Malvertising – Part 1: Internet advertising basics

bildschirmfoto-2016-10-03-um-20-53-58Imagine surfing the web on a normal trustworthy website. On the top of the page you see an ad for something that interests you, e.g. the newest smartphone you like for an unbelievable cheap price. You click on the ad. Why wouldn’t you? You’re on a trustworthy site after all. The ad turns out to be a hoax, there are no smartphones for a price that cheap. Over the next few days you notice some strange behaviour from your computer.  Turns out, your computer is infected with some malware. How could this happen? In this case, you’ve been a victim of malvertising. Malvertising is a word composed of Malware and Advertising. As you probably already suspect right now, it means infecting users with malware via advertising on the internet. In this series of articles, I want to give you an introduction to malvertising, first by looking at some basics of advertising on the internet.

Continue reading

Exploring Docker Security – Part 3: Docker Content Trust

In terms of security, obtaining Docker images from private or public Docker Registries is affected by the same issues as every software update system: It must be ensured that a client can always verify the publisher of the content and also that he or she actually got the latest version of the image. In order to provide its users with that guarantees, Docker ships with a feature called Docker Content Trust since version 1.8.
This third and last part of this series intends to give an overview of Docker Content Trust, which in fact combines different frameworks and tools, namely Notary and Docker Registry v2,  into a rich and powerful feature set making Docker images more secure.

Continue reading

WhatsApp encrypts !?


The majority of the 1 billion monthly whatsapp users may be a little confused about the tiny yellow info-box in their familiar chat. End-to-end encryption? Is this one of these silly annoying whatsapp-viruses or maybe something good?

The first big question is “why”. Why do we need a (so complicated) whatsapp end-to-end encryption? The most important answer is obvious: cause the sent messages are highly personal and worthy to protect against third-party attackers or facebook/ whatsapp itself. From facebook’s point of view there are some more reasons like pressure caused by competitors or loss of trust by the users.

Continue reading

Secure Systems 2016 – An Overview, Walter Kriha


This is an attempt to provide an overview of the topics in “Secure Systems”, a seminar held during the summer term 2016 at the Stuttgart Media University HdM. Presentations have been given and blog entries into our new MI blog were made. With the chosen topics we have been quite lucky, as some of them turned out to be in the headlines sometimes only a few weeks after the presentation. Examples were the Dark Web, wireless car keys, side channel attacks, operating systems security, software supported racism and last but not least the threat of attacks on critical infrastructures like power grids and airports.

Open research questions about the topics will be discussed as well and you can find blog entries at

The seminar structure was roughly as follows:
1. current topics and developments (what is happening in IT-Security, Capability approaches compared to ACLs)
2. infrastructure security (IT-Sec in critical infrastructures like power grids, car production etc.)
3. IT-Security problems in other areas and branches (Satellites, company infrastructures, Law, Data Sciences, Movies and Literature, Dark Web, Botnets etc.)
4. Ways to improve Security:
– Basic problems (psychological factors)
– New languages (Rust, Elixir)
– new operating systems and containers (MirageOS, ChromeOS)
– new protocols (secure end-to-end messaging)

Continue reading

Botnets – Structural analysis, functional principle and general overview

wiat wektorThis paper provides an overview on the most important types of botnets in terms of network topology, functional principle as well as a short definition on the subject matter. By exploring the motivation of botnet operators, the reader will gain more insight into business models and course of actions of key players in the field. Furthermore, essential botnet modules, major important roles and infection vectors will be discussed in order to provide an overview. This paper will also treat the hiding, detection, as well as the decommissioning of botnets. Moreover, it will be discussed in what sense botnets may be considered as resilient systems and what estimations about countermeasures can be taken in order to tackle future developments in the field of botnets.

Continue reading

Exploring Docker Security – Part 2: Container flaws

Now that we’ve understood the basics, this second part will cover the most relevant container threats, their possible impact as well as existent countermeasures. Beyond that, a short overview of the most important sources for container threats will be provided. I’m pretty sure you’re not counting on most of them. Want to know more?

Continue reading




MirageOS is a new and rising trend when it comes to talking about cloud computing. More and more services are being relocated into modern cloud infrastructures, due to a lot of advantages like i.e. reduced costs, maximum flexibility and high performance. Todays services normally depend on big virtual machines (like i.e. Ubuntu Xenial with a size of ~1,5 GB) with a lot of software on it. The service which is running on these virtual machine only needs a very small subpart of the whole software and dependencies which are installed. Also the unneeded additional software running on the virtual machines offers a huge attack surface for hackers. Since data often is a highly valuable asset for a company and exposing it would lead to a huge profit collapse, security gains more and more importance. MirageOS is a minimalistic approach to kick out all unneeded layers and dependencies and deploy as less code as possible. This approach is highly efficient and fits in perfectly in modern microservice-architectures. If MirageOS will be accepted by users in the future, it could possibly replace modern approaches like i.e. Docker or classic virtual machines in the context of cloud-environments.

Continue reading

Exploring Docker Security – Part 1: The whale’s anatomy

When it comes to Docker, most of us immediately start thinking of current trends like Microservices, DevOps, fast deployment, or scalability. Without a doubt, Docker seems to hit the road towards establishing itself as the de-facto standard for lightweight application containers, shipping not only with lots of features and tools, but also great usability. However, another important topic is neglected very often: Security. Considering the rapid growth of potential threats for IT systems, security belongs to the crucial aspects that might decide about Docker (and generally containers) being widely and long-term adopted by software industry.
Therefore, this series of blog posts is about giving you an overview of the state of the art as far as container security (especially Docker) is concerned. But talking about that does not make so much sense without having a basic understanding of container technology in general. This is what I want to cover in this first part.
You may guessed right: Altogether, this will be some kind of longer read. So grab a coffee, sit down and let me take you on a whale ride through the universe of (Docker) containers.

Continue reading