Forgot about t2 | Program beta out now

It’s pretty crazy that even Dr Dre managed to release new music since the last time t2 was organized. The 3.5 years without a conference definitely put a dent on the proverbial ’64 Impala, despite a steady stream of releases from our favorite artists. Even FSMCs performed live!

“They wanna know if AB still got it,
They say confs’ changed, they wanna know how we feel about it”

— Still t2

Coming back from the cold, CFP was one of the hardest ones we’ve had so far. The most brutal reviews and expectations for whether we curated a relevant program consisting of decent content or not comes from within the AB. “Why is that?” you ask sitting on a comfortable lobby bar sofa.

The Advisory Board of t2 has always had an aspirational goal of some day achieving certified status with the prestigious Security Vacation Club, yet we have decided to not submit an application until we can demonstrate a track record of at least twenty successful events.

On practical terms, using random puzzle pieces to put together a sensible picture, isn’t just dependent on the quality of individual pieces. It also depends on other ones on the table at the same time.

Right now we feel there’s a credible set of heavy hitters to warrant publishing our program in beta. Having said that, we are still working on it to make sure there’s the right recipe in the mix to facilitate those lobby bar discussions.

We still have about 25 tickets left. If you plan on attending and have not yet bought a ticket, it’s more or less the perfect moment (and second-to-last chance to do). The closer the event gets, the more likely it is someone comes and just buys 5+ at a time.

And yes, it’s on – with additional small print: a t2 Scarab challenge winner who uses a white ’86 Testarossa for ground transportation during the whole duration of t2’23 receives a free entry to t2’24 and t2’25.

t2’19 speakers confirmed

The CFP is over for this year and the speaker lineup is ready for your reading pleasure.

Without sounding too enthusiastic for a Finn, it’s difficult not to get excited when there are entries on the agenda like the keynote from John Lambert, Distinguished Engineer and General Manager of the Microsoft Threat Intelligence Center. A seasoned t2 attendee might remember him from sparking the original inspiration behind olleB’s t2’15 talk ”If attackers think in graphs, why can’t we?”.

Looking at the schedule, it’s both refreshing and rousing to see research targeting wireless input devices and VPN clients. Both could easily be dismissed during target selection as mature technology, yet here we are. Having said that, there’s still a healthy focus on modern and up-and-coming tech in the agenda, such as using machine learning for vulndev.

Traditionally this post always ends with a gentle reminder to get your ticket early. The sales have been open for a couple of months and a good chunk of the tickets have already been sold. If you haven’t bought yours already, there’s not a better time for action than right now.

Halvar Flake keynote

The advisory board and organizers of t2 are honored and pleased to have Halvar Flake deliver the headlining keynote for the 15th anniversary edition of the event. His speaking history with t2 starts in 2005, and Halvar is certainly recognized as one the luminaries in the field. The following teaser provides a taste of what to expect.

Risks, Damn Lies, and Probabilities

IT continues to bring pervasive change to our societies, industries, and everyday life. This transformation also brings individualized and complicated risks to individuals, companies, and to societies.

IT security is, to some extent, charged with managing these risks. But for an industry tasked with managing risk, we are pretty unstructured in thinking about risk, accounting for risk, and most of all: Holding ourselves and other tech executives accountable for estimates of risks and their probabilities.

The IT industry is often incentivized to incur risks on behalf of others – and to underestimate the actual magnitude of these risks. Customers are either not empowered or not incentivized to challenge excessively rosy risk estimates. Entire executive careers in IT are built on underestimating risks incurred for others.

This talk will cover my observations about the ways we think sloppily about risk and harm, about the IT industries’ lack of risk management for systemic risks, and some thoughts about holding IT industry executives accountable for their risk estimates and decisions.

— Halvar Flake

t2’18 schedule online

The schedule for 2018 is now online.

We are extremely excited to have two excellent keynote speakers. The headlining keynote comes from none other than Halvar Flake himself, and Friday starts with a live action keynote by Viss. While we don’t officially have tracks as such, the themes revolve this year around machine learning, hardware, and vulnerability research, with a mix of exploitation and lessons learned.

It’s funny how things come together – we were never going for a classic t2 lineup, but ended up getting one nevertheless. Regular visitors and long time friends might notice that the list of speakers revisits 2005, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, and 2017. All in all, seven talks out of thirteen are given by people who have been with us before, many of them several times. As such, we feel this suits the 15th anniversary celebrations well.

Slightly over 30% of the tickets were sold during the summer, and since 2014 we’ve been sold out one to two months before the event. Register now.

Morgan Marquis-Boire keynote 2015

Edit: While the content has aged little, our keynote speaker choice failed on a catastrophic level. We are leaving this post and video up in the name of transparency.

“Those who cannot remember the past are condemned to repeat it.”

— George Santayana, The Life of Reason: The Phases of Human Progress – Vol. I, Reason in Common Sense. 1905

In this 2015 keynote headhntr aka Morgan Marquis-Boire philosophizes on nation state attacks, their history, how hackers operate, and the nature of the Internet. As with all philosophical content and/or keynotes, very little has fundamentally changed since the talk.

Is modern technology the Panopticon? What is the East Germany tipping point of today? Do you agree with Morgan at all? Watch the keynote and let us know on the Twitter with #t2infosec !

Trigger warning: Some slides TS/SI

Dave Aitel keynote

Those who actually read the CFP announcement might have noticed the fine print in the footnote section where we announced this year’s keynote. Like having an IRC gateway from a BBS group chat, we’re trying to stay modern and understand that since time is money and everybody wants a TL;DR which fits a tweet, we need to provide one:

Breaking: Dave Aitel giving the headline keynote at t2’17! #t2infosec #cyber #leftoflaunch #dailydave #voiceofreason #buffythevampireslayer

In other words, we’re continuing the tradition of inviting former @stake / NSA employees / DailyDave posters  to speak at t2. If you’ve been reading mailing lists and not just clicking on random links from Twitter, you will probably agree that people who have been long enough in the game often have the kind of insight you can only get by having been there and done that. It is our pleasure to welcome Dave Aitel to deliver the keynote this year.

In case you were born after Miami Vice originally aired, do some googling and figure out a way to mention GOBBLES and our keynote speaker in the same sentence.

Electronic emanations explained

Some of us are young/old enough to have spent too much time browsing through Cryptome archives in the late 90s and being amazed by documents about ECHELON and TEMPEST. Yet, it only took a couple of decades to see those unravel before our very eyes.

Compared to many other security topics, open source information available on electromagnetic intelligence cannot be described as extensive nor comprehensive. Luckily, the talented researchers from Tel Aviv took public research to a new level by demonstrating their 300 USD pita bread.

The setup brings practical attacks to class rooms and coffee shops near you. This time paper and pencil are recommended for taking notes.