0507, 2013

„Cyber Cyber Cyber“ revisited – Information Warfare

René Pfeiffer/ July 5, 2013/ Discussion, Security

So far we haven’t commented on the ongoing season of the Game of Spooks miniseries. We wait for the break after the last episode – provided there is one. However we have written about information warfare and espionage in this blog. Enter secrets. During DeepSec 2012 the concept of „cyber war“ was heavily explored. Eventually it led to the phrase „cyber cyber cyber“ due to the sheer popularity of this very word. „Cyber“ and „war“ hide the fact that information is the prime good that is being accessed or copied and put to a fresh use¹. Take a look at the published articles in the past weeks to see misplaced information at work. A couple of misplaced presentation slides can cause more uproar than a data leak of  medical records of a nation –

Read More

0407, 2013

Products, Vendors, Security, and Bias

René Pfeiffer/ July 4, 2013/ Discussion, Mission Statement, Security

The DeepSec conference is meant to be a neutral event where security related topics can be discussed without bias. Periodically we have discussions with companies about this issue. Our web site states that DeepSec is a non-product, non-vendor-biased conference event. In short this simply means that the topics discussed at DeepSec are all about facts not ads. We are looking for honest talks about security: If something breaks, tell us about it. If you can repair it, tell us about it. If you discovered something, tell us about it. That’s our goal. The DeepSec conference is not a trade fair – but it’s a place to mention what you have researched or what you have created. We are all about information security and want everyone to talk about it. We invite everyone to share results of

Read More

2506, 2013

DeepSec Proceedings: The Book – Call for Papers Reminder

Sanna/ June 25, 2013/ Administrivia

Dear DeepSec speakers this goes out to you: It’s our pleasure to inform you that we will publish a book as proceedings about past and present DeepSec topics. A summary, a factual overview on what’s been going on at our annual event, from 2008 – 2012, a collection of the most compelling talks and captivating topics we’ve featured at our conference so far. To make this book a bummer we need your help. We want you to send us the abstracts of the talk you held at DeepSec – and we ask you to open up your topic once again. What’s been going on in the very special field you held your talk about? Have there been some new developments? Is your talk still up to date or does it seem kind of antiquated

Read More

2506, 2013

Timeless elegance: DeepSec T-Shirts 2011

Sanna/ June 25, 2013/ Administrivia, High Entropy

Somewhere it’s still 2011. In another dimension it’s probably always Monday. ANYWAY — for those of you who want to wear a garment of timeless elegance we have the very T-Shirt: DeepSec T-Shirt 2011 proudly presented by our favourite model, Mme Cyberduck.     Wow, look at this imprint   – neat, isn’t it? T- Shirt can be ordered either via e-mail Price: 25€ (VAT excluded) + shipping costs Payment: Prepay, either via Paypal or Credit Card or you can get them at our next conference, DeepSec 2013. C u!  

2206, 2013

CfP for DeepSec 2013 is still open! Send us (your?) security nightmares!

René Pfeiffer/ June 22, 2013/ Administrivia, Conference

Hello to all you late birds! The Call for Papers for DeepSec 2013 is still open! We are eagerly waiting for your workshops and talks! Don’t tell us that the world has become a safe place and there’s nothing out there that can’t be broken or is broken by design – We won’t believe you. In case you have forgotten, the motto for DeepSec 2013 is „Secrets, Failures, and Visions!“. We came up with this idea in December 2012, long before the headlines of this month. Everyone has secrets to protect. Failures are more common than you might think. Visions is what we need in the future to tackle the problems of today. All of these concepts touch the topics usually discussed at (IT) security conferences. It doesn’t matter if you have to deal

Read More

0906, 2013

Protect your Metadata

René Pfeiffer/ June 9, 2013/ Discussion

In the light of the recent news about the collection of call detail records (CDR) the term metadata has come up. Unfortunately the words cyber, virtual, and meta are used quite often – even as a disguise  to hide information when not being used in a technical context. We have heard about all things cyber at the last DeepSec conference. The word virtual is your steady companion when it comes to All Things Cloud™. Now we have a case for meta. Actually metadata is what forensic experts look for – a lot. Metadata usually lives in transaction logs or is part of a data collection. It describes the data it accompanies. Frequently you cannot make sense out of or use the data without the corresponding metadata. A well-stocked library seems like a labyrinth if

Read More

0606, 2013

How to defend against “Cyber” Espionage

René Pfeiffer/ June 6, 2013/ Discussion, Security

When it comes to defence and protection, don’t forget how your organisation treats data. The mindset plays an important role. This can be illustrated by a simple correlation. Organizations which take the protection of data privacy seriously have an edge when it comes to implementing IT security measures. We talked about this relation in an interview with ORF journalist Erich Moechel (article is in German, Google translation). The findings are not surprising. Auditors and penetration testers can tell if your IT staff takes the role of protecting digital assets seriously. The correlation is easily explained : Once you establish data protection guidelines, you also create a motivation to implement defensive procedures and measures against intrusion. Directly linking operational aspects to a reason makes sure that everyone understands why defence is important. Bear in mind

Read More

0506, 2013

Podcast Finux Tech Weekly #25 with DeepSec CfP and U21

René Pfeiffer/ June 5, 2013/ Administrivia, Mission Statement

MiKa and me have been chatting with Finux for his latest recording of the Finux Tech Weekly #25 (mp3/ogg download). We talked about the next DeepSec conference and our special U21 initiative for young security researchers. We like to support young researchers (under the age of 21, hence U21) and enable them to present their works and results in an appropriate manner. Listen to the podcast to hear about our motivations! Oh, and don’t forget, the Call for Papers for DeepSec 2013 is still running! Send us your submissions! We’re looking forward to it 🙂

2205, 2013

We proudly present our 2012 DeepSec T-Shirts

Sanna/ May 22, 2013/ Administrivia

Finally! Our 2012 Deep Sec T’s have arrived – Yes, and they rock!     If you want a T-Shirt please write an e-mail to deepsec@deepsec.net including your size and your postal address so we can send it to you! Sizes available: M, L, XL Price: 25€ (VAT excluded) + shipping costs Payment: Prepay, either via Paypal or bank transfer If you have a VAT number please let us know, and we will include it in your invoice. Invoice will be sent with the T-Shirt. P.S.: There will be a 2011 T-Shirt Edition too –  We’ll keep you posted 🙂 Your DeepSec Crew.

1405, 2013

Call for Articles – DeepSec Proceedings

René Pfeiffer/ May 14, 2013/ Administrivia, Security

While our Call for Papers for DeepSec 2013 and DeepINTEL is still open, we have a Call for Articles for all our past speakers ready. It’s our pleasure to inform you that we will publish a book with proceedings about past and present DeepSec topics. It will be a summary, a factual overview on what’s been going on at our annual event, from 2007 – 2012, a collection of the most compelling talks and captivating topics we’ve featured at our conference so far. To make this book a bummer we need your help. We want you to send us the abstracts of the talk you held at DeepSec – and we ask you to open up your topic once again. What’s been going on in the very special field you held your talk about?

Read More

2904, 2013

Support your local CryptoParty

René Pfeiffer/ April 29, 2013/ Communication, Discussion, Training

Since September 2012 there are CryptoParty events all over the world. The idea is to bring a group together and have each other teach the basics of cryptography and how to use the various tools that enable you to encrypt and protect information. Of course, encryption by itself cannot guarantee security, but it’s a part of the equation. Since cryptography is hard, most tools using it require a certain amount of knowledge to understand what’s going on and how to properly use them. The CryptoParty helps – in theory and most often in practice, too. If a CryptoParty is near you and you have some knowledge to spare, please take part and share what you know with others. DeepSec supports the local CryptoParty events in Austria, too. Finding a CryptoParty can be easily done

Read More

1204, 2013

BSidesLondon and the Rookie Track

René Pfeiffer/ April 12, 2013/ Conference, Discussion

DeepSec is actively supporting the BSidesLondon conference this month. We are joining the panel of mentors of the rookie track, and we’re looking forward to see a lot of interesting talks. In March we talked about our motivation to support the rookie track idea with Finux on the Rookie Track Podcast. DeepSec has been supporting young security researchers for years. Some of them were given an opportunity to speak at past DeepSec conferences in order to present their work. We think that this is a good idea, and here is why: Speaking publicly in front of an audience can be hard. It is even harder if you have never done this before. It gets a lot harder if you talk about IT security, because there’s a chance you found something that probably broke, is

Read More

1104, 2013

DeepSec 2013 “Seven Seas” – Call for Papers! Submit! Now!

René Pfeiffer/ April 11, 2013/ Administrivia

DeepSec 2013 “Seven Seas” – Call for Papers Dear Researchers, Hackers, Developers, dear Members of the IT-Security Community: This is our call for papers for DeepSec 2013, the seventh DeepSec In-Depth Security Conference. Our annual event will take place from November 19th to 22th at the Imperial Riding School Renaissance Hotel in Vienna. It consists of two days of workshops followed by a two day long conference. Our speakers and trainers traditionally come from the security community, companies, hacker spaces, journalism and academic organisations, talking about different topics and aspects of IT-Security: current threats and vulnerabilities, social engineering and psychological aspects as well as security management and philosophy. Content For DeepSec 2013 we’re not looking for talks about the latest trending technologies, gadgets and behaviours, no, DeepSec 2013 is all about secrets, failures and

Read More

0104, 2013

Accounts receivable and payable

Mika/ April 1, 2013/ Administrivia, Legal

From now on all incoming and outgoing payments for DeepSec and DeepINTEL tickets, sponsor packages, speaker travel reimbursements, hotel, accommodation, catering, support for the community etc. will only be accepted resp. paid in Bitcoins. As we do not trust electronic money transfers (hey, guys – we conduct a security conference!) the following rules will apply: Tickets will only be sold only on-site. We will accept Bitcoins only in cash. Please have the exact amount available as we cannot give change. Bitcoins for speaker travel reimbursements will be sent to the speaker’s home address with registered mail in a neutral envelope. Payments for hotel, accommodation, sponsor packages and other goods and services will be transferred in a inconspicuous suitcase by a courier wearing dark sunglasses. We made this decision because every year we have to

Read More

2403, 2013

The Risk of faulty Metrics and Statistics

René Pfeiffer/ March 24, 2013/ Discussion, Security

It’s never a bad idea to see what the outside world looks like. If you intend to go for a walk, you will probably consult the weather report in advance. If you plan to invest money (either for fun or for savings), you will most certainly gather information about the risks involved. There are a lot of reports out there about the IT security landscape, too. While there is nothing wrong with reading reports, you must know what you read, how the data was procured and how it was processed. Not everything that talks percentages or numbers has anything to do with statistics. Let’s talk about metrics by using an example. Imagine an Internet service provider introduced a „real-time map of Cyber attacks“. The map would show attacks to their „honeypot“ systems at 90

Read More