We have been radio-silent throughout the December, because post-processing DeepSec and DeepINTEL 2023 took longer than usual. For everyone doing system maintenance, the month of December is also a wonderful opportunity to do some work behind the scenes. Thanks to the security bulletin about SMTP smuggling, there were some additional workarounds that needed attention. There will be another pause until we announce the next call for papers in February 2024. We have not yet decided on the focus. If you have some ideas, let us know. Enjoy the quiet days, and have a good transition into the new year 2024!
Our traditional Winter break has been a bit longer than anticipated. We are working on the call for papers for DeepSec and DeepINTEL 2023 (14 to 17 November 2023). The location has not changed, so we can focus on the content of the conferences. This is a good time to check if you are on our call for papers mailing list. If you like our regular reminders and updates, please subscribe or tell us what email address we should add. Speaking of communication, the sabotage of Twitter continues. Today the APIs for posting content are limited to paid subscribers. This deliberately stops cross-posting content to Twitter from other sources. It affects updates from our blogs and updates via mobile phones, because we never used the official Twitter app (and will not in the future).
If you are a regular visitor of our conference or our blog, then you probably know about the different phases of our schedule. We are now in the preliminary stage. Reviews are still being done, and we sort out questions to and answer from our speakers. You may have noticed the free slots. These are still under review. Hopefully, we will have everything sorted out in the course of the next weeks. DeepSec has some internal rules for reviewing presentation submissions. We usually do not accept persons of the same organisation, so that one organisation can have one presentation in the programme. This makes the reviews hard, because you always send us top quality material. We could easily conduct two or three conferences instead of one. For 2022, we have accepted multiple speakers from
The last week was very exciting, Organising DeepSec and DeepINTEL 2021 right in the middle of changing regulation and travel restrictions was not easy. Both events were in in hybrid form with health protection measures. The pandemic has raised a lot of questions on how scientific research impacts government, politics, and society. One of our main concerns is to put scientific methods back into information security. While nobody dies or contracts a disease when information security fails, there are parallels between warnings of experts and the lack of adequate means to protect the population. We have some dates for your calendar. Please make a note and set your alarm for our events next year: DeepSec IT & Law Convention – 26 April 2022 DeepSec 2022 Trainings – 15/16 November 2022 DeepSec 2022 Conference –
DeepSec 2021 Talk: Analyzing Radicalization on the Internet – Method and Results of the COMRAD-Project – Dr. Andreas Enzminger & Dr. Jürgen Grimm
Incitement, radicalization, and terror are the buzzwords that currently concern us the most. Right-wing and left-wing extremist groups or religious fundamentalists act as fire accelerators for extremist tendencies, even leading to the use of political violence. In this way, they can also endanger the value-based foundations of democracy in the medium and long term. Although much discussed, the role of the media, especially social media, in radicalization within society remains conceptually and empirically unclear. While there are several case analyses based on violent events, systematic studies have yet to be conducted. To fill this gap, the COMRAD project is dedicated to researching radicalization tendencies in cyberspace, focusing on psychosocial, ideological, and communicative conditioning factors. The focus is on the “open space” of politically left-wing, right-wing, or Islamic Facebook groups, in which recruitment strategies and
Breaking News: DeepSec preliminary Schedule available, some Reviews still continue, all Hardware & Software is still not completely safe to use
We confess. Our review cycle was interrupted by a week of holiday. Our team takes turns before the fourth wave breaks. We will keep watching the regulations for travel and our conference hotel. This being said, the schedule for DeepSec 2021 is ready and is published on our web site. 🥳 The contributions from our speakers and trainers look very promising. We tried to select the submissions according to a mix of technical details, academic research, ways to improve your defence, and details of attack techniques which might be deployed against your organisation. The trainings cover a wide range of topics from attacks on modern desktops app, fallacies of mobile networks, penetration testing of industrial control systems, breaking single sign-on systems, and dealing with threats and defence. We hope to offer you in-depth knowledge
In the past months we kept blogging about various issues in information security and news regarding our event in November. The Summer months are hard on the process of following news with articles. A lot of things happen, and software still has security-relevant bugs. It’s just that fewer people (than usual) care. We care, and therefore we will complete the reviews of your submissions. The preliminary schedule will be published soon. Thanks for taking your time! We appreciate your contributions. You have made the reviews very hard, as every year. 😉 If you still have some ideas, feel free to submit them!
Press Release: Low-tech Attacks. Critical Infrastructure poorly secured – Attacks against Colonial Pipeline used Standard Access Tools
In May, the operator of the US Colonial Pipeline was the victim of a ransomware attack. After such reports, calls for better security and additional measures are always loud. In fact, analyzes of these attacks often reveal deficiencies in basic security. Often it is not even necessary to use complicated and sophisticated tools to attack critical infrastructure. Attackers like to use standard tools that are available everywhere so as not to attract attention. The lack of basic security makes it possible. Custom camouflage When defending your own systems and networks, it is necessary to know exactly what the infrastructure is like. Organized groups that attack companies research exactly what is being used at the target before the attack. According to this planning phase, only tools are used that are plausible to the victim and
We dug through the submissions and selected trainings for the preliminary schedule. It’s just the trainings, and the intention is to give you some information for planning the rest of the year. We intend the trainings to be on site at the conference hotel. We will also explore ways to offer a virtual training or to attend the course virtually. The topics range from attacking modern desktop applications, in-depth network security (mobile networks and traffic analysis), penetration testing industrial control systems over to how to break and secure single-sign on systems. The entire collection of content aims to educate your IT department and your development team regarding the current state of affairs in companies with employees connected in home office. All technologies and tools are vital parts of the workplace. We included attacking industrial
DeepSec 2021: A lack of software security paralyzes the economy in times of crisis – visit DeepSec 2021 to train your developers
In every crisis, one’s own infrastructure and logistics are put to serious tests. The COVID-19 pandemic illustrates this particularly drastically through the many structural failures in the past 12 months. They try to solve biological problems with smartphones, favor dead-end technologies such as blockchain, discover the lack of network expansion in recent decades and then panic and publish software applications that are only subjected to serious tests after they have been published. All these quick fixes are snapshots of a lack of sustainability. But the economy is dependent on stable solutions based on many years of experience, especially now. In November 2021, the DeepSec conference would like to give support to everyone who works with software through trainings and the transfer of experience from security researchers. Code rules the World The word digitization is
Planning events is still challenging. The COVID-19 pandemic celebrated its first birthday. Despite efforts not to have the second birthday of the pandemic, the ever changing regulations and statues updates regarding the infections make preparations for conferences very hard. We know you want to plan as well, therefore we have an update for you. DeepSec, ROOTS, and DeepINTEL will happen on-site here in Vienna. We closely coordinate with our conference hotel. Their staff is eager to reopen. Everything depends on the rate of vaccination and the regulations issued by the European and Austrian authorities. There is not much we can influence. Given our health protection measure we worked out last year, we are well prepared to handle everything short of a total lockdown. We don’t do any forecasts at the moment. The next months
DeepSec 2021 is looking for your ideas, solutions, incident reports, insights, and expertise. The call for papers is open. You can submit your contribution via our call for papers manager online. If you have questions or want to submit additional material, please use the online form and send an email to us. DeepSec has always presented a mix of attack and defence presentations. The motto for 2021 connects both approaches. Studying how adversaries work, what tools they employ, how they plan their attack, and what they do once they get access is vital to your defence. IT infrastructure has grown over the years. Defence has a lot to take care of. If you have any ideas how to help the defenders, please let us know. Topics covering attacks should always contain some advice on
Usually we are radio silent during December and the beginning of January. This is due to some well-deserved rest, infrastructure updates (we run a lot ourselves), content creation (in our own projects), and the general Christmas holidays. The COVID-19 lock-down made it different to tell if there are holidays or not. Every day looks mostly like yesterday. We would like to change this. So please keep the following dates in your mind and in your calendar: DeepSec 2021 Trainings – 16 / 17 November 2021 DeepSec 2021 Conference – 18 / 19 November 2021 (including ROOTS & ACOD) DeepINTEL 2021 Conference – 18 November 2021 The Call for Papers will open soon and will be published here in our blog (along with push messages to Twitter and Xing). If you are interested in getting
The fully virtual DeepSec conference was very different from the usual configuration and setting. While we learned a lot over the years, there is one constant: What’s the difference between hardware and software? Well, hardware can be kicked. There is always one converter, one computer, one network devices, one USB device, or something else that doesn’t quite fit into the ensemble. Then there are the many desktop oddities and multimedia formats. So we had to do some damage control during the first day of streaming (having damage control teams and replacement parts ready is not just for ships). Networking did its own magic by introducing delays between the speaker’s feed and the live stream. Fortunately the stream connections held, and we had no losses in terms of connectivity. Mission control at the office used
Summer is always a bad time for getting things done. Usually people are on holiday, sweat, relax, or travel for recreation. Things are different due to the Covid-19 precautions. Unfortunately our Call for Papers ends on 31 July 2020. This means we have to remind you about the deadline. We plan to publish the schedule in mid-August, so we don’t have much choice to ask you again for research results, insights, incidents, weaknesses, helpful hints for defence, and more.. Tell us about your research. Keep our reviewers busy! We have some additional information. We added a mailing list system to our infrastructure. The server is run by our event partners, the Crowes. So you can get news by raven, not only figuratively. The mailing lists we created are a tool to keep you informed.