Tag Archive

DeepSec 2013 Video: Trusted Friend Attack – (When) Guardian Angels Strike

Published on February 6, 2014 By René Pfeiffer

We live in a culture where everybody can have thousands of friends. Social media can catapult your online presence into celebrity status. While your circle of true friends may be smaller than your browser might suggest, there is one thing that plays a crucial role when it comes to social interaction: trust. Did you ever […]

DeepSec 2013 Talk: Risk Assessment For External Vendors

Published on November 6, 2013 By René Pfeiffer

No man is an island. If this is true for every single one of us, then it is also true for companies. Modern enterprises have business to business (B2B) relations. They are at the centre of a network of suppliers and other vendors. Information flows between the players since they need to exchange data. What […]

Of CAs, DLP, CSRs, MITM, inspection and compliance

Published on February 16, 2012 By René Pfeiffer

Writing about certificate authorities is slowly turning into beating dead horses. We have seen a couple of security breaches at CAs in the past. We have witnessed security researchers turning to SSL/TLS. Fairly recently researchers have put RSA keys to the test and found common prime factors in thousands of keys. Now we have a […]

Lessons in Trust and Malicious Code from the Staatstrojaner

Published on October 31, 2011 By René Pfeiffer

Since it is Halloween we will beat an undead horse in our blog today. Zombies are all the fashion both in literature and on your computer. The question is: Are all zombies alike? Are there good and bad zombies, or only bad ones? How can you distinguish between good and evil intentions if all you […]

Talks held at the Linuxwochen Wien

Published on May 8, 2011 By René Pfeiffer

MiKa and me held three talks at the Linuxwochen Wien 2011. The scheduled talks were „VoIP Security“ and „The Wind Chill Factor of Security“. The third talk was a review of the trust models used with X.509 certificates and issued by certificate authorities. The review was a drop-in replacement talk for a speaker who did […]