1811, 2024

DeepSec 2024 Press Release: Choice of programming language does not determine IT security. NSA warns of memory errors while ignoring the majority of other security vulnerabilities

Sanna/ November 18, 2024/ Press/ 0 comments

There are over 900 clearly classified defects in software applications. Some of these are because of memory errors, where code accesses memory areas incorrectly and subsequent errors can lead to crashes or other effects. In 2022, the US National Security Agency (NSA) warned against using the programming languages C and C++ to avoid memory errors. The recommendation is to use other programming languages that prevent these errors. This recommendation ignores reality, as these problems can no longer occur in modern, correct C++ code because of the language specification. Furthermore, the NSA’s proposal ignores existing code that is well tested and ready for production, and much more dangerous defects that are still possible in all programming languages. Modern C++ Bjarne Stroustrup published the C++ programming language back in 1978, and it has continued to evolve

Read More

1111, 2024

DeepSec 2024 Talk: “EU Cyber Resilience Act” – Maintain control and not just liability for your products – Michael Walser

Sanna/ November 11, 2024/ Conference/ 0 comments

The new EU Directive EU 2019/1020, also known as the “Cyber Resilience Act” or “CRA” for short, defines new rules for manufacturers of hardware and software with “digital elements”. For device manufacturers in the medical, industrial and entertainment sectors, the time to act is now. Security updates, vulnerabilities and an extended duty of care for the life cycle are now enforced by law. However, hardware production, such as IoT devices, poses new challenges. What many do not know: Many vulnerabilities are because of physics and are not “bugs” in the conventional sense. As part of the “DeepSec Secure Coding” series, we put the spotlight on the challenges of developing secure hardware and show the vulnerabilities using the example implementation of a bootloader for embedded systems. How to keep control over updates? What is “Secure

Read More

0709, 2022

Press Release: Attacks On IT Through Desktop And Mobile Devices

Sanna/ September 7, 2022/ Press

DeepSec conference focuses on everyday devices as a risk for corporate IT. Attacks on the digital infrastructure of companies, authorities and organizations are often staged as a cinema spectacle in the reporting. Unfortunately the opposite is the case. A burglary in digital infrastructure happens without any broken glass or smashed doors. Attackers can only be successful if superficially everything continues as before. They don’t come through the windows or the underground car park, but via everyday applications on the desktop or smartphone. This year’s DeepSec security conference is therefore trying to sharpen the view on everyday life in the office and at the workplace. Two-day training sessions are offered focusing on workplace hazards, as well as two days of lectures to bring you up to speed. War for the desktop and personal devices Few

Read More

1507, 2020

Press Release: Digitalisation without Information Security has no Future

Sanna/ July 15, 2020/ Conference, Development, Discussion

DeepSec conference warns of unsafe software and insufficient knowledge of professionals. The months in which we had to learn to deal with the effects of various quarantine measures on our everyday lives have decisively emphasized the importance of information technology. Although the Internet has long been an integral part of work and everyday life in many industries, the physical restrictions due to the Covid-19 pandemic could have been significantly more drastic for public authorities, the economy and society without modern telecommunications. Audio, video and chat platforms have prevented things getting worse. The call for more digitalisation, however, lacks the most important ingredient – information security. Published software is safe, isn’t it? In the world of software development, there is an unofficial saying that a product is ready when you can install it. The rest

Read More