National-Security-in-the-Middle Attack – the Crypto Wars continue

Posted by on December 3, 2015 at 3:29 pm

National security has officially reached the SSL/TLS infrastructure – at least in Kazakhstan. The Google cache features an article published by the Kazakhtelecom JSC where the introduction of a so-called national security certificate for Internet users was proudly announced. We show you some parts of the original text for educational purposes, because we have never seen the announcement […]

Social Engineering: Cold Call Warning (EHS, EHM)

Posted by on September 8, 2015 at 10:35 am

While we have a workshop on social engineering for you at DeepSec 2015, we do not do any trainings or exercises before the DeepSec event starts. A speaker alerted us that he got a cold call from a company offering cheap rates for accommodation. In case you have received any call from Exhibition Housing Management […]

Dual Use Equation: Knowledge + Vulnerability = “Cyber” Nuclear Missile

Posted by on June 21, 2015 at 10:49 pm

We all rely on software every  day, one way or another. The bytes that form the (computer) code all around us are here to stay. Mobile devices connected to networks and networked computing equipment in general is a major part of our lives now. Fortunately not all systems decide between life or death in case […]

High Availability is not Redundancy

Posted by on October 11, 2012 at 2:55 am

This is about the “A” in the CIA triad of security: Confidentiality, Integrity, Availability Just recently I was a witness of an incident where the failure of a perceived redundant system caused an outage of more than 5 hours of the central IT services of a multinational/intercontinental enterprise. Vital services like VoIP calls and conference […]

Five Million, quick and easy!

Posted by on February 19, 2012 at 11:47 pm

A good friend and former colleague of mine asked me recently, whether I could give him a tip how to make 5M quick and easy. My answer was “Nothing I could think of which doesn’t involve a lot of nasty things and imply a long stay in jail”. But that’s not what I wanted to […]

0zapftis revisited – 0ktoberfest for Security Researchers

Posted by on October 11, 2011 at 9:38 pm

The CCC analysis of the malicious software bought and used by the German government has put our blog schedule and RSS reading habits out of balance. Frankly our necks hurts because we constantly shake our heads since the PDF of the analysis was published. We have talked to journalists who showed interested in the design […]

Analysis of Governmental Malware

Posted by on October 9, 2011 at 2:22 pm

There is a ongoing discussion about the use of malicious software for criminal investigations. German and Austrian agencies use the term „Online-Durchsuchung“ (online search) or „Quellen-Telekommunikationsüberwachung“ (source telecommunications surveillance) for investigative measures that cover the source of telecommunication messages (which is usually a suspect’s computer or telephone). In context with malicious software used for this […]

When Blackholes backfire…

Posted by on September 15, 2011 at 3:29 pm

According to our current scientific folklore nothing will ever come out of a black hole, no matter or particles, no light, no information. But black holes in networking  can backfire from time to time. Of course I’m talking about “black-holing” Internet traffic, a strategy often used on backbones to defend against attacks, specifically flooding, DDoS […]