DeepSec 2016 Call for Papers – Reminder – 24h to go!
The Call for Papers for the tenth DeepSec conference officially ends in 24 hours. This is a gentle reminder to submit your presentation or your kick-ass workshop.
3007, 2016
2107, 2016
Intelligence on the Silver Screen: A Good American Kickstarter Campaign
Surveillance has a bad reputation. No one likes to be watched. Yet infosec researchers, sysadmins, and developers talk a lot about log files. We need to watch stuff for various reasons. You got your mail logs, diagnostic messages, performance metrics, network addresses, and more painstakingly sorted by timestamps and maybe geolocation. Log data is part of information technology. It gets interesting once you store, process and mine this data. Some people like to collect it all and do all kinds of Big Data stuff with it. Others filter out the relevant bits of information and work with that. Opinion is divided, results may vary. Enter A Good American, the documentary which was screened in Vienna during the DeepSec 2015 conference. It has been shown all over the world. The film itself is fully funded,
0406, 2016
BSides London 2016 – Schedule
In case you haven’t noticed, the London BSides schedule is up. The Rookie track starts right with the most important part of information security – opsec. Behaviour is on a par with expensive security hardware and your favourite protection software. Wearables, video games, hidden data, malware mythbusting, and more follow next. The main schedule features presentations about the impact of TOR/I2P traffic to your servers (think or best forget about CloudFlare), methods used by options advanced attackers, attacking Low Powered Wide Area Network (LPWAN) devices used for smart / IoT stuff, malicious software, static code analysis, threat analysis, the temptation of containers, and honey pots. There’s ample of content for everyone looking for new ideas. Don’t miss the opportunity!
1805, 2016
The Didactic Side of Information Security
Explaining complicated topics with a lot of dependencies is hard. Even the operation of devices such as computers, telephones, or cloud(ed) applications can’t be described in a few sentences. Well, you can, if you use the tried and true lie-to-children method coined by Jack Cohen and Ian Stewart. If you really want to dive into a subject, you need a good start and a tour guide who knows where the terrain gets rough and helps you through it. Information technology and its security is hard to learn. The basics are surprisingly simple. Once you get to the implementation and the actual parts that need to be touched, it gets a lot more complicated. Modern IT combines various technologies, most taken from computer science, others taken from other fields of research. The starting point defines
1504, 2016
DeepSec 2016 Call for Papers is officially open!
DeepSec 2016 is coming! We have set up the Call for Paper manager to accept your submissions for talks and workshops. Keep the „cyber“ distractions low, maximise content. DeepSec is all about hard facts and solid research. The Internet of Stuff/Things has gained momentum. Given the current IoT security designs, this technology will keep security researchers busy for decades to come. Tell us how to break the smart home of the future. The Crypto Wars are on again. Forget quantum computers! Think about how crypto will work in the age of golden keys and backdoor privileges. Of course you can also talk about the state of cryptography and post-quantum algorithms. DeepSec has always had a decent crypto content. We will give you some more ideas on what to submit in the course of the
0104, 2016
FBI, NSA, DoD and CDC join forces to combat Cyber Pathogens
The world economy is threatened by a new strain of microorganisms. These so-called cyber pathogens spread via networks and the touch of digital devices. They can also lie dormant for days and months, only to spring to life when the victim’s immune system is at its weakest point. It is widely believed that cyber pathogens can infect the population of a whole country and wipe it completely off the grid of the Earth. Current antidotes can only treat the symptoms. The best way to get rid off the pathogens is to resort to physical means and destroy every surface it can cling to. Amputation of infected tissue also works. Unless security researchers will find a suitable vaccination soon, every single one of us is at risk. The cyber pathogen threat is the reason for
2701, 2016
DeepSec Video: The German Data Privacy Laws and IT Security
Data protection and information security are often seen as different species. Why? Where is the difference between protection, defence, security, and offence? There are a lot of relations between the terms. Stefan Schumacher (Magdeburger Institut für Sicherheitsforschung) gave a presentation at DeepSec 2015 on how to link privacy with security: „Hesse introduced the first data privacy law in the world in 1970. Since then, the German data privacy laws evolved over time and led to the creations of several tools and methods to protect private data. Though it is aimed at data protection it can be utilized for IT security. This talk introduces the data privacy law and it’s main ideas. This presentation will also show how it can be used to further IT security especially in the SME sector. This mostly refers to
2601, 2016
Last Chance to See: RuhrSec Early Bird Tickets
If you have no money but some time to spare, you should head over to the RuhrSec ticket shop and get yourself some freshly issued Early Bird tickets! Our friends in Bochum have a decent schedule for you. Inevitably the Internet of Things gets broken (again), you hear more about TLS v1.3, caches get a thorough Rowhammer beating, Eve pays a visit to your WebTRC talk, and more security wait for you. RuhSec takes place on 28 and 29 April 2016. The location is the Veranstaltungszentrum, Ruhr-Universität Bochum, Universitätsstraße 150, 44801 Bochum. Google has a map for you as well.
0611, 2015
Endangered Species: Full Disclosure in Information Security
History, fictive or real, is full of situations where doubts meet claims. Nearly every invention, every product will be eyed critically, analysed, and tested. There are even whole magazines fully dedicated to this sport, be it for example, consumer protection, reviews of computer games or the car of the year. When it comes to testing the sector of information security is particularly sensitive. Depending on the hard- or software concerned, testing is not only about comfort or in search of a particularly good storyline, but about incidents, which can cause real damage in the real world. How should one deal with the knowledge of a design flaw affecting the security of a system? Locks In 1851 the American lock-smith Alfred Charles Hobbs visited the Great Exhibition in London. He was the first to pick
0709, 2015
DeepSec 2015 Schedule is almost stable & BSidesVienna CfP Deadline
The schedule of DeepSec 2015 is almost done. We’re still reviewing submissions and talk to authors. We are confident to call the schedule stable soon. Until this happens, we will describe the presentations and trainings with a little more detail here. Take a good look, but don’t wait too long before booking a ticket. The workshops can only accommodate a limited amount of attendees. Don’t miss the opportunity! We also like to point out that the Call for Papers for the BSidesVienna event is ending on 15th September 2015! If you have interesting content, please submit!
1511, 2014
DeepSec 2014 Talk: Why IT Security Is ████ed Up And What We Can Do About It
Given the many colourful vulnerabilities published (with or without logo) and attacks seen in the past 12 months, one wonders if IT Security works at all. Of course, 100% of all statistics are fake, and only looking at the things that went wrong gives a biased impression. So what’s ████ed up with IT Security? Are we on course? Can we improve? Is it still possible to defend the IT infrastructure? Stefan Schumacher, director of the Magdeburger Institut für Sicherheitsforschung (MIS), will tell you what is wrong with information security and what you (or we) can do about it. He writes about his presentation in his own words: Science is awesome. You aren’t doing science in infosec. Why not? Seems to be the overriding message of @0xKaishakunin #AusCERT2014 This was one tweet about my talk
2402, 2014
DeepSec 2013 Video: Future Banking And Financial Attacks
Predicting the future is very hard when it comes to information technology. However in terms of security analysis it is vital to keep your head up and try to anticipate what attackers might try next. You have to be as creative as your adversaries when designing a good defence. This is why we invited Konstantinos Karagiannis (BT) to DeepSec 2013. Konstantinos has specialized in hacking banking and financial applications for nearly a decade. Join him for a look at the most recent attacks that are surfacing, along with coming threats that financial organizations will likely have to contend with soon.
1902, 2014
DeepSec 2013 Video: Risk Assessment For External Vendors
CIOs don’t like words like „third party“ and „external vendor“. Essentially this means „we have to exchange data and possibly code with organisation that handle security differently“. Since all attackers go for the seams between objects, this is where you have to be very careful. The fun really starts once you have to deal with confidential or regulated data. So how do you cope with doing this and still keeping an eye open for risk, compliance, and efficiency? Good question. At DeepSec 2013 Luciano Ferrari (Kimberly-Clark Corporation) addressed these issues in his presentation. He has developed a process that deals with global Risk Assessment and increases the trust in and the security of your data. However: Data security can only be achieved if all units of an organization cooperate – and with a change
3001, 2014
DeepSec 2013 Video: Effective IDS Testing – The OSNIF’s Top 5
Intrusion detection systems can be a valuable defence mechanism – provided you deploy them correctly. While there are some considerations to your deployment process, these devices or software installations require some more thought before you choose a specific implementation. Testing might be a good idea. If you want to detect intruders, then it would be nice if your IDS can do the job. How do you find out? Well, in theory you could use the specifications of the IDS systems as published by the vendors/developers. In practice this information lacks the most important figure: How many intrusions can you detect in a given time frame? True, you have to deal with specific signatures of attacks, so comparing isn’t easy provided you take different sets of rules. Then again some IDS engines have their own
0711, 2013
DeepSec 2013 Talk: Future Banking And Financial Attacks
Hey, you! Want to know a secret? Your adversaries are after money. Taken the „cyber shoot-outs“ of governments aside, no sophisticated attack happens without economical benefits. Attackers don’t care where the money comes from. However they care for efficiency. They do not compromise web server after web server to hope for some loot which can be turned into profit. Instead they go after the places where people store and move their money. Financial institutions have been battling attacks against their customers and their infrastructure since their services entered the Internet. It’s an arms race, and if you are involved you need to keep up. We are proud to have Konstantinos Karagiannis at DeepSec 2013 talking about the future of banking and financial attacks. Advanced User Enumeration and DDoS Every attack needs a proper target.