Focusing on the Insecurity of Things and infrastructure Vienna (pts014 / 21.08.2018 / 09:25) – This year’s DeepSec In-Depth Security Conference will focus on the topic of Insecurity of Things (IoT) and components of everyday infrastructure. The ever-advancing networking opens up completely new ways for attackers – faster than developers and manufacturers can fix bugs. Instead of using secure design for products and code, machine learning and artificial intelligence are integrated – unfortunately, implemented using convenient statistics and the algorithm of the week from the daily menu of the development kit. The presentations at the DeepSec conference will therefore put the alleged technologies of the future to the test. Mobile networks, the Internet of Things, collaboration platforms in the cloud, customer relationship management systems and the human factor are in the cross-hairs. Smart is
The preliminary schedule for DeepSec 2018 has been published. It took us some time to select and review all submissions. We cracked the 100 submissions mark, thus we are pleased that you made it very difficult for us this year. The number of slots for presentations and workshops has been constant. The number of content being submitted is steadily growing. So we hope we did a good job and that you find a pleasant mixture of topics (as pleasant as information security can get). All speakers have been informed. There may be some changes to the schedule which we will announce on our blog. The abstracts of every presentation and workshop will be discussed in-depth here on the blog as well. We have asked the trainers and speakers some questions. As soon as we
The DeepINTEL 2018 has been moved in time, not in space. DeepINTEL 2018 will take place on 28 November 2018. The day is the second day of trainings at DeepSec. DeepINTEL will be in parallel, and it will be for one day instead of the original two days. We had to moved because of organisational constraints. By moving DeepINTEL we hope to create a better placement for the security intelligence platform. In addition the DeepINTEL Call for Papers is easier, allowing trainers and speakers at DeepSec to contribute to the aspect of DeepINTEL with specific content. In case you have some content for us: he focus for 2018 are stealthy and persistent attacks. This is the classic espionage attack vector, only with modern means. Ubiquitous networking, complex trust-relationships, and the increased flow of information
We are doing a little relocation of computing infrastructure today. Between 2000 and 2200 CEST we will shift the computing node to a new location. Most content is still being delivered by the reverse proxy, but you may encounter errors for the call for papers manager. For those of you who got a 5xx HTTP status code when submitting a workshop or a talk, we hope that the new infrastructure will solve this problem.
ROOTS 2018 The second Reversing and Offensive-Oriented Trends Symposium (ROOTS) 2017 opens its call for papers. ROOTS is the first European symposium of its kind. ROOTS aims to provide an industry-friendly academic platform to discuss trends in exploitation, reversing, offensive techniques, and effective protections. Submissions should provide novel attack forms, describe novel reversing techniques or effective deployable defences. Submissions can also provide a comprehensive overview of the state-of-the-art, and pinpoint promising areas that have not received appropriate attention in the past. To facilitate interaction with industry, the ROOTS ticket will be valid for all DeepSec conference tracks on both days, including the industry tracks, and the DeepSec conference tickets for the industry track will be valid for ROOTS. The usual rules for academic discounts apply. Please contact the DeepSec staff or our sponsors for
We are proud to support the Rookie Track at BSidesLondon in 2018 again. This means that one of us will be present at the Rookie Track and that the winner will get to attend DeepSec in November. It’s hard to get a start, so we like to help the rookies with that. We also like to encourage everyone to share ideas, thoughts, code, and insights either at the Rookie Track or on the main stage. If you have never presented before, get a mentor and work on your presentation. Don’t be afraid. We like to hear your thoughts on infosec and related topics. The same is true for our U21 presentation slot. We encourage young researchers to submit a presentation to DeepSec. We also offer mentoring and help you to get your content on
While everyone was busy with the holidays, Meltdown and Spectre, we did some updates behind the scenes. DeepSec 2018 will be held from 27 to 30 November 2018. We tried not to collide with Thanksgiving, so that you can come to Vienna after being with your family. As always, the first two days will be the trainings followed by two days of conference. DeepINTEL 2018 will be on 17 / 18 September 2018. We have a topical focus for both events and will present each of them in a separate article. There still some details to work out. Wordsmithing and administrivia are the equivalence of dependencies and patches in software development – necessary, but they take time. It’s worth it, you will see for yourself. We have a special message for anyone who intends
We have some news for you. Everyone attending DeepSec 2017 will get a cinematic finish on the last day of the conference. We will be showing The Maze by Friedrich Moser. For all who don’t know Friedrich’s works: He is the director of A Good American which was screened at DeepSec 2015. The Maze is a documentary covering terrorism, counter-terrorism, surveillance, business, and politics. So it’s basically information security in a nutshell. Right after the closing of DeepSec you can enjoy The Maze – with popcorn and hopefully everyone who is attending DeepSec. We have seen the documentary before, and we highly recommend it! The Maze from Friedrich Moser on Vimeo.
As you might have noticed, the DeepSec schedule is not complete yet. Furthermore the ROOTS schedule is not published at all. The reason for this are the still pending reviews. The major part concerns ROOTS. ROOTS is an academic workshop where academic publications are presented. There has been some confusion about the term workshop. In the context of ROOTS this means presentations. This is why we have replaced the word workshops on the DeepSec web site and in (hopefully) all texts with the word training. Trainings are the two-day, well, trainings in advance of the DeepSec conference days. ROOTS features presentations, also called workshops in ROOTS-context, as does the DeepSec conference (on the conference days). So we have trainings (the two-day training courses; one, the ARM exploit laboratory is for three days, be careful)
We have received some question on how to attend the presentations of the 1st Reversing and Offensive-oriented Trends Symposium (ROOTS) 2017. It’s very easy. ROOTS is co-hosted with DeepSec 2017. This means if you attend DeepSec, you also attend ROOTS. In turn attending ROOTS gives you also access to the DeepSec conference. So you only need one ticket to access both events. Bear in mind that our sponsors can give you discount codes for buying tickets. In addition we have a special programme for academics to give you the academic discount for the tickets. Don’t forget: Buying early means saving money! The early bird tariff is still valid until 25 September 2017. After that the ticket price increases. Do us and yourself a favour and book as early as possible. Thank you! See you
After two weeks of intense reviewing we have published the preliminary schedule for DeepSec 2017. There are some blanks to fill, but this will be done in the coming weeks. We still have to do some reviews and wait for the speaker’s confirmation. In case you noticed, the ROOTS track is not filled yet. The call for papers was extended to 26 August. This means the ROOTS schedule will be published at the end of September. We have to give the programme committee ample time to review all submissions. So if you want to present your research at ROOTS 2017, please ready your submission. Science first!
We have updated the schedule for DeepINTEL 2017. The human mind and power grids are both critical infrastructure. Both can be manipulated and switched off, arguably. And most of us use both every day. So this is why we added two more presentations to the schedule. Stefan Schumacher of the Magdeburg Institute for Security Research talks about Manipulating Human Memory for Fun and Profit. Since memory is crucial for forensics, you should spent some thoughts on this matter. Your brain doesn’t cope well with cryptographically signed timestamps or hashes. Since you need to understand all aspects of the environment, the human psychology is part of every „cyber“ strategy – before and after incidents. Mathias Dalheimer’s presentation is titled The Power Grid is vulnerable – and it’s really hard to fix this. Anyone familiar with physics
Unfortunately, you can not rely on antivirus programs when it comes to the security of your own business. Antivirus programs do not read newspapers, they do not attend lectures, they don’t protect you from social engineering or know the meaning of Facebook friends or Twitter tweets. False friends, indeed. The continuous monitoring and evaluation of threats is the next step in information security. This aspect has always been an important part of digital defense. Today’s discussion often centers around the term Security Intelligence, which unites different approaches. The DeepINTEL is Austria’s first event, which, since 2012, has been taking up this topic – in all its facets, because modern information security is interdisciplinary. Lectures by experts from various fields of science, defence and industry: At DeepINTEL you have the opportunity to strategically rethink your
Quantum computing is a fashionable term these days. Some IT news articles are talking about post-quantum cryptography, qbits, and more quantum stuff. If you don’t know how the terms relate to each other, what entangled states in quantum physics are, and what everything has to do with computing, then you will have a hard time figuring out what it means for you and your infrastructure. The relationship to cryptography is yet another matter best explored after you know the basics. Using quantum effects in computing and cryptography is already done. The best example are some hardware random generators which use properties of, well, the hardware to harvest entropy. And then there is quantum key distribution (QKD). It is a method to ensure secure communication between two or more nodes. Vienna even had a working
Testing products, production code, security measures, or the overall security of infrastructure is hard work. The typical needs in term of information technology for a company or an organisation has become a variety of components that need to be maintained and hardened against attacks. The devil is in the details. In order to find critical weaknesses you need decades of experience, a thorough understanding of the technologies in use, in-depth knowledge of processes that touch information technology, and a decent portion of creativity to come up with ways around obstacles. SEC Consult, our long-time sponsor, has all of this – and more. They publish their findings and offer consulting for anyone needing extra security. Take a look at the House of Keys project, the IoT Inspector, or gaping holes in digital forensics software that