0203, 2023

Press Release: A 40-year Step Backwards for Secure Communication

Sanna/ March 2, 2023/ Press

The UK government’s Online Safety Bill wants to set back the state-of-the art for secure communication 40 years backwards. The proposal includes compulsory backdoors for communication platforms and will lead modern encryption technologies into complete futility. If implemented, the secure messenger Signal will withdraw from the British market. The law is a serious threat to businesses and represents an unprotected gateway for espionage. “Crypto Wars” – the fight against security Secure communication has been under constant legal attack since it became widespread. The secure exchange of messages is perceived as a threat because, technically, no monitoring of correspondence can be implemented. The encryption software Pretty Good Privacy (PGP) was created in 1991 by Phil Zimmermann. After the code was published on the internet and spread internationally in the following years, Zimmermann became the target

Read More

1602, 2023

Press Release: IT World in AI Mania

Sanna/ February 16, 2023/ Development, Legal, Press, Security

Artificial intelligence (AI) is on everyone’s lips, but its results fall short of all expectations. Wouldn’t it be nice if computers could effortlessly give meaningful results to all kinds of questions from all kinds of unstructured data collections? Periodically, algorithms that do incredible things are celebrated in information technology. At the moment, it is the turn of artificial intelligence algorithms. Search engines are retrofitting AI. But the supposed product is far from real cognitive performance. Many open questions remain. History of Algorithms The first experts to work with algorithms to emulate human thought processes came from the fields of mathematics and philosophy. They wanted to formalise analytical thinking from the subfield of logic and describe it in models. In the 1950s, the algorithms were implemented on the computers that were emerging at the time.

Read More

0902, 2023

Call for Papers Preparations, Social Media, and other Updates

René Pfeiffer/ February 9, 2023/ Administrivia, Communication, DeepIntel

Our traditional Winter break has been a bit longer than anticipated. We are working on the call for papers for DeepSec and DeepINTEL 2023 (14 to 17 November 2023). The location has not changed, so we can focus on the content of the conferences. This is a good time to check if you are on our call for papers mailing list. If you like our regular reminders and updates, please subscribe or tell us what email address we should add. Speaking of communication, the sabotage of Twitter continues. Today the APIs for posting content are limited to paid subscribers. This deliberately stops cross-posting content to Twitter from other sources. It affects updates from our blogs and updates via mobile phones, because we never used the official Twitter app (and will not in the future).

Read More

2001, 2023

DeepSec News Channels and Twitter Third Party Apps

René Pfeiffer/ January 20, 2023/ Conference

A couple of days ago the Talon app we use for reading and writing on Twitter stopped working. Code that stops working or APIs that turn into bouncers at the nightclub is normal operation in some fields of IT. As for Twitter, it has turned into a personal playground of one person. The platform has nothing to do with the microblogging service it once was. Decisions are made random or with a questionable agenda. It’s time to leave. And no, we are not going to Mars like Ryba Zhfx promised the public over ten years ago. You can find links to our articles on our Mastodon account. We have this blog, and we have our mailing lists. We will try to turn our Twitter postings into an archive and publish it on our servers

Read More

2112, 2022

Translated Article: Russia’s Satellite Spy Station in Vienna with Technology from NATO Suppliers.

Sanna/ December 21, 2022/ Communication, Stories

Russlands Sat-Spionagestation in Wien mit Technik von NATO-Lieferanten by Erich Moechel for fm4.ORF.at [Nobody can hide from geopolitics, neither hacker, nor governments, or even satellite antennas. Erich is a passionate ham radio operator and investigative journalist. He inspected OSINT sources and wrote a summary about an installation in Vienna run by the Russian Federation. If you are interested in wireless technology, then this article is for you.] All components of the four large dishes come either from the Canadian company Norsat or from Swedish Microwave (SMW). Norsat is a contracting company of NATO and the Pentagon, SMW likewise primarily supplies military. An analysis of high-resolution photos of the antennas on the roof of Russia’s UN embassy in Vienna’s 22nd district has revealed something astonishing. Most of the receiver modules of the most powerful antennas come

Read More

2012, 2022

Translated Article: US ‘Chat Control’ Now with Exception for E2E Encryption

Sanna/ December 20, 2022/ Stories

US-„Chatkontrolle“ nun mit Ausnahme für E2E-Verschlüsselung by Erich Moechel for fm4.ORF.at [This is the second summary article describing the concerted attack on IT security around the globe. Erich has researched the current state of affairs. It is of interest that the US lawmakers have understood the importance of ent-to-end-encryption, while their UK and EU counterparts have not.] The US regulation on child protection provides for a right of refusal in search warrants for E2E providers, as they do not have access to the requested data. The regulations planned in the EU and UK, on the other hand, require WhatsApp and others to install backdoors. In the British House of Commons, the surveillance bill “Online Safety Bill” is getting out of hand. After incorporating the amendments from the beginning of the week, the British “chat control” with

Read More

1912, 2022

Translated Article: Regulation on “Chat Control” Launched in EU Parliament

Sanna/ December 19, 2022/ Security, Stories

Verordnung zur „Chat-Kontrolle“ im EU-Parlament gestartet by Erich Moechel for fm4.ORF.at [We have translated the article from Erich’s column, because end-to-end encryption is a fundamental part of IT security. Erich has researched a lot regarding the concerted attack on secure communication. He provides important background information to understand why the attack on encryption is presented in different countries at the same time.] At the same time as the EU regulation, the British “Online Safety Bill” and a US law on the safety of children online are on their way through the parliaments. A comparison shows astonishing parallels in terms of content and method. On Wednesday, work on the regulation on warrantless searches of social network users’ smartphones and PCs started in the EU Parliament’s Civil Liberties Committee (LIBE). In this first meeting, the timetable for this

Read More

1712, 2022

Late thank you for attending and speaking at DeepSec / DeepINTEL 2022

René Pfeiffer/ December 17, 2022/ Administrivia, Conference

Usually we are under high load after the conference because of the administrative tasks. 2022 was no exception, but the change of location still requires some attention. So this is a much delayed thank you for attending our events and speaking at DeepSec and DeepINTEL 2022! It was great to meet all of you in person. We also enjoyed talking about experiences with IT security, exchanging insights, sharing stories, and gathering inspiration for the next year. While virtual meetings can save time and help a lot, some things are best discussed face to face. The videos are nearly fully post-processed. We will inform our attendees and speakers first. In January 2023, you can enjoy the videos on our Vimeo account. The slides of the presentations can be downloaded from our DeepSec 2022 slide collection.

Read More

3011, 2022

DeepINTEL Report: The view from Vienna: OPSEC, Iran’s cyberpower, and tech decoupling

René Pfeiffer/ November 30, 2022/ DeepIntel, Security Intelligence

We are a bit late with the summaries from our event. Let’s start with some public information from DeepINTEL 2022. The conference is a closed event where security experts can openly discuss updates on threats, capabilities of potential adversaries, and all kinds of intelligence information related to information security. Steph Shample, an expert from the Middle East Institute (MEI), gave an update on Iran’s capabilities in past and present APT, cybercrime, ransomware, and cryptocurrency. The connections of Iran with China and Russia were discussed, too. Given the invasion of Ukraine, Russia is trying to get support for its digital operations. Mohammed Soliman, also from the Middle East Institute, presented his research on the technology containment strategy by the US administration. The stance regarding 5G serves as a blueprint. It is important to emphasise that

Read More

1711, 2022

DeepSec 2022 has started – two Days of Presentation about Information Security

René Pfeiffer/ November 17, 2022/ Conference, Security

The DeepSec Conference 2022 has started. We will be busy handling the presentation tracks, the TraceLabs OSINT CTF event, and the ROOTS track. We covered most of the presentations in brief interviews on this blog. There is more to come after the conference has ended. The live streams from the conference are available to registered attendees. The recordings will be published on our video platform after post-precessing. Updates from the event will be posted to our Twitter and Mastodon accounts. In case you want to be part of the conversation, please use the #DeepSec hashtag.

1611, 2022

DeepINTEL 2022 has started – Conference on Security Intelligence

René Pfeiffer/ November 16, 2022/ Conference, DeepIntel

We often abuse the term big picture as an analogy for a better perspective on things. With security intelligence, this is true. The DeepINTEL conference covers the strategic aspects of IT security, analyses the capabilities of potential (and actual) adversaries, and helps to bridge the gap between individual experiences of security researchers and targets. DeepINTEL 2022 has started. Topic-wise advanced persistent threats, the current geopolitical situation, psychological warfare with digital means, and techniques of malicious software in attacks are the primary focus. Selected aspects will be published in articles on this blog after the conference, because the DeepINTEL is a TLP:AMBER event.

1511, 2022

Reminder for virtual Training: Exploiting Race Conditions

René Pfeiffer/ November 15, 2022/ Security, Training

A race condition attack is one of the most dangerous and underestimated attacks on modern web applications. It’s related to concurrency and multi-threading. Because of this attack, an attacker who has $1000 in his bank account can transfer more than $1000 from his bank account. This is just one example, but it clearly shows how dangerous this attack is. In a free video Dawid Czagan (DeepSec instructor) will show you step by step how this attack works and will tell you how to prevent this attack from happening. Watch this free video and feel the taste of Dawid Czagan’s live online training ”Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation”- Because of our hybrid configuration of DeepSec for trainings and the conference, the Mastering Web Attacks with Full-Stack Exploitation

Read More

1511, 2022

DeepSec 2022 Trainings have started

René Pfeiffer/ November 15, 2022/ Security, Training

The DeepSec trainings have started. Today is the first day. The topics cover attacking modern desktop applications, network threat hunting, incident response, creating malicious office documents for offensive tests, and secure code review. The spectrum covers a lot of content, and it will be very helpful for defending the information security landscape. One of our trainings can still be booked. The workshop titled “Web Hacking Expert: Full-Stack Exploitation Mastery” by Dawid Czagan has been postponed to 28/29 November 2022. It will be an online training. You can take part virtually. Bookings are still possible via our ticket shop.

1111, 2022

DeepSec 2022 Talk: Industrial-Security vs. IT-Security – What Can We Learn From Each Other? – Michael Walser

Sanna/ November 11, 2022/ Conference

In the age of digitalisation, classic IT and industry are moving ever closer together. Devices are being networked and more and more smart devices are flooding the production hall. However, IT security is often disregarded in the process. Every device in the network can be compromised and requires an adapted strategy. Experience from 30 years of IT security gives the industry an orientation – but does not solve its problems. The challenges are often completely different, and the situation often requires completely different approaches. We try an approach and show experiences from the work with our customers and partners and give food for thought on what an IT security strategy for industry can look like and what both worlds can learn from each other. We asked Michael Walser a few more questions about his

Read More

1011, 2022

DeepSec 2022 Talk: Cyber Maturity Doesn’t Just Happen. True Tales Of A Cyber Maturity Concept – Uğur Can Atasoy

Sanna/ November 10, 2022/ Conference

Having a proper(!) security posture is more challenging than ever. Implementing the bare necessities for usability and security is scalable (literally), but the reality is always full of surprises. Dozens of assets, services, tools, requirements, workforce, risks and threats. How to keep the balance between usability, security and reputation while being honest with yourself? Many enterprises suffer from “keywords” and “trends” and have to pretend to be “proactive” by implementing the “latest” trends and approaches instead of solving the problems on “bits” that need “change”. When you look at enterprise-level security incidents, you can quickly notice that they have the latest tools, technologies and services, implemented the “Zero Trust Security” model, achieved base standards and compliance requirements, and hired the experts. Literally, they are prepared for almost all possible risks and threats, but they

Read More