2001, 2017

DeepSec Administrivia for 2017, the Year of the Cyber

René Pfeiffer/ January 20, 2017/ Administrivia, Conference

2017 is in full swing, and it didn’t wait long. December was full of „hacking“ news. It seems digital war(e)fare knows no break. We will address some of the issues in a series of blog articles. Also we have uploaded the DeepSec 2016 videos to Vimeo. Attendees and speaker will get access before we publish the videos for everyone. This is our review in case someone doesn’t like a video or needs to adapt the description. The date for DeepSec will be published soon, along with the date. We look to the fourth quarter of the year, as usual. The Call for Papers will be online in February. If you got some ideas, write them to us. We have plenty of topics to address. The most pressing problem was raised at the 33C3. Go

1206, 2016

DeepINTEL 2016 – Save the Date for Security Intelligence

René Pfeiffer/ June 12, 2016/ Administrivia, Security Intelligence

Analysing threat intelligence hasn’t been more important. We all know that bad things will happen. That’s not the issue to worry about. You should spend some thoughts on why something happens, what methods are involved, and what your adversaries look like on the inside. Defending your assets is much more than using a fence, some doors, and badges for your employees. We would like to welcome you to DeepINTEL to discuss security intelligence in-depth. The DeepINTEL 2016 has been moved. Save the new date; DeepINTEL will take place on 20/21 September. The location hasn’t changed, and good weather has been ordered. Make sure you order your tickets!

1503, 2016

Reminder: DeepINTEL 2016 – Call for Papers – Beat Big Data and Full Take with Brains

René Pfeiffer/ March 15, 2016/ Call for Papers, Conference, Security Intelligence

We already published a Call for Papers for the upcoming DeepINTEL 2016. Here are some thoughts to get your creativity going. Standard solutions and off-the-shelf products to solve your security needs are remains from the 1990s. Everything else has gone smart, and that’s how you have to address security problems in the future. NSA director Admiral Michael Rogers told the audience of the RSA Conference 2016 that the NSA cannot counter the digital attacks it faces on its own. GCHQ, the NSA’s British counterpart, has publicly stated that the £860m budget to counter digital adversaries is not sufficient to defend Britain’s digital assets. Modern digital defence needs a sound foundation of data to base decisions on. You can neither combat a forest fire or an infectious disease by blindly throwing money at it. You

1502, 2016

Go dark with us! Submit a presentation to DeepINTEL 2016!

René Pfeiffer/ February 15, 2016/ Call for Papers, Conference, Security Intelligence

Information security without intelligence is less than half the fun. That’s why we organise the DeepINTEL 2016 conference. The focus is entirely on the intelligence side of security. Given the events in the recent months it’s about time that you get your focus right and turn your radar on. Flying blind will get you into trouble. The DeepINTEL is a single track / two day event that addresses mainly critical infrastructure, state organizations (administrative and law enforcement), accredited CERTs, finance organizations and trusted parties and organizations with a strong relation or partnership to the aforementioned. Due to the sensitive topics and the nature of the participants and speakers we will have a vetting process for participants. We’d like to know our audience, so that we all can talk freely and openly during the event.

1505, 2015

DeepINTEL 2015 – How to deal with (Industrial) Espionage

René Pfeiffer/ May 15, 2015/ Call for Papers, Security Intelligence

The DeepINTEL event in September will have a strong focus on a specific kind of intelligence. We will address the issue of espionage. Given the headlines of the past six months it is clear that companies are subject to spying. There is no need for euphemisms any more. Even with half of the information published on this matter, there is no way to deny it. Since the trading of data is a lucrative business, the issue won’t go away. So if you run a company or an organisation, then you might want to deal with risks and threats before they deal with you. DeepINTEL is focused on security intelligence. Few CISOs and CEOs have a grasp what this really means. It is much more than doing risks analysis or threat assessment. As we have

1405, 2015

Dates for DeepSec, DeepINTEL and BSidesVienna 2015

René Pfeiffer/ May 14, 2015/ Administrivia

We have been quieter than usual. We did a lot of preparations for the upcoming DeepSec events and were busy with research projects. In case you want to update your calendars, here are the dates to look out for. 17 to 20 November 2015 – DeepSec 2015 21 / 22 September 2015 – DeepINTEL 2015 21 November 2015 – BSidesVienna 2015 (still needs to be confirmed due to location) The Call for Papers for the DeepINTEL is open. Please contact us via (encrypted) email. The Calls for Papers for DeepSec and BSidesVienna will open soon.

0102, 2015

Reminder for the DeepINTEL Call for Papers

René Pfeiffer/ February 1, 2015/ Administrivia, Call for Papers

At the opening of DeepSec 2014 we announced the next DeepINTEL to be in Spring 2015. We have now finalised the date. DeepINTEL 2015 will take place on 11 / 12 May 2015, and it will be held in Vienna. The call for papers, already announced at the opening of last year’s DeepSec, is still open. We are looking for your submissions. Since we want to address security intelligence, we like to know everything about threats, risk assessment, metrics that give you an idea what you really see, forensics, and improvements on the way to detect and defend. We are definitely not interested in presentations about the cyber hype. We want to hear about real sabotage, real compromised systems; you know, reality and all that. Please make sure to send your ideas to cfp

3101, 2015

DeepSec 2015 is coming – save the Date!

René Pfeiffer/ January 31, 2015/ Administrivia, Conference, Mission Statement

We are back from our break. We have been busy behind the scenes. The video recordings of DeepSec 2014 have been fully post-processed. The video files are currently on their way to our Vimeo account. The same goes for the many photographs that were taken by our photographer at the conference. We are preparing a selection to publish some impressions from the event. The dates for DeepSec 2015 and DeepINTEL 2015 have been finalised. DeepSec will be on 17 to 20 November 2015. DeepINTEL will be on 11 and 12 May 2015. The Call for Papers for DeepSec will be open soon. You can send your submissions for DeepINTEL by email to us (use either cfp at deepsec dot net or deepsec at deepsec dot net, the latter has a public key for encrypted

2111, 2013

DeepINTEL 2014 – 3rd Security Intelligence Conference – Call for Papers is open!

René Pfeiffer/ November 21, 2013/ Administrivia, Call for Papers, Security Intelligence

Good news everyone, there will be a DeepINTEL conference in 2014, and we are looking for presentations! DeepINTEL 2014 will be held in September at the same location as in 2013. This single track two day event addresses mainly critical infrastructure, state organizations (administrative and law enforcement), accredited CERTs, finance organizations and trusted parties and organizations with a strong relation or partnership to the aforementioned. Due to the sensitive topics and the nature of the participants and speakers we will have a vetting process for participants. We’d like to know our audience, so that we all can talk freely and openly during the event. If you have questions on this, please contact us directly via deepsec@deepsec.net or the contact information given on our web site. Here is the Call for Papers for DeepINTEL 2014:

1209, 2013

DeepINTEL 2013 – Thank you!

René Pfeiffer/ September 12, 2013/ Conference, Security Intelligence

The second DeepINTEL conference ended two days ago. We had great talks and met wonderful people sharing insights and exchanging thoughts about how to cope with information security. Our thanks go to everyone attending DeepINTEL 2013! In case you missed this year’s opportunity, there will be a DeepINTEL 2014 conference. Its date will be announced at DeepSec 2013. If you have content for DeepINTEL 2014, please get in touch with us as soon as possible!

3008, 2013

DeepINTEL Schedule Update: New Talk – “Advanced Security through Network Intelligence”

René Pfeiffer/ August 30, 2013/ Administrivia, Conference, Security Intelligence

Due to personal reasons one of our DeepINTEL speakers had to unfortunately cancel his appearance. Therefore we present a new talk held by Caroline Krohn. The title is “Advanced Security through Network Intelligence”. „Network Intelligence“ is the sum of findings extracted from people’s activities in the internet. Information related to people can be either, restricted and protected by any kind of encryption, or public and available to everybody. Nowadays, it is almost sufficient to collect data from open sources to put together a precise profile on a person of interest. Transparency does not only occur through own postings on so-called social networks, such as Facebook, Xing, LinkedIn, Twitter. Third party mentions and pictures other people post and tag, etc. also help following people’s activities outside the internet. Even the decision not to appear on

1108, 2013

DeepINTEL 2013 – New Talk: “Hackers NG” – Dealing with the Security Skills Shortage

René Pfeiffer/ August 11, 2013/ Conference, Security Intelligence

Cooling temperatures in Vienna bring new talks to DeepINTEL. We are proud to announce a talk by Colin McLean, lecturer in Computing at the University of Abertay Dundee in Scotland. He discussed the problem of finding hackers with security skills (and who probably do not possess the attributes Mr Hayden sees in his own IT staff). The abstract reads as follows: There is a cyber security skills shortage and it’s becoming a world-wide concern with many stakeholders warning of impending doom. Browsing the Internet shows that this concern is not only expressed from the USA, and the UK, but all over the world. Mark Weatherford of the US Department of Homeland Security has stated “The lack of people with cyber security skills requires urgent attention. The DoHS can’t find enough people to hire.”. The

0508, 2013

DeepINTEL 2013 – New Talk „Mutually Assured Pwnage“

René Pfeiffer/ August 5, 2013/ Conference, Security Intelligence

We have added a new talk to the DeepINTEL 2013 schedule. Karin Kosina will talk about „Mutually Assured Pwnage“ and critically explore what Cold War analogies can and cannot teach us about war in the 5th domain. “Cyberwar” has become a thing (never mind that no-one seems to really know what that thing really is). Along with the militarisation of cyberspace – or “the fifth domain of warfare” – there has been a flurry of attempts to draw analogies to other models of conflict. While this is understandable to a certain extent – What worked in the past may work again in the future, right? And let’s not be so cynical here to speak about hammers and things that look like nails… –, it has in many cases only added to the confusion around an already confused

1607, 2013

DeepINTEL 2013 – Preliminary Schedule

René Pfeiffer/ July 16, 2013/ Conference, Schedule, Security Intelligence

The preliminary schedule of the DeepINTEL conference is ready! We have selected the presentations carefully and tried to address in-depth threats to (y)our infrastructure and (y)our data. Here are the abstracts of the talks (in alphabetical order, according to the speakers name), that we are allowed to publish publicly: Compliance and Transparency of Cloud Features against Security Standards (Yury Chemerkin) Nowadays cloud vendors provide a solid integration, virtualization and optimization in many fields (for example medical, business, and education) for online services. Such services operate with sensitive data which attracts attackers. There are quite different security controls and metrics for every Cloud service provider. It is generally known that several industrial organizations are focused on keeping an appropriate security level by offering solutions to improve the transparency of Cloud security controls among different vendors.

0507, 2013

„Cyber Cyber Cyber“ revisited – Information Warfare

René Pfeiffer/ July 5, 2013/ Discussion, Security

So far we haven’t commented on the ongoing season of the Game of Spooks miniseries. We wait for the break after the last episode – provided there is one. However we have written about information warfare and espionage in this blog. Enter secrets. During DeepSec 2012 the concept of „cyber war“ was heavily explored. Eventually it led to the phrase „cyber cyber cyber“ due to the sheer popularity of this very word. „Cyber“ and „war“ hide the fact that information is the prime good that is being accessed or copied and put to a fresh use¹. Take a look at the published articles in the past weeks to see misplaced information at work. A couple of misplaced presentation slides can cause more uproar than a data leak of medical records of a nation –

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: