Are Passwords for Web Authentication Obsolete? Leakage of Passwords and API-Keys and Possible Solutions

Hardly any service today works without an API that allows users to log in and then use features that are not available to unregistered users. To do this, the user can create an account that is password protected. Services such as the Google Maps API also provide access interfaces to allow application developers to easily develop very helpful features and make them available to their users.

Continue reading

Social Bots – An Attack on Democracy?

Election campaigns are increasingly carried out in social networks to influence voters. Social bots are being used for this purpose, which raises the question of how much influence they have on voters and whether they can even endanger a democracy. Furthermore, the question arises as to who can be held responsible for this and how users of social networks can protect themselves against social bots.

Continue reading

Cryptomining Malware – How criminals use your devices to get wealthy!

Has your computer ever been slow and you couldn’t tell what the problem was? Nowadays, illicit cryptomining can cause those performance problems. It dethroned ransomware as the top cybersecurity threat in 2018. (Webroot Threat Report 2018) A simple website visit can start the mining process as a javascript running in the background of the browser or an accidentally installed malware on your computer. These two examples for different modes of illicit cryptomining are called browser-based cryptojacking and binary-based cryptomining. In both cases hash-rates can be up to medium-sized mining farms. This blog article will give an overview over binary-based cryptomining malware. In that case the mining process is embedded in the payload of a malware. Criminals hide it as good as possible which makes it hard to detect to gain a massive income. All the tools they need to start a malicious cryptomining business are easy to get in underground markets. For example Malware can be purchased for a few dollars (e.g. the average cost for an encrypted miner for Monero XMR is 35$). We will also take a quick look at how companies are legally using cryptomining to monetize web content as an alternative business model.

Continue reading

The (in)security about speaker legitimacy detection

For the most of us, voices are a crucial part in our every-day communication. Whether we talk to other people over the phone or in real life, through different voices we’re able to distinguish our counterparts, convey different meanings with the same words, and – maybe most importantly – connect the voice we hear to the memory of a person we know – more or less.

In relationships lies trust – and whenever we recognize something that’s familiar or well-known to us, we automatically open up to it. It happens every time we make a phone call or receive a voice message on WhatsApp. Once we recognize the voice, we instantly connect the spoken words to that person and – in case of a friend’s or partner’s voice – establish our connection of trust.

Continue reading

Social Engineering – Learn From the Best!

Kevin David Mitnick, Social Engineering, Hacker, Manipulation

It isn’t always necessary to attack by technical means to collect information or to penetrate a system. In many cases, it’s more effective to exploit the human risk factor. To successfully protect yourself and your company from social engineering, you’ve to understand how a social engineer works. And the best way to do this is by listening to the world’s most wanted hacker Kevin David Mitnick. Nowadays, the former social engineering hacker uses his expert knowledge to advise companies on how to protect themselves against such attacks. This blog entry is based on his bestseller “The Art of Deception: Controlling the Human Element of Security”. It sheds light on the various techniques of social engineering and enumerates several ways in which you can arm yourself against them.

Continue reading

Security and Usability: How to design secure systems people can use.

Security hit a high level of importance due to rising technological standards. Unfortunately it leads to a conflict with Usability as Security makes operations harder whereas Usability is supposed to make it easier. Many people are convinced that there is a tradeoff between them. This results in either secure systems that are not usable or in usable systems that are not secure. Though developers are still struggling with the tradeoff, this point of view is outdated somehow. There are solutions that do help to design secure systems people can use.

Continue reading