Usable Security – Users are not your enemy

Introduction

Often overlooked, usability turned out to be one of the most important aspects of security. Usable systems enable users to accomplish their goals with increased productivity, less errors and security incidents. And It stills seems to be the exception rather than the rule.

When it comes to software, many people believe there is an fundamental tradeoff between security and usability. A choice between one of them has to be done. The belief is – make it more secure – and immediately – things become harder to use.

It’s a never-ending challenge – security and usability experts arguing about which one is more important. And some more people of the engineering and marketing department get involved giving their views and trying to convince the others. Finding the right balance between security and usability is without a doubt a challenging task.

The serious problem: User experience can suffer as digital products become more secure. In other words: the more secure you make something, the less secure it becomes. Why?
Continue reading

Embedded Security using an ESP32

Ever wondered why your brand-new Philips Hue suddenly starts blinking SOS?

Or why there is an ominous Broadcast on your Samsung TV while watching your daily Desperate Housewives?

And didn’t you wear an Apple Watch a few minutes ago, and why did you buy 2 TVs in that time?

Security of smart and embedded devices is one of those topics everyone heard about – might it be good or (more likely) bad.

Let us take a journey down the rabbit hole and find out how such devices handle security today and how we can improve that. On that journey, we will visit 5 points which, in all fairness, are going to be quite technical. Continue reading

Cloud Security – Part 2: The vulnerabilities and threats of the cloud, current scientific work on cloud security, conclusion and outlook

I’m glad to welcome you to the second part of two blog posts about cloud security. In the first part, we looked at the current cloud market and learned about the concepts and technologies of the cloud. Thus, we created a basis for the areas of this post in which we will now deal with the vulnerabilities and threats of the cloud, have a look at current scientific work on the topic and finally conclude with a résumé and an outlook.

Once again, I wish you to enjoy reading! 🙂
Continue reading

Cloud Security – Part 1: A current market overview and the concepts and technologies of the cloud

Welcome to the first of two blog posts, that will deal with the latest developments in cloud security.

In this post, we will initially look at the role the cloud plays in today’s market and why it is important to deal with the security of the cloud. In order to address the security aspects, we need to know how the cloud works, so we’ll then take a closer look at the concepts and technologies used in the cloud.

After we know the technologies of the cloud, we will consider their weaknesses and threats in the next post. To this end, we are trying to identify the weaknesses of the cloud as far as possible, and we will regard a list of threats that companies can face when using the cloud. After that we will observe scientific papers that currently deal with the issue of cloud security. Finally, we will summarise, draw a conclusion and look ahead to potential future developments in the area of cloud security.

And now I wish you to enjoy reading! 🙂
Continue reading

FOOLING THE INTELLIGENCE

Adversarial machine learning and its dangers

The world is led by machines, humans are subjected to the robot’s rule. Omniscient computer systems hold the control of the world. The newest technology has outpaced human knowledge, while the mankind is powerless in the face of the stronger, faster, better and almighty cyborgs.

Such dystopian visions of the future often come to mind when reading or hearing the latest news about current advances in the field of artificial intelligence. A lot of Sci-Fi movies and literature take up this issue and show what might happen if the systems become more intelligent than humans and develop their own mind. Even the CEO of SpaceX, Tesla and Neuralink, Elon Musk, who is known for his innovative mindset, has a critical opinion towards future progress in artificial intelligence:

If I were to guess what our biggest existential threat is, it’s probably that. So we need to be very careful with the artificial intelligence. […] With artificial intelligence we are summoning the demon.

Elon Musk

Continue reading

Predictive Policing – eine kritisch-negative Vorhersage

In diesem Blogpost möchte ich auf die Gefahren, die Predictive Policing verursachen könnte, eingehen wenn es als wissenschaftlich fundiert angesehen und bedenkenlos eingesetzt wird.

Predictive Policing bedeutet ‘vorausschauende Polizeiarbeit’ und ist nicht erst seit dem Zehn-Punkte-Plan von Martin Schulz und der SPD ein beliebtes Buzzword im Zusammenhang mit Wohnungseinbrüchen. Dabei wird versucht, bei Delikten Muster zu erkennen und anhand derer Vorhersagen für die Zukunft zu treffen. Dafür werden unterschiedliche Daten erhoben und mittels Statistik und Sozialforschung Wahrscheinlichkeiten berechnet.
Continue reading

Social Engineering: Firewall-Rules for your brain – Part 2

In the first part of this series you learned which behavioral patterns are usually used to influence humans. Those patterns are the basis of a Social Engineering attack and can usually be detected by a trained person. In the second part we will examine much more sophisticated influencing techniques. Those techniques are very tricky to detect and form a higher threat for your brain’s internal firewall.

Continue reading

Social Engineering: Firewall-Rules for your brain – Part 1

Humans can be regarded as one of the biggest weaknesses for secure systems. Their interaction with technology and awareness for information security makes them usually the “weak link” for gaining access to enterprise networks and private information. From an attackers point of view the investment of using a human to hack a system is much cheaper than searching for 0-day exploits or unpatched vulnerabilities. That’s why the art of human hacking, called Social Engineering, has become an important threat factor for secure systems.

Continue reading

Blockchain – Revolution or hype?

Welcome to our journey through the blockchain, since the emergence of Bitcoin, one of the most trending topics of the global digital village. After reading this blog post, you’ll have a basic understanding of the technology, a wide overview of future use cases and are able to differentiate between realistic potential and hype.

In the first part we explain the blockchain technology, for everybody who’s not that deep in the topic or needs a quick recap:
What is an transaction?
What’s inside a block?
How does the merkle tree work?
Why do we need a proof of work?

In the second part we take a closer look on the future of the blockchain:
What are Proof-of-Stake, Casper and Algorand?
What are the risks and opportunities of the technology?
Where are the future uses cases of the blockchain?
Is there a blockchain revolution or just another hype?
Continue reading