Dear DeepSec speakers this goes out to you: It’s our pleasure to inform you that we will publish a book as proceedings about past and present DeepSec topics. A summary, a factual overview on what’s been going on at our annual event, from 2008 – 2012, a collection of the most compelling talks and captivating topics we’ve featured at our conference so far. To make this book a bummer we need your help. We want you to send us the abstracts of the talk you held at DeepSec – and we ask you to open up your topic once again. What’s been going on in the very special field you held your talk about? Have there been some new developments? Is your talk still up to date or does it seem kind of antiquated
Hello to all you late birds! The Call for Papers for DeepSec 2013 is still open! We are eagerly waiting for your workshops and talks! Don’t tell us that the world has become a safe place and there’s nothing out there that can’t be broken or is broken by design – We won’t believe you. In case you have forgotten, the motto for DeepSec 2013 is „Secrets, Failures, and Visions!“. We came up with this idea in December 2012, long before the headlines of this month. Everyone has secrets to protect. Failures are more common than you might think. Visions is what we need in the future to tackle the problems of today. All of these concepts touch the topics usually discussed at (IT) security conferences. It doesn’t matter if you have to deal
MiKa and me have been chatting with Finux for his latest recording of the Finux Tech Weekly #25 (mp3/ogg download). We talked about the next DeepSec conference and our special U21 initiative for young security researchers. We like to support young researchers (under the age of 21, hence U21) and enable them to present their works and results in an appropriate manner. Listen to the podcast to hear about our motivations! Oh, and don’t forget, the Call for Papers for DeepSec 2013 is still running! Send us your submissions! We’re looking forward to it 🙂
While our Call for Papers for DeepSec 2013 and DeepINTEL is still open, we have a Call for Articles for all our past speakers ready. It’s our pleasure to inform you that we will publish a book with proceedings about past and present DeepSec topics. It will be a summary, a factual overview on what’s been going on at our annual event, from 2007 – 2012, a collection of the most compelling talks and captivating topics we’ve featured at our conference so far. To make this book a bummer we need your help. We want you to send us the abstracts of the talk you held at DeepSec – and we ask you to open up your topic once again. What’s been going on in the very special field you held your talk about?
DeepSec 2013 “Seven Seas” – Call for Papers Dear Researchers, Hackers, Developers, dear Members of the IT-Security Community: This is our call for papers for DeepSec 2013, the seventh DeepSec In-Depth Security Conference. Our annual event will take place from November 19th to 22th at the Imperial Riding School Renaissance Hotel in Vienna. It consists of two days of workshops followed by a two day long conference. Our speakers and trainers traditionally come from the security community, companies, hacker spaces, journalism and academic organisations, talking about different topics and aspects of IT-Security: current threats and vulnerabilities, social engineering and psychological aspects as well as security management and philosophy. Content For DeepSec 2013 we’re not looking for talks about the latest trending technologies, gadgets and behaviours, no, DeepSec 2013 is all about secrets, failures and
DeepSec 2013 – Secrets, Failures & Visions – Call for Papers We are preparing the call for papers for DeepSec 2013, and we are trying to shift your mindset. We could easily come up with a list of trending technologies, gadgets and behaviours that will have an impact on information security. Instead we are looking for presentations and workshops dealing with secrets, failures and visions. This gives us another perspective and hopefully more to think about. Secrets Every person, every group, every enterprise and every government has them. Secrets are the very reason why information security uses encryption, access control, even doors and locks (physical and otherwise). You wouldn’t need all of this if it weren’t for safeguarding the secrets. Failures Sometimes things go wrong. Often not only by malicious action, but also by
This is a gentle reminder that the Call for Papers for Security BSides London still runs until January 5th 2013. If you got some extra time during the boring Christmas days or right after New Year’s Eve, then you should submit. Show us how you break or fix something! And if you have never presented before, you should definitely take a look at the Rookie Track. BSides London actively supports speakers with little or no experience on stage. Submit a talk, get a mentor, prepare and tell us what you have found! See you in London!
This is an old saying and like most old sayings it bears some truth: the first one to notice an opportunity does indeed have an advantage. But I don’t want to philosophize about “ancient wisdom” or something the like but I want to address a quite up-to-date topic: 0-day prevention, early warning systems, heuristic detection and how fast you have to be to catch worms and 0-day exploits. A lot of security vendors and open source security projects provide a very fast response to emerging threats. New worms and malware are detected quickly after appearance in the wild and signature patterns are updated a couple of times daily. So you should be safe. Really? How much of your resources would you spend on 0-day prevention and how effective is it? We have learned from
Preliminary schedule soon (CFP is still open) DeepINTEL will be a conference about security intelligence on September 3rd and 4th 2012 in the heart of Europe. We have prepared this project for a long time and we were monitoring the security intelligence landscape for quite a while. During the last year we had many chances to discuss different approaches and talk to many people involved in security intelligence, either on the provider, research or customer side. Our vision is now clear and here are some details which might have been covered here and here or which might be new: Our understanding of security intelligence We know quite well that security intelligence isn’t defined very clearly. Methods and tools differ as wildly as expectations and goals do. We find almost as many approaches as we
We admit. We could not resist. Bazinga! Writing articles to be published on 1 April is fun, and you probably should not read any news on this day (or blog articles or anything, don’t even talk to people until 2 April). If you consider the disinformation practised on All Fools’ Day and connect it to security the fun stops. You rely on information and its accuracy to counter threats. So in turn disinformation can be regarded as a hacker tool. Social engineering people probably know this already. Since our CfPs for DeepINTEL and DeepSec 2012 are open: If you explore disinformation as a hacker tool and can show its impact on the security routine of potential targets/defenders, why not turn your findings into a presentation and send it to us? We want to know
We already gave some hints on our security intelligence event we are planning for end of Summer. We now have a date and a venue: DeepINTEL will be held on September 3rd and 4th near Salzburg in Austria. This single track two day event addresses mainly critical infrastructure, state organizations (administrative and law enforcement), accredited CERTs, finance organizations and trusted parties and organizations with a strong relation or partnership to the aforementioned. Due to the sensitive topics and the nature of the participants and speakers we will have a vetting process for participants. We’d like to know our audience, so that we all can talk freely and openly during the event. If you have questions on this, please contact us directly via firstname.lastname@example.org or the contact information given on our web site. Here is
The Finux Tech Weekly episode containing an interview with MiKa and me beats our announcement of the Call for Papers by 4 hours, but here’s the text. Enjoy! DeepSec 2012 “Sector 6” – Call for Papers We are looking for talks and trainings for the DeepSec In-Depth Security Conference 2012 (“Sector 6”). We invite researchers, developers, auditors and everyone else dealing with information security to submit their work. We offer slots for talks and workshops, and we encourage everyone working on projects to present their results and findings. Please visit our updated website for more details about the venue, the schedule and information about our past conferences: https://deepsec.net/ The DeepSec offers a mix of different topics and aspects like current threats and vulnerabilities, social engineering and psychological aspects as well as security management and
We’ve been busy attending the 1. Sicherheitspolitische Aufbauakademie des Bundesverbandes Sicherheitspolitik an Hochschulen in the past days, so we will not comment the submission for DeepSec 2011 immediately. Gathering from the summaries and descriptions so far we are every impressed. DeepSec 2011 will feature some serious talks and new content. Thanks for taking your time and considering to hold a talk at our conference! We will need some time to sort through all submissions and rank them. We may come back to you for questions, but you will get a notice on the state of your submission as soon as possible. Stay tuned! In case you want to submit a talk late, please drop it into our mailbox or use the Call for Papers manager. You will be ranked after the submission that we
Come on, get your submissions in order and send them to us! The past weeks were full of vulnerabilities, exploits in action and illustrated security very well. Let’s recall what we are looking for. Mobile computing and communications (the protocols and the gadgets) IPv6 (again protocols and the gadgets) Security management and IT governance (a.k.a. “The Big Picture”) Cloud computing and virtualisation (a.k.a. infrastructure 2.0) Security intelligence (few have it) Psychological aspect of security (social engineering, usable security, …) Topics that have a high impact on IT security (or your/our life in general) Design flaws (“defective by design”, the bugs are out there…) We’re looking for workshops, talks and submissions from young talents (U21). Updates and reviews are welcome provided they are still a threat (the web never gets boring for example). New uses
In case you have not yet prepared a submission for DeepSec 2011, please consider to do so. The deadline is approaching! We have already received submissions, but we have a hard time believing that everything is secure out there. That can’t be, you know it, and we know it. Submit your in-depths talks and workshops, give our programme committee some work to do, and maybe we can even have some in-depth lulz, who knows. Speaking of security and design flaws, don’t forget the ubiquitous web interfaces. Everyone and everything has a web interface – your bank, your government, your routers, your servers, your average smart meter (measuring electricity/water/gas consumption), your printers, your household appliances, your TV set, your video/audio player and possibly a lot of devices you are unaware of. Of course, feel free