3108, 2013

DeepSec 2013 Schedule published

René Pfeiffer/ August 31, 2013/ Administrivia, Conference

The pretty final schedule of DeepSec 2013 has been published. It took us some time, because we received a lot of submissions! Every speaker has confirmed. Let’s hope we don’t run into late cancellations. We hope you will get your share of entertainment and scare out of the selected content. As in the years before we will publish a blog article about every workshop and every talk in order to give you a better insight what every speaker intends to address (we started with the first one already). Abstracts are fine, context is better. We will also point out links to related fields provided that possible leaked content doesn’t destroy our publication schedule 😉 In case you haven’t booked yet, the early bird tariffs are still valid. Get your DeepSec tickets while they are

Read More

3008, 2013

DeepSec 2013 Talk: Automation in Android & iOS Application Security Review

René Pfeiffer/ August 30, 2013/ Conference, Security

Even if you do not want to follow the Bring Your Own Device (BYOD) hype you might have to deal with mobile operating systems and applications running on them. Once you have a need to deploy a system, you need to know how to review the security. Hemil Shah will explain in his talk how you can deal with this problem. Mobile application hacking and its security is becoming a major concern in today’s world – especially with BYOD and user’s jailbreaking/rooting their devices. In the last few years we have seen a range of new attack vectors and methods of exploitation for these devices. Mobile applications are vulnerable to various sets of different attacks like local storage, user data harvesting, activity spying, unauthorized event injection, UI jacking, tab jacking, traffic redirection, logical attacks,

Read More

3008, 2013

DeepINTEL Schedule Update: New Talk – “Advanced Security through Network Intelligence”

René Pfeiffer/ August 30, 2013/ Administrivia, Conference, Security Intelligence

Due to personal reasons one of our DeepINTEL speakers had to unfortunately cancel his appearance. Therefore we present a new talk held by Caroline Krohn. The title is “Advanced Security through Network Intelligence”. „Network Intelligence“ is the sum of findings extracted from people’s activities in the internet. Information related to people can be either, restricted and protected by any kind of encryption, or public and available to everybody. Nowadays, it is almost sufficient to collect data from open sources to put together a precise profile on a person of interest. Transparency does not only occur through own postings on so-called social networks, such as Facebook, Xing, LinkedIn, Twitter. Third party mentions and pictures other people post and tag, etc. also help following people’s activities outside the internet. Even the decision not to appear on

Read More

1108, 2013

DeepINTEL 2013 – New Talk: “Hackers NG” – Dealing with the Security Skills Shortage

René Pfeiffer/ August 11, 2013/ Conference, Security Intelligence

Cooling temperatures in Vienna bring new talks to DeepINTEL. We are proud to announce a talk by Colin McLean, lecturer in Computing at the University of Abertay Dundee in Scotland. He discussed the problem of finding hackers with security skills (and who probably do not possess the attributes Mr Hayden sees in his own IT staff). The abstract reads as follows: There is a cyber security skills shortage and it’s becoming a world-wide concern with many stakeholders warning of impending doom. Browsing the Internet shows that this concern is not only expressed from the USA, and the UK, but all over the world. Mark Weatherford of the US Department of Homeland Security has stated “The lack of people with cyber security skills requires urgent attention. The DoHS can’t find enough people to hire.”. The

Read More

0508, 2013

DeepINTEL 2013 – New Talk „Mutually Assured Pwnage“

René Pfeiffer/ August 5, 2013/ Conference, Security Intelligence

We have added a new talk to the DeepINTEL 2013 schedule. Karin Kosina will talk about „Mutually Assured Pwnage“ and critically explore what Cold War analogies can and cannot teach us about war in the 5th domain. “Cyberwar” has become a thing (never mind that no-one seems to really know what that thing really is). Along with the militarisation of cyberspace – or “the fifth domain of warfare” – there has been a flurry of attempts to draw analogies to other models of conflict. While this is understandable to a certain extent – What worked in the past may work again in the future, right? And let’s not be so cynical here to speak about hammers and things that look like nails… –, it has in many cases only added to the confusion around an already confused

Read More

1907, 2013

Reminder: DeepSec – the Book: Call for Papers

Sanna/ July 19, 2013/ Administrivia, Call for Papers

Dear DeepSec speakers, this reminder goes out to you! We will publish a book about past and present DeepSec topics – To make this book a bummer we need your help! The book will be a summary, a factual overview on what’s been going on at our annual event, from 2008 – 2012, a collection of the most compelling talks and captivating topics we’ve featured at our conference so far. We want you to send us the abstracts of the talk you held at DeepSec – and we ask you to open up your topic once again. What’s been going on in the very special field you held your talk about? Have there been some new developments? Is your talk still up to date or does it seem kind of antiquated to you? If

Read More

1707, 2013

Musings about PRISM and the Like, or an Appeal to Reasoning

Mika/ July 17, 2013/ Discussion, Mission Statement, Security Intelligence

Spying and Distrust are not new, Full Stop. We are old enough to have witnessed many large spying programs in “real time”, starting in the 90ies and continuing until now. Everybody spies on everybody else, everybody tries to use every resource available to gain any kind of intelligence useful for the very own benefit. Alliances, treaties and promises (or vows if you take it more seriously) only have secondary value when it’s about the own advantage. This is true for most aspects of our life, be it private, business or international political affairs. Spouses (sometimes) distrust each other. Business partners (sometimes) negotiate with most detailed contracts to leave as little room as possible to deviate from the expectations, trusting in legal frameworks, lawyers and neutral judges to enforce the expectations. In international affairs (sometimes)

Read More

1607, 2013

DeepINTEL 2013 – Preliminary Schedule

René Pfeiffer/ July 16, 2013/ Conference, Schedule, Security Intelligence

The preliminary schedule of the DeepINTEL conference is ready! We have selected the presentations carefully and tried to address in-depth threats to (y)our infrastructure and (y)our data. Here are the abstracts of the talks (in alphabetical order, according to the speakers name), that we are allowed to publish publicly: Compliance and Transparency of Cloud Features against Security Standards (Yury Chemerkin) Nowadays cloud vendors provide a solid integration, virtualization and optimization in many fields (for example medical, business, and education) for online services. Such services operate with sensitive data which attracts attackers. There are quite different security controls and metrics for every Cloud service provider. It is generally known that several industrial organizations are focused on keeping an appropriate security level by offering solutions to improve the transparency of Cloud security controls among different vendors.

Read More

0507, 2013

„Cyber Cyber Cyber“ revisited – Information Warfare

René Pfeiffer/ July 5, 2013/ Discussion, Security

So far we haven’t commented on the ongoing season of the Game of Spooks miniseries. We wait for the break after the last episode – provided there is one. However we have written about information warfare and espionage in this blog. Enter secrets. During DeepSec 2012 the concept of „cyber war“ was heavily explored. Eventually it led to the phrase „cyber cyber cyber“ due to the sheer popularity of this very word. „Cyber“ and „war“ hide the fact that information is the prime good that is being accessed or copied and put to a fresh use¹. Take a look at the published articles in the past weeks to see misplaced information at work. A couple of misplaced presentation slides can cause more uproar than a data leak of  medical records of a nation –

Read More

0407, 2013

Products, Vendors, Security, and Bias

René Pfeiffer/ July 4, 2013/ Discussion, Mission Statement, Security

The DeepSec conference is meant to be a neutral event where security related topics can be discussed without bias. Periodically we have discussions with companies about this issue. Our web site states that DeepSec is a non-product, non-vendor-biased conference event. In short this simply means that the topics discussed at DeepSec are all about facts not ads. We are looking for honest talks about security: If something breaks, tell us about it. If you can repair it, tell us about it. If you discovered something, tell us about it. That’s our goal. The DeepSec conference is not a trade fair – but it’s a place to mention what you have researched or what you have created. We are all about information security and want everyone to talk about it. We invite everyone to share results of

Read More

2506, 2013

DeepSec Proceedings: The Book – Call for Papers Reminder

Sanna/ June 25, 2013/ Administrivia

Dear DeepSec speakers this goes out to you: It’s our pleasure to inform you that we will publish a book as proceedings about past and present DeepSec topics. A summary, a factual overview on what’s been going on at our annual event, from 2008 – 2012, a collection of the most compelling talks and captivating topics we’ve featured at our conference so far. To make this book a bummer we need your help. We want you to send us the abstracts of the talk you held at DeepSec – and we ask you to open up your topic once again. What’s been going on in the very special field you held your talk about? Have there been some new developments? Is your talk still up to date or does it seem kind of antiquated

Read More

2506, 2013

Timeless elegance: DeepSec T-Shirts 2011

Sanna/ June 25, 2013/ Administrivia, High Entropy

Somewhere it’s still 2011. In another dimension it’s probably always Monday. ANYWAY — for those of you who want to wear a garment of timeless elegance we have the very T-Shirt: DeepSec T-Shirt 2011 proudly presented by our favourite model, Mme Cyberduck.     Wow, look at this imprint   – neat, isn’t it? T- Shirt can be ordered either via e-mail Price: 25€ (VAT excluded) + shipping costs Payment: Prepay, either via Paypal or Credit Card or you can get them at our next conference, DeepSec 2013. C u!  

2206, 2013

CfP for DeepSec 2013 is still open! Send us (your?) security nightmares!

René Pfeiffer/ June 22, 2013/ Administrivia, Conference

Hello to all you late birds! The Call for Papers for DeepSec 2013 is still open! We are eagerly waiting for your workshops and talks! Don’t tell us that the world has become a safe place and there’s nothing out there that can’t be broken or is broken by design – We won’t believe you. In case you have forgotten, the motto for DeepSec 2013 is „Secrets, Failures, and Visions!“. We came up with this idea in December 2012, long before the headlines of this month. Everyone has secrets to protect. Failures are more common than you might think. Visions is what we need in the future to tackle the problems of today. All of these concepts touch the topics usually discussed at (IT) security conferences. It doesn’t matter if you have to deal

Read More

0906, 2013

Protect your Metadata

René Pfeiffer/ June 9, 2013/ Discussion

In the light of the recent news about the collection of call detail records (CDR) the term metadata has come up. Unfortunately the words cyber, virtual, and meta are used quite often – even as a disguise  to hide information when not being used in a technical context. We have heard about all things cyber at the last DeepSec conference. The word virtual is your steady companion when it comes to All Things Cloud™. Now we have a case for meta. Actually metadata is what forensic experts look for – a lot. Metadata usually lives in transaction logs or is part of a data collection. It describes the data it accompanies. Frequently you cannot make sense out of or use the data without the corresponding metadata. A well-stocked library seems like a labyrinth if

Read More

0606, 2013

How to defend against “Cyber” Espionage

René Pfeiffer/ June 6, 2013/ Discussion, Security

When it comes to defence and protection, don’t forget how your organisation treats data. The mindset plays an important role. This can be illustrated by a simple correlation. Organizations which take the protection of data privacy seriously have an edge when it comes to implementing IT security measures. We talked about this relation in an interview with ORF journalist Erich Moechel (article is in German, Google translation). The findings are not surprising. Auditors and penetration testers can tell if your IT staff takes the role of protecting digital assets seriously. The correlation is easily explained : Once you establish data protection guidelines, you also create a motivation to implement defensive procedures and measures against intrusion. Directly linking operational aspects to a reason makes sure that everyone understands why defence is important. Bear in mind

Read More