0909, 2014

DeepSec 2014 Talk: MLD Considered Harmful – Breaking Another IPv6 Subprotocol

René Pfeiffer/ September 9, 2014/ Conference, Internet

In case you haven’t noticed, the Internet is getting crowded. Next to having billions of people online, their devices are starting to follow. Information security experts can’t wait to see this happen. The future relies on the Internet Protocol Version 6 (IPv6). IPv6 features a lot of improvements over IPv4. Since you cannot get complex stuff right at the first time, IPv6 brings some security implications with it. Past and present conferences have talked about this. DeepSec 2014 is no exception. Enno Rey of ERNW will talk about Multicast Listener Discovery (MLD) in his presentation. The presentation is the first time that the results of an ongoing research of MLD are published. MLD is a protocol belonging to the IPv6 family, and sadly it features insecurities. MLD (Multicast Listener Discovery), and its successor, MLDv2,

Read More

0809, 2014

DeepSec 2014 Keynote: The Measured CSO

René Pfeiffer/ September 8, 2014/ Conference

It’s good if your organisation has someone to take on information security. However it’s bad if you are the person in this position. Few are lucky enough to actually deal with improving information security. And some are caught in compliance fighting an uphill struggle against regulations and audits that have nothing to do with the threats to your business. The management of Information Security has become over-regulated and to some degree, over-focused on compliance to policy/regulation, architectural decisions, network access, and vulnerability management. As a result, many CISOs struggle to define success in terms that match the goals of their business, and struggle to make their risk management efforts relevant to senior executives. How do you achieve that? Alex Hutton will tell you in his keynote talk at DeepSec 2014. His goal is for

Read More

0509, 2014

EuroTrashSecurity Podcast – Microtrash37 : DeepSec 2014 Content

René Pfeiffer/ September 5, 2014/ Conference

Microtrash37 of the EuroTrashSecurity podcast is out! We had a little talk with Chris about the schedule of DeepSec 2014 and what to expect. It’s a teaser for the blog articles about the talks and the trainings to come. We will describe more details on the blog, but you get a good overview what to expect from the audio. We also got some inside information on the upcoming BSidesVienna 0x7DE. We will definitely attend and so should you! The BSidesVienna has some cool surprises for you. Don’t miss out on the chance to get together. The Call for Papers is still open! If you have something to share, please consider submitting a talk.

2708, 2014

Preliminary Schedule of DeepSec 2014 published

René Pfeiffer/ August 27, 2014/ Administrivia, Conference

After weeks of hard work we have now the preliminary schedule of DeepSec 2014 online! We received over hundred submissions, and we had to navigate through a lot of publications, abstracts and references. We hope that you like the mixture of topics. We especially hope that you will find the offered trainings interesting. We still wait for content and corrections, so bear with us while the schedule takes its final form. Contrary to the past years we had a lot more to do in terms of completing information about submitted talks and trainings. We will tell you more about this in the upcoming blog articles (which we will announce on our Twitter account, so you don’t miss anything). Looking forward to see you in Vienna in November!

0108, 2014

Reviewing all your Submissions for DeepSec 2014

René Pfeiffer/ August 1, 2014/ Administrivia, Conference

The Call for Papers of DeepSec 2014 officially ended yesterday. We are currently reviewing all your submissions and will publish the preliminary schedule in the course of the next two weeks. As always, you did a very good job of finding things to break and to exploit. Our choice what to include in the schedule will be pretty hard! For those who still have bright ideas and no time to submit, please send us your abstracts as soon as possible! We will consider everything submitted so far first, but we will take your proposals into account. You just need to tell us.

1806, 2014

Ticket Registration is open

René Pfeiffer/ June 18, 2014/ Administrivia, Conference

The ticket registration for DeepSec 2014 „The Octave“ is open. You can either use the embedded version on the DeepSec web site or go directly to the ticketing site. The tickets are now available for the early bird tariff. Make sure you get your tickets as soon as possible. The later tariffs are more expensive. The current Call for Papers for DeepSec 2014 (and DeepINTEL 2015) is open, and we are looking for talks applying the power of knowledge to information security. Would you like to know more?

1501, 2014

DeepSec 2013 Video: spin – Static Instrumentation For Binary Reverse-Engineering

René Pfeiffer/ January 15, 2014/ Conference

Reverse engineering is a fundamental tool of information security research. The news coverage of the past year have given black boxes a bad name. David Guillen Fandos introduces methods for binary reverse-engineering in his presentation at DeepSec 2013. Binary instrumentation is used for performance evaluation, CPU emulation, tracing, and profiling. It can also be used for malware and threat analysis. David’s tool called spin is able to characterize and identify security-critical functions by applying conditions. If you are into reverse engineering or simply are curious, take a look at the video from his talk:

1401, 2014

DeepSec 2013 Video – Relax Everybody: HTML5 Is Securer Than You Think

René Pfeiffer/ January 14, 2014/ Conference

A lot of tags have been created since the 1980s when the foundation of the modern World Wide Web was born. HTML5 is being deployed on servers around the world. Just like the many 802.11xyz wireless standards it is being used before the stable standard has been released by the W3C. Moving targets attract all kinds of developers and information security enthusiasts. This is why we invited Sebastian Lekies of SAP to hold a presentation about HTML5. He systematically explores security relevant HTML5 APIs and summarises what web developers need to know when designing, implementing and deploying web applications. We will see at DeepSec 2014 if HTML5-based sites will be still featured in talks. ☺

1301, 2014

DeepSec 2013 Video: Psychology of Security – a Research Programme

René Pfeiffer/ January 13, 2014/ Conference

The DeepSec 2013 keynote presentation featured the cultural background of China in order to better understand the news about impending „cyber doom“. The past year has shown that you need a lot more than hands-on information security if you want to make sense of incidents. Next to history and culture there is psychology. In his talk at DeepSec 2013 Stefan Schumacher make a good case for combining psychology and the scientific approach with topics of information security. Watch his talk online!

3112, 2013

DeepSec wishes you a Happy New Year 2014!

René Pfeiffer/ December 31, 2013/ Misc

The DeepSec team wishes you a Happy New Year 2014! We hope that you will put your ideas for the coming 12 months into reality. We have some New Year’s resolutions as well, and we hope to implement them in the months to come. Supporting rookie security researchers and fostering the scientific approach to, well, research in information security. If you call yourself a researcher, then you should employ scientific methods. It’s simple, and we will explain in ample depth what this is all about. Don’t party too hard! 😉 There’s work to be done.

2012, 2013

DeepSec 2013 Keynote – “Cultural Learning Of China To Make Benefit Glorious Profession Of Infosec”

René Pfeiffer/ December 20, 2013/ Conference

Our video team gave us an early Christmas present, fresh from the rendering farm. The keynote of DeepSec 2013 by Wim Remes is already online. His keynote talk puts information security into a broader context. More often than not blaming China seems to be an easy way to “explain” digital attacks or to silence legitimate questions. Wim explores the cultural side and history in order to improve what we know about the context. Since the Internet is a global network information security experts need to broaden their horizon. For every complex problem there is an answer that is clear, simple, and wrong. Attacks, persistent or not, can become complex, and dealing with the attribution problem is definitely no easy task. We heard about it at past DeepSec conferences. So enjoy Wim’s talk, have some

Read More

0511, 2013

No more Early Birds! No Regular! Get your DeepSec 2013 tickets now!

René Pfeiffer/ November 5, 2013/ Administrivia, Conference

If you like to attend DeepSec 2013, here’s your last chance. Space is getting crowded and the ticket sale enters the last minute tariff! For everyone interested in booking tickets for the workshops, now is the time! Don’t wait for others to fill your seat. You have been warned. In case you are still deciding, as always DeepSec will feature 0talks with tricks, code, vulnerabilities not seen before in public. Give yourself a premature Christmas treat, enjoy the conference, and leave for home with a dozen of 1337 presents information-wise. Totally beats the stuff Santa and the elves will bring you weeks later. We are looking forward to see you all at DeepSec 2013!

0507, 2013

„Cyber Cyber Cyber“ revisited – Information Warfare

René Pfeiffer/ July 5, 2013/ Discussion, Security

So far we haven’t commented on the ongoing season of the Game of Spooks miniseries. We wait for the break after the last episode – provided there is one. However we have written about information warfare and espionage in this blog. Enter secrets. During DeepSec 2012 the concept of „cyber war“ was heavily explored. Eventually it led to the phrase „cyber cyber cyber“ due to the sheer popularity of this very word. „Cyber“ and „war“ hide the fact that information is the prime good that is being accessed or copied and put to a fresh use¹. Take a look at the published articles in the past weeks to see misplaced information at work. A couple of misplaced presentation slides can cause more uproar than a data leak of  medical records of a nation –

Read More

2205, 2013

We proudly present our 2012 DeepSec T-Shirts

Sanna/ May 22, 2013/ Administrivia

Finally! Our 2012 Deep Sec T’s have arrived – Yes, and they rock!     If you want a T-Shirt please write an e-mail to deepsec@deepsec.net including your size and your postal address so we can send it to you! Sizes available: M, L, XL Price: 25€ (VAT excluded) + shipping costs Payment: Prepay, either via Paypal or bank transfer If you have a VAT number please let us know, and we will include it in your invoice. Invoice will be sent with the T-Shirt. P.S.: There will be a 2011 T-Shirt Edition too –  We’ll keep you posted 🙂 Your DeepSec Crew.