Translated Press Release: Bug Bounty Programs – Vulnerabilities as a worthwhile Investment

René Pfeiffer/ September 12, 2018/ Conference, Press

DeepSec Conference offers trainings for security researchers Vienna (pts010 / 04.09.2018 / 08:30) – This year, in addition to lectures about the failing of security measures, the DeepSec In-Depth Security Conference will offer a workshop for finding vulnerabilities. Unfortunately the testing of software in the context of quality assurance is no longer sufficient in the modern, networked world. The prefix “Smart” does not change anything about existing weaknesses. The training is therefore aimed at professionals, already working in development, and at security experts, to specifically strengthen the development of safer products in industry and companies. Complex Technologies and their Susceptibility to Errors Not only since the birth of the Internet of Things modern products can’t manage without software. If you add networking and the high level of complexity of individual parts, this is a

Read More

Translated Press Release: Intelligence Agencies want to abolish Information Security

René Pfeiffer/ September 11, 2018/ Conference, Press DeepSec Conference criticizes the open Attack on secure End-to-End Encryption Vienna (pts014/21.08.2018/09:25) – Ever since security measures have been in existence, there have been discussions about their benefits and their strength. In digital communication, the topic of back doors keeps coming up. In the analog world high quality locks are desired to protect against theft. In the digital world this may now change. The Five Eyes (i.e. the intelligence services of the United States, the United Kingdom, Australia, New Zealand, and Canada) want to force all countries around the world to implement duplicate keys, thus to implement back doors, in their encrypted communication. For this purpose, at the end of August, a meeting of the Five Eyes Ministers of the Interior took place in Australia. This proposal has serious disadvantages for the economy

Read More

Translated Press Release: DeepSec Conference releases Schedule for 2018

René Pfeiffer/ September 6, 2018/ Conference, Press

Focusing on the Insecurity of Things and infrastructure Vienna (pts014 / 21.08.2018 / 09:25) – This year’s DeepSec In-Depth Security Conference will focus on the topic of Insecurity of Things (IoT) and components of everyday infrastructure. The ever-advancing networking opens up completely new ways for attackers – faster than developers and manufacturers can fix bugs. Instead of using secure design for products and code, machine learning and artificial intelligence are integrated – unfortunately, implemented using convenient statistics and the algorithm of the week from the daily menu of the development kit. The presentations at the DeepSec conference will therefore put the alleged technologies of the future to the test. Mobile networks, the Internet of Things, collaboration platforms in the cloud, customer relationship management systems and the human factor are in the cross-hairs. Smart is

Read More

DeepSec 2015 in Pictures: Very photograph. Many pixel. Wow.

Sanna/ February 5, 2016/ Administrivia, Conference, Pictures

„Documentation, or it did not happen!“ This is probably the unofficial motto of information technologists (and security/audit people around the globe). For your convenience we put some images from DeepSec 2015 online. Have a  look! Thanks to Joanna Pianka for the great pictures!

Recordings and Slides from DeepSec 2013

René Pfeiffer/ December 12, 2013/ Administrivia, Conference

We are still dealing with the administrative tasks of DeepSec 2013, and we would like to give a short update on the publication of the slides. We have published all PDFs from the talks on our web server. Some speakers are still refining their documents. We will add them to the collection as soon as we get the files. There are audio and video recordings as well. Both are in post-production in order to ensure that the content is ok and everything works (we had some troubles with broken media files and storage containers in the past). We will put the audio recordings on our web site, too. The videos will be published on our Vimeo account soon. So, thank you for attending and speaking at DeepSec 2013! We hope to see you again

Read More

Unlearn to Hack?

René Pfeiffer/ May 6, 2012/ Discussion, High Entropy, Security

Security is heavily influenced by the inner workings of the (human) mind. We all know about social engineering and tricks used by con men. The game of smoke and mirrors now hits the „uncontrolled spread of hacking tools“. We have already pointed out that the European Union is preparing a proposal for „banning“ „hacking tools“. There is now a case on-line where a print magazine was allegedly removed from the shelves of Barnes & Noble. Apparently the cover story was too dangerous, because it announced how to „teach you to break into networks, exploit services running remotely, beat encryption techniques, crack passwords, and more.“ The real dark side of this story is that these skills are discussed at most self-respecting security conferences. These skills are even part of a very basic job description in

Read More

DeepSec 2011 – Video Interviews

René Pfeiffer/ November 24, 2011/ Press

A video team from Golem, one of Germany’s largest IT news web sites, did some interviews at DeepSec 2011. We already mentioned the interview with Sharon Conheady and Stefan Schumacher. There’s a new video available. It’s an interview with Constantinos Patsakis about the security and the automotive industry. Modern cars rely heavily on computer systems and data buses, but they lack mechanisms to control access to different components by different users. Constantinos and Kleanthis Dellios discussed this problem in their talk at DeepSec 2011 and suggested solutions to this problem. Watch the video and listen to the interview. Video: Interview C. Patsakis Sicherheit in Autos (3:08) Harald Welte, who conducted the „Attacking GSM“ training with Dieter Spaar at DeepSec 2011, gave an interview about the state of security in the GSM network. Video: Interview Harald

Read More

First Press Coverage of DeepSec 2011

René Pfeiffer/ November 18, 2011/ Conference, Press

The first articles about DeepSec 2011 are online. Most of them are in German, so you might want to use Google Translate for it. In addition Golem will publish video interviews with selected speakers soon (we will tell you as soon as they are available). Wie Terroristen verschlüsseln Duncan Campbell talks about encryption and compares it to the real world. There have been a lot of rumours about terrorist groups using modern encryption. The reality looks a bit different. Tools like PGP are around, but some groups still rely on substitution and transposition ciphers. Managing keys of modern cryptography and handling the tools isn’t as easy as changing clothes. Procedures, procedures, procedures, ask the auditors. Das Streben nach dem Cyber-Weltfrieden Stefan Schumacher illustrates the concept of cyber-peace described in his talk yesterday. Everyone invests

Read More

DeepSec 2011: Techniques de cryptage des cellules terroristes, espionnage GSM, piratage informatique

René Pfeiffer/ November 3, 2011/ Press

Du 15 au 18 novembre 2011, la cinquième édition de la conférence DeepSec réunira les plus grands spécialistes internationaux  de la sécurité des réseaux et du piratage autour du thème de la sécurité informatique. Les principaux sujets abordés: techniques de cryptage des cellules terroristes, sécurité des systèmes de communication mobiles et de leurs utilisateurs et enfin, infrastructures de sécurité de la prochaine génération numérique. “Nous avons voulu, cette année encore, aborder des thématiques passionnantes et sujettes à controverse. Les sept workshops et les trente-quatre interventions de la conférence concernent directement ou indirectement une grande partie de la population” explique René Pfeiffer, organisateur du DeepSec. “C’est le cas notamment des tentatives de piratage constatées sur les réseaux GSM. C’est également le cas des problèmes de sécurité rencontrés sur IPv6 (Internet Protocol version 6), un protocole

Read More

DeepSec auf Radio Netwatcher am 25. Oktober 2011

René Pfeiffer/ October 22, 2011/ Communication

We did an interview with Radio Netwatcher. You can listen to it on 25 October 2011 at 1800 CEST on radio ORANGE 94.0 (Austria and other countries where the content is syndicated). The interview is in German. It covers the 0zapftis trojan horse, malware in general, security (of course), DeepSec 2011 and the Austrian Big Brother Awards. Wir haben Radio Netwatcher ein Interview gegeben. Man kann es am 25. Oktober 2011 um 1800 (CEST) auf Radio ORANGE 94,0 hören (hier in Österreich und in anderen Ländern, wo der Inhalt auch ausgestrahlt wird). Der Interview wurde in deutscher Sprache gegeben. Es umfaßt den 0zapftis Staatstrojaner, Schadsoftware im Allgemeinen, Sicherheit (natürlich!), die DeepSec 2011 und die österreichischen Big Brother Awards.

Press Release: From Car to „Zombie“ – Data-driven Attacks on Automobiles

DeepSec Organisation/ October 19, 2011/ Press

Data-driven Attacks on Automobiles Security conference DeepSec broaches the issue of automobile security  Vienna – Hacking attacks on cars sound like something out of a Hollywood blockbuster. However, they’re possible today and pose a real threat for individuals and the automotive industry. The international security conference DeepSec, which takes place between the 15th and 18th of November 2011 chose the security of mobile phones, cars and their users as central topics for this year’s conference. „As in the years before we want to present exciting and controversial topics which concern not only experts, but most of us directly or indirectly in 7 workshops and 34 talks.The liability of modern cars to attacks is on of our topics.” says René Pfeiffer, organiser of DeepSec. “DeepSec acts as neutral platform to connect the hacker-community with IT

Read More

Some Slides from DeepSec 2009

René Pfeiffer/ June 24, 2011/ Administrivia, Conference

Some of you might already noticed the videos from the DeepSec 2009 conference on Vimeo. Sadly we don’t have all the slides for all talks, but here are some documents from our archive. #TwitterRisks: Bot C&C, Data Loss, Intel Collection & More by Ben Feinstein – Slides Dynamic Binary Instrumentation for Deobfuscation and Unpacking by Daniel Reynaud and Jean-Yves Marion – Slides Windows Secure Kernel Development by Fermin J. Serna – Slides Stoned déjà vu – again by Peter Kleissner – Slides Key Management Death Match? Competing KM Standards Technical Deep Dive by Marc Massar – Slides USB Device Drivers: A Stepping Stone into your Kernel by Moritz Jodeit and Martin Johns – Slides eKimono: Detecting Rootkits inside Virtual Machine by Nguyen Anh Quynh – Slides Ownage 2.0 by Saumil Shah – Slides

DeepSec: Mobile Radio Networks as Targets for Virtual Warfare

René Pfeiffer/ November 20, 2010/ Press

Vienna – The times when a mobile phone was used solely to make calls are long gone, now it’s all about making pictures and surfing the Internet. The groundbreaking success of the iPhone is just one example for the fact that mobile phones have long since outgrown their original use. Youths and adults use them every day  to get information about recent news, the weather or navigation for a future trip with the car. Having the new all-purpose information device by the hand has become a habit. But what happens if criminals or assassins attack the mobile phone network? Cyber War: Public Life in the Crosshairs “The GSM radio network is used by more than 200 countries and holds many spectacular flaws which we want to illustrate.”, explains René Pfeiffer, organiser of the international

Read More

DeepSec conference focuses on the precarious security situation in the world-wide mobile phone network

René Pfeiffer/ September 7, 2010/ Press

DeepSec 2010 features 33 talks and 8 workshops by international experts Vienna, 31 August 2010. The international security conference DeepSec brings together the world’s elite in network security and hacking in Vienna from 23 to 26 November 2010. This year, the conference focuses on the security of mobile systems and their users, as well as on the next-generation infrastructure. IT and security companies, users, officials, researchers and the hacker community have the opportunity to take part in the conference with 33 talks and 8 workshops scheduled this year. “We are happy to offer for the fourth time so many experts the chance to exchange ideas and experiences on the most important security issues of everyday IT work in our modern days”, says René Pfeiffer, organiser of DeepSec. Live attacks on iPhone through a weak

Read More