Nov03

Back Online!

After some (very weird) technical problems with my server, my page and blog are finally back online. So please look out for upcoming posts, some are already in preparation!

Jul12

The Art of Unsuspiciousness

Attacks are getting increasingly sophisticated – not only wrt. the preparation and execution (e.g., advanced use of social engineering techniques), but also wrt. the exploited carriers. Malware out of the box Pre-installed malware can be found increasingly. E.g., have a look at the iPod, different USB sticks or sniffer malware installed within the firmware of 

Continue Reading →

Jun25

Global Cost of Cybercrime: $400 Billion

A study published by McAfee / Intel Security gives new estimations about the annual global cost of cybercrime. Three values are extrapolated, $375 billion in best case, $445 billion as mid, and about $575 billion as worst case. Of course, such estimations are very difficult to compile. Therefore, the study gives a good overview how 

Continue Reading →

Nov02

Dark Mail Alliance – Email 3.0

The Dark Mail Alliance is working on a new end-to-end encrypted protocol for email. The Alliance consists of Silent Circle and Lavabit, two mail services that closed down to protect their customers in context with the NSA spying scandal. In contrast to available solutions, the new protocol will be designed without the need for unprotected 

Continue Reading →

Oct19

Default Passwords…

Well, that was a surprise: the ICS-CERT obviously has the opinion, that default passwords are no vulnerability. Maybe it wouldn’t be as bad if someone else says such a (strange) thing – but it was the Industrial Control Systems Cyber Emergency Response Team. These guys are working in an important area of Cyber Security, so 

Continue Reading →

Oct17

For all the Whistleblowers out there…

The Freedom of the Press Foundation launched SecureDrop, an Open Source Submission Platform for Whistleblowers. It is a system to help journalists communicate anonymously. It can be installed as, e.g., a Contact Us page on a organization’s website. Two unique identifiers are used, one seen by the whistleblower and one by the organization. By that, 

Continue Reading →

Oct14

Skype – You never know what closed source does…

During the past months, Skype has been conspicuous again – it seems that they have allowed the NSA the access to their servers since 2011. In May 2013, The H Security reported that Microsoft accessed websites shortly after their URLs had been sent within a Skype session. First, this was interpreted as an automated analysis 

Continue Reading →

Oct13

TOR – Anonymity Online

‘Tor Stinks’ is an interesting but definitely not unexpected headline of a top-secret presentation of the NSA, as reported by the Guardian. This is in contrast to some articles which have been published during the past weeks, talking about the insecurity of the TOR service. For example, heise Security wrote that TOR users can be 

Continue Reading →