Tag Archive

#efail, Crypto, HTML, PDF, and other complex Topics

Published on May 14, 2018 By lynx

You probably have noticed the #efail hashtag that came with the claim that the crypto world of PGP/GPG and S/MIME is about to end. Apocalyptic announcements were made. The real news is due for 15 May 2018 (i.e. the publication with all the facts). There was even the advice to stop using encryption until more […]

Manufacturers integrate Blockchain into Processors to counter Spectre and Meltdown

Published on April 1, 2018 By lynx

The Spectre and Meltdown security vulnerabilities gathered a lot of attention in January. Processor manufacturers have rushed to fix the design of the chips and to patch products already in production. The vulnerabilities show that secure design is critical to our modern infrastructure. Computing has become ubiquitous, so has networking. The current fixes change the […]

Advanced and In-Depth Persistent Defence

Published on March 26, 2018 By lynx

The attribution problem in digital attacks is one of these problems that get solved over and over again. Of course, there are forensics methods, analysis of code samples, false flags, mistakes, and plenty of information to get things wrong. This is nothing new. Covering tracks is being done for thousands of years. Why should the […]

Support for BSidesLondon’s Rookie Track

Published on February 27, 2018 By lynx

We are proud to support the Rookie Track at BSidesLondon in 2018 again. This means that one of us will be present at the Rookie Track and that the winner will get to attend DeepSec in November. It’s hard to get a start, so we like to help the rookies with that. We also like […]

DeepSec2017 Talk: Building Security Teams – Astera Schneeweisz

Published on November 14, 2017 By sanna

While ‘security is not a team’, you’ll find that most companies growing just beyond 60-80 people start employing a group of people focusing primarily on the topic. But the culture of secure engineering in a company does not only strongly correlate with when you start building a security team – it becomes (and grows as) […]

Screening of “The Maze” at DeepSec 2017

Published on November 3, 2017 By lynx

We have some news for you. Everyone attending DeepSec 2017 will get a cinematic finish on the last day of the conference. We will be showing The Maze by Friedrich Moser. For all who don’t know Friedrich’s works: He is the director of A Good American which was screened at DeepSec 2015. The Maze is […]

Science First! – University of Applied Sciences Upper Austria (FHOOe) supports DeepSec

Published on October 12, 2017 By lynx

The motto of DeepSec 2017 is „Science first!“. This is expressed by the co-located ROOTS workshop, many speakers from academics, topics fresh from the front lines of research, and a mindset that favours facts over fake content or showmanship. This is why we want to thank the University of Applied Sciences Upper Austria for their […]

DeepSec 2017 Talk: Insecurity In Information Technology – Tanya Janca

Published on October 6, 2017 By sanna

A lot is expected of software developers these days; they are expected to be experts in everything despite very little training. Throw in the IT security team (often with little-to-no knowledge of how to build software) telling developers what to do and how to do it, and the situation is further strained. This silo-filled, tension-laced […]

DeepSec 2017 Talk: Hacking The Brain For Fun And Profit – Stefan Hager

Published on October 2, 2017 By sanna

You are what you think. At least we think so. Is this mental model the right way to explore our surroundings and our interconnected world? Well, let’s find out by thinking about it. When we’re talking and thinking about security, we very often have a rather fixed mindset and keep using what we think are […]

DeepSec 2017 Keynote: Social Science First! – Dr. Jessica Barker

Published on August 24, 2017 By sanna

While the schedule is still preliminary, we have already some confirmations from our speakers. We are happy to announce Dr Jessica Barker as the keynote speaker for DeepSec 2017. Information security has a lot to do with interactions. Despite AI (a.k.a. Assisted Intelligence), „smart“ assistants (a.k.a. paper clips on steroids), and a metric ton of […]

Decline of the Scientific Method: New (Austrian) “Trojan” Law without Technical Expertise

Published on August 3, 2017 By sanna

The Crypto Wars are still raging despite everyone relying on secure communication. Everyone means everyone. The good thing is that mathematics still works, even though some people wouldn’t want it to. The latest cryptographic review comes from Amber Rudd, the current UK Home Secretary. She said recently: “Real people often prefer ease of use and […]

Unicorns in the Wild – Information Security Skills and how to achieve them

Published on July 27, 2017 By lynx

Everyone talks about information security, countering „cyber“ threats, endless feats of hackers gone wrong/wild, and more epic stories. Once you have realised that you are reading the news and not a script for a TV series, you are left with one question: What are information security skills? The next question will probably be: How do […]

Biometrics and Failures in understanding Security – Copy & Paste Iris Scans

Published on May 23, 2017 By lynx

Biometrics has an irresistible attraction. Simply by mentioning the fact that you can measure parts (or surfaces) of the body and convert them to numbers a lot of people are impressed out of their mind. Literally. In theory biometric information serves as a second set of data to be used for any purposes. A common […]

Disinformation Warfare – Attribution makes you Wannacry

Published on May 16, 2017 By lynx

After the Wannacry malware wreaked havoc in networks, ticket vending machines, companies, and hospitals the clean-up has begun. This also means that the blame game has started. The first round of blame was distributed between Microsoft and the alleged inspiration for the code. The stance on vulnerabilities of security researchers is quite clear. Weaknesses in […]

Wannacry, Code Red, and „Cyber“ Warfare

Published on May 14, 2017 By lynx

Society and businesses increasingly rely on networked infrastructure. This is not news. Worms that used networks to spread to new hosts in order to infect them is also not news. Code Red did this back in 2001. There is a new worm going around. Its name is Wannacry, and it is allegedly based on published […]