Brussels / 3 & 4 February 2018


Security Theatre

The (mostly) unknown OSI Layer 8

Security is but a feeling. A feeling that the admin has when he's leaving at beer o'clock. And mostly the biggest risks for the assets he has to protect are not of technical nature.

This talk is full of examples, findings and revelations of twenty years of training, consulting, and being an investigative journalist. From passwords to Kerberos servers, from VPNs to the Dark net and anonymity, the hack in the German Bundestag and why it will happen again. Why Google is afraid, why modern hardware sucks, why most VPN services are not worth a cent. How to circumvent the great firewall of China. Eight years in Journalism have given me lots of anecdotes to tell.

All these stories have one thing in common: The biggest security risk sits in front of the computer. OSI Layer 8, and pretty often you can achieve more working on this layer. Almost always the same amount of time and money is better invested here, but there's so many myths around. Oh, and did I mention why responsible disclosure is bullshit? And of course, management comes in. I will explain the terms "Blameware" and "backdoor-friendly" (a retronym for proprietary).


Photo of Markus Feilner Markus Feilner