1008, 2018

New date, same Location: DeepINTEL 2018 has been moved

René Pfeiffer/ August 10, 2018/ Administrivia, Call for Papers, Security Intelligence

The DeepINTEL 2018 has been moved in time, not in space. DeepINTEL 2018 will take place on 28 November 2018. The day is the second day of trainings at DeepSec. DeepINTEL will be in parallel, and it will be for one day instead of the original two days. We had to moved because of organisational constraints. By moving DeepINTEL we hope to create a better placement for the security intelligence platform. In addition the DeepINTEL Call for Papers is easier, allowing trainers and speakers at DeepSec to contribute to the aspect of DeepINTEL with specific content. In case you have some content for us: he focus for 2018 are stealthy and persistent attacks. This is the classic espionage attack vector, only with modern means. Ubiquitous networking, complex trust-relationships, and the increased flow of information

0808, 2018

DeepSec Call for Papers Ended – Review Process – Melting Brains – Hard Facts

René Pfeiffer/ August 8, 2018/ Administrivia, Conference

Year by year it is getting harder to review the growing numbers of submissions. Thanks a lot for your contribution! It’s always a pleasure to read what you sent us. We have started to review as soon as you submit, but given the heat and the sheer number of submissions, it will take a few more days. We only have two days of trainings and two days of conference – which isn’t nearly enough. We will try to come up with a schedule that covers current events, science, and threats of tomorrow. Speaking of science, the Call for Papers for ROOTS 2018 is still running! We like to see more solid research in information security. It’s easy to get headlines or flourish on social media, but information security needs to do its homework. This

3107, 2018

DeepSec 2018 Call for Papers – Deadline today!

René Pfeiffer/ July 31, 2018/ Call for Papers, Conference

Sadly the climate does not extend deadlines. The Call for Papers of DeepSec In-Depth Security Conference 2018 ends today at midnight. Please make sure that you send us your submission in time. All submissions reaching us before the deadline ends have priority over any later submissions! We will leave the submission form online for a while longer in order to compensate for the heatwave currently rolling over Europe. Don’t forget that the Call for Papers for ROOTS 2018 (the Reversing and Offensive-oriented Trends Symposium) is still open and accepts submissions! Please spread word about ROOTS. We would like to feature „Science first!“ again in 2018. A big thank you for all who already sent us their content! As always we will have a hard time sorting through everything and selecting the presentations and trainings.

1707, 2018

New in the DeepSec Ticket Shop: Tor Tickets for Early Birds and InfoSec Minds

René Pfeiffer/ July 17, 2018/ Administrivia, Discussion, High Entropy, Security

We have a new category in the DeepSec ticket shop. We now have Tor tickets! Why is that? Well, information security relies heavily on the tools of the trade and the knowledge to use them. Tools can be created and used, knowledge can be shared and used. This is not a new insight. The special Tor tickets are a way to help the German non-profit registered association Zwiebelfreunde e.V. for rebooting their infrastructure. They run Tor nodes and provide the necessary infrastructure to do this. Members of Zwiebelfreunde have been speakers at DeepSec in the past because they are also active security researchers. The difference between the Tor ticket and the normal ticket price will be given to them to recover the damage to their infrastructure. Security tools such as Tor are widely used

1707, 2018

ROOTS and DeepSec 2018 Call for Papers – Reminder and Bugfix

René Pfeiffer/ July 17, 2018/ Call for Papers

The ROOTS and DeepSec Calls for Papers are still running! We did some bugfixing on the web page, so the deadline for any ROOTS submissions is now 26 August 2018. Please spread the word and submit your research. If you need any assistance feel free to contact us. The DeepSec Call for Papers closes on 31 July 2018. Now is the time for your submission. We are looking forward to see your presentation on stage at DeepSec 2018!

1307, 2018

Thoughts on the Information Security Skill Set

René Pfeiffer/ July 13, 2018/ Discussion, Security

As mentioned in an earlier blog article we moved our office infrastructure to a new location. Once you use a space for more than a decade things inevitably pile up. So I had to sort through hardware, software (on optical storage hardware and floppy disks), lecture notes from a previous life, ancient project documentation, and notes on ideas for a brighter future. Most things were thrown away (i.e. responsibly recycled), some stuff could be saved by enthusiasts (for example the two old Amigas that were sitting in the basement). All of the things we had to move had a purpose once. The main purpose was to get familiar with technology, accumulate knowledge, and understand how things work. This is essentially the hacker mindset, also found among scientists. Given the many presentations at past DeepSec

1207, 2018

How the BND monitors Communication in Austria

Sanna/ July 12, 2018/ High Entropy, Security Intelligence

[Editor’s note: This article was originally published on the web site of the FM4 radio channel of the Austrian Broadcasting Corporation. We have translated the text in order to make the content accessible for our English-speaking audience.] How the BND monitors communication in Austria At the most important connection to the Frankfurt node DE-CIX data streams from Austria are copied in their entirety to lines of the BND. Selected results of their evaluation are returned by the BND to the Austrian Army Intelligence Office in Vienna. by Erich Moechel for fm4.orf.at The reaction of the Austrian government regarding the publication of a list of targets of the German Federal Intelligence Service (BND) in Austria has caused surprise and amusement amongst intelligence experts. The general tenor: Either the Austrian government really has no idea how

1107, 2018

Infrastructure Update – Privacy Shield, Call for Papers, DNSSEC, ROOTS, and Humidity

René Pfeiffer/ July 11, 2018/ Administrivia, High Entropy

Our blog has been a bit silent in the past weeks, because we had to move some stuff around and rearrange our infrastructure. The old office had a problem with too much water. Leaking is for whistleblowers, not water pipes. Rain is fine if the water can get to the drains. If you take a look at the photograph, imagine the scene with Summer temperatures and a high dose of humidity. Moving infrastructure around is a lot more fun when having APIs, lots of bandwidth, and server minions to take care of the storage. This wasn’t the case with our office infrastructure in meatspace. So we did a bit of a workout. It’s amazing what ancient hardware you can find when sorting through real storage space. Remember AUI Ethernet connectors with matching network interface

1806, 2018

DeepSec Web Server is moving today

René Pfeiffer/ June 18, 2018/ Administrivia

We are doing a little relocation of computing infrastructure today. Between 2000 and 2200 CEST we will shift the computing node to a new location. Most content is still being delivered by the reverse proxy, but you may encounter errors for the call for papers manager. For those of you who got a 5xx HTTP status code when submitting a workshop or a talk, we hope that the new infrastructure will solve this problem.

1606, 2018

Call for Papers: Reversing and Offensive-Oriented Trends Symposium (ROOTS) 2018

René Pfeiffer/ June 16, 2018/ Call for Papers, Security

ROOTS 2018 The second Reversing and Offensive-Oriented Trends Symposium (ROOTS) 2017 opens its call for papers. ROOTS is the first European symposium of its kind. ROOTS aims to provide an industry-friendly academic platform to discuss trends in exploitation, reversing, offensive techniques, and effective protections. Submissions should provide novel attack forms, describe novel reversing techniques or effective deployable defences. Submissions can also provide a comprehensive overview of the state-of-the-art, and pinpoint promising areas that have not received appropriate attention in the past. To facilitate interaction with industry, the ROOTS ticket will be valid for all DeepSec conference tracks on both days, including the industry tracks, and the DeepSec conference tickets for the industry track will be valid for ROOTS. The usual rules for academic discounts apply. Please contact the DeepSec staff or our sponsors for

0806, 2018

BSidesLondon 2018 Rookie Track Follow-Up

René Pfeiffer/ June 8, 2018/ Conference, Discussion, High Entropy

We would like to share some impressions about the BSidesLondon 2018 Rookie Track presentations. It gets hard and harder to tell which one of the talks is the best. And picking a winner is not the right approach. We do this, because we can only invite one person to DeepSec, and because the intention is to have a motivation to work hard on the presentation. From what we have seen, we were quite impressed. The quality has much improved, also thanks to the tireless efforts of the mentors (if you see someone with a mentor badge, please buy them a drink!). Apart from the 15 minute time slot some talks were hard to distinguish from their bigger cousins in the main tracks. The topics were well-chosen. The mix was great. Every single rookie did

0806, 2018

Big Data Analytica – What Attackers might be after

René Pfeiffer/ June 8, 2018/ Discussion, High Entropy, Security Intelligence

A while ago the Cambridge Analytica issue rocked the news and the online discussions about how personal data and profiles should be used. Frankly the surprise of data being abused comes as a surprise. The terms and conditions of most online portals, services, and platforms contains lots of rights – which you give to the owner of the platform. Once something is concentrated, cached, and accessible to digital evaluation, it will be harvested for its content and context. It’s as simple as that. This has always been the case. Penetration testers (best case) select their targets based on this criterion (among others). What has all of this to do with information security? Well, information security, just as the social media platforms, just can’t do without analysing data. The difference is how to protect and

0506, 2018

Rookie Track – BSidesLondon 2018

René Pfeiffer/ June 5, 2018/ Conference, Security

We are looking forward to see the Rookie Track at BSidesLondon 2018! If you are curious what the rookie have to say, drop by and have a look! Presentations are meant to be heard. Do the newbies a favour and listen to them. They have put a lot of work into their 15 minute talk slot. They deserve an audience. Presenting a topic is hard. You have to understand what you are talking about. Furthermore you need to know a bit extra, because people will ask questions. Richard Feynman once said: If you want to master something, teach it. A great way to learn is to teach. If you have ever conducted a workshop, this will sound familiar. DeepSec sponsors the winner of the rookie track – a ticket to DeepSec 2018 and a

2505, 2018

DSGVO / GDPR / RGPD Update – We have Policies and Stuff!

René Pfeiffer/ May 25, 2018/ Administrivia, High Entropy

In information security policies are like opinions – everyone has one or more. So this is why we did some updating. You can now find our privacy policy on the main DeepSec web site and on our blog. We use few third party services, because most of our infrastructure is hosted on our own systems. When it comes to (tele)communication, payment services, and (sadly) email we have to rely on operators doing this for us. Our email infrastructure will move in the near future (i.e. in 2018). We will announce the change via your local DNS resolver when the time comes. 😊 Bear in mind that we take the agile approach when it comes to developing policies. Publish often, do rolling releases. At least that is how we understand the process. A policy is

1405, 2018

#efail, Crypto, HTML, PDF, and other complex Topics

René Pfeiffer/ May 14, 2018/ High Entropy, Security

You probably have noticed the #efail hashtag that came with the claim that the crypto world of PGP/GPG and S/MIME is about to end. Apocalyptic announcements were made. The real news is due for 15 May 2018 (i.e. the publication with all the facts). There was even the advice to stop using encryption until more information is known. The authors of the bug claimed that responsible disclosure was being followed. Well, it seems that this is not the case. Judging from the Internet response, the bug depends on the content of the encrypted message, not on the protocol of the encryption or the encryption tools. Lessons learned so far: It is a bug in some mail user client software. It’s all about the content of the message and how it gets interpreted. Responsible disclosure

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: