.orf.at Massive financial datasets are constantly being delivered from the EU to the US as part of the TFTP treaty against terrorist financing. The CIA receives this data. The fog is slowly clearing around the huge datasets in which the CIA claims to be data mining. The “foreign financial data platforms” from which the CIA “collects large amounts of structured financial data” to stop ISIS terrorist funding are the databases of payment processor SWIFT. Around 11,000 banks from 200 countries process their payment transactions via the SWIFT system, which currently processes around 40 million
The Russian invasion of Ukraine has put the digital sidelines into the spotlight. The world of cyber is part of conflicts, politics, and military operations. This has become very clear if you look for preparations of the current military actions in Ukraine. Information warfare most likely predates the tanks and missiles by year or even decades. This is not the focus of this article. There have been calls to attack networked targets in order to help. Is this a good idea? Let’s see. Information warfare is one aspect of the digital domain. Then there are sabotage, disrupting networks, exploiting vulnerabilities, getting access to data, and many more aspects. Joining either side of a conflict is usually a bad idea. Everything starts with the targets. Who runs a system you have decided to attack? It’s
Sven Guckes has died. Sven was a constant companion of Free Software events throughout the years. He contributed to Free Software projects in many way. He ceaselessly connected people by organising meetings in restaurants prior to, during, and after conferences. The command line was his home. He helped improve Vim configurations for countless persons and enabled them to use this editor more efficiently. Sven was session chair at past DeepSec conferences. We mourn his loss, and we fondly remember his contribution to transferring knowledge and experience between everyone he connected. Thanks, Sven! Others have published their thoughts about Sven. You can find the texts by using the following links: Remember: Be More Like Sven Sven Juckes passed away Vim-Versteher und Kommandozeilenerklärer: Sven Guckes ist tot (German) Vim 9 will be dedicated to Sven Guckes
We have been busy behind the scenes, as always. The call for papers for DeepSec 2022 is open. We accept submissions for presentations and trainings. This also includes ROOTS 2022 and DeepINTEL 2022. The dates are the same as announced at the closing of DeepSec 2021. DeepSec 2022 Trainings – 15 / 16 November 2022 DeepINTEL 2022 – 16 November 2022 DeepSec 2022 / ROOTS 2022 Conference – 17 / 18 November 2022 We ask all trainers to submit proposals for trainings as early as possible. We will select submitted trainings and publish a preliminary schedule in April. Hope to see you in November!
[The scuttlebutt news are also available via the DeepSec scuttlebutt mailing list. This posting was sent to the list on 10 February 2022.] Dear readers, February is a week old. Even though it is still Winter, we do not hibernate. We currently work on our call for papers and the locations for this year’s events. Following the IT news these days is no helping with selecting interesting topics. Information technology has taken a steep turn into the past. Reading product information has more in common with fantasy novels than with hard facts. Magic is hard at work given the many wonderful features modern applications may or may not have. Code based on the blockchain is getting a lot of news coverage. DeepSec deliberately did not include content this technology in our past conferences. Mentioning
[The scuttlebutt news are also available via the DeepSec scuttlebutt mailing list. This posting was sent to the list on 11 January 2022.] Dear readers, the pandemic is still not over. 2022 greets us with a new variant of SARS-CoV-2. I hope all of you stay safe and stay healthy. The organisation of DeepSec events continues. The wonderful world of IT has plenty of topics to research and check for security vulnerabilities. There is one issue I would like to describe in some more depth. DeepSec itself and parts of its staff and helpers have strong ties to cryptography. We supported the Crypto Party events in Vienna back in 2012. Back then, Bitcoin (₿) was three years old. It was regarded as a curiosity. For us, crypto still means cryptography. We considered accepting Bitcoin
We have been radio-silent for the past weeks, because we had to post-process the conference. The videos of DeepSec 2020 have been completed and uploaded to Vimeo. You can view them in our showcase collection for the event. We hope you can find some quiet moments in the next few days. The slides of the presentations are stored on our web server. We haven’t hidden any Log4Shell emoticons in the documents, so they are safe to view. 😉 Enjoy the holidays! See you next year!
The last week was very exciting, Organising DeepSec and DeepINTEL 2021 right in the middle of changing regulation and travel restrictions was not easy. Both events were in in hybrid form with health protection measures. The pandemic has raised a lot of questions on how scientific research impacts government, politics, and society. One of our main concerns is to put scientific methods back into information security. While nobody dies or contracts a disease when information security fails, there are parallels between warnings of experts and the lack of adequate means to protect the population. We have some dates for your calendar. Please make a note and set your alarm for our events next year: DeepSec IT & Law Convention – 26 April 2022 DeepSec 2022 Trainings – 15/16 November 2022 DeepSec 2022 Conference –
Talk “Analyzing Radicalization on the Internet – Method and Results of the COMRAD-Project” moved to 19 November 2021 16:50
The presentation „Analyzing Radicalization on the Internet – Method and Results of the COMRAD-Project“ has been from today moved to 19 November 2021 at 16:50. The presentation has not been cancelled. We had to move the talk because of a collision and technical problems.
You can find the live streams of DeepSec 2021 by using the following links: DeepSec 2021 Arabella Track DeepSec 2021 Boheme Track The streams also feature a live chat if you want to comment on the presentations.
DeepSec 2021 Talk: Analyzing Radicalization on the Internet – Method and Results of the COMRAD-Project – Dr. Andreas Enzminger & Dr. Jürgen Grimm
Incitement, radicalization, and terror are the buzzwords that currently concern us the most. Right-wing and left-wing extremist groups or religious fundamentalists act as fire accelerators for extremist tendencies, even leading to the use of political violence. In this way, they can also endanger the value-based foundations of democracy in the medium and long term. Although much discussed, the role of the media, especially social media, in radicalization within society remains conceptually and empirically unclear. While there are several case analyses based on violent events, systematic studies have yet to be conducted. To fill this gap, the COMRAD project is dedicated to researching radicalization tendencies in cyberspace, focusing on psychosocial, ideological, and communicative conditioning factors. The focus is on the “open space” of politically left-wing, right-wing, or Islamic Facebook groups, in which recruitment strategies and
DeepSec2021 Talk: QKD-based Security for 5G and Next Generation Networks – Sergiy Gnatyuk, PhD. DSc.
Modern information and communication technologies (ICT) implementation in all spheres of human activity, as well as the increasing number and power of cyber-attacks on them make the cyber security of the developed digital state vulnerable and weak. Cyber-attacks become targeted (so-called APT-attacks) and attackers carefully prepare them, analyzing the identified vulnerabilities and all possible ways of attack. The security and defense capabilities of the state are considered in an additional fifth domain titled cyberspace (after land, air, water and space). World`s leading states develop strategies to protect cyberspace, create cyber troops, develop and test cyber weapons. A significant number of cyber-attacks today are aimed at critical infrastructures and government organizations. Traditional security methods (in particular, cryptographic algorithms) do not fully protect against all currently known attacks, they are potentially vulnerable to attacks based on
Updated Health Protection Guidelines – Information about hybrid Configuration of DeepSec & DeepINTEL 2021
The City of Vienna has announced changes to the health protection regulations. The regulations are still not in effect, but we expect them to be in place in the course of the next week. The city council is more strict than the rest of Austria, so make sure to update on local regulations. We have updated the health protection document on our web site. Basically the access to the conference is limited to persons having recovered from CVOID-19 and vaccinated persons. Additional information can be found by using one of the following links: Latest COVID-19 information Information about COVID-19 (City of Vienna) DeepSec will be at the conference hotel and feature live streams for every track. Some speakers will present remotely. All presentation will be available on site and via the streams. Links for
The City of Vienna has announced stricter regulations regarding conferences and restaurant businesses. This directly affects our conferences. Beginning with 15 November 2021, attending events requires a proof of either having recovered from a COVID-19 infection („genesen“) or be fully vaccinated („geimpft“). This is called the „2G rule“ because of the German words used for the terms. We will update our procedures for the conference accordingly. Our conference hotel has to follow the regulations as well. This means that you cannot attend either DeepSec or DeepINTEL with only a test (of any kind). There will be no exceptions. Further information can be found at the following links: What is „3G“ rule? Questions and answers regarding coronavirus and the COVID-19 disease Up-to-date Information on the Coronavirus Situation Some of the information web sites will get