Category: Secure Systems
Defense in Depth: a present time example
In this post, we want to take a look on the concept of defense in depth. Therefore we are going to examine Chrome OS, the niche operation system for web users.
Security aspects in the context of drones
Image you are sitting on your balcony after a stressful working day. Your legs on a chair, an ice cold beer in your hand and the afternoon sun on your face. Suddenly the light darkens and a soft buzz is filling the air, constantly getting louder and more annoying. A cold breeze causes goosebumps on…
Rust – fast and secure
Rust, a fairly new programming language promises to be fast and secure. The following blog entry discusses how Rust tries to achieve these two goals. The key concept is that every resource always belongs to exactly one variable. More precisely one lifetime, which is normally automatically created on variable creation. The concept of lifetimes would…
IT-Security in film and fiction
Probably everybody with a background in computer science has already seen a hollywood blockbuster or read a critically acclaimed book which alluded IT-security. It is a popular topic which allows to play with the expectations and fears of the audience. Government agencies are hacked within seconds, security failures happen everywhere, destructive malware infects machines on…
Incognito in the dark web – a guide
“Big Brother is watching you”, “data kraken” or “the transparent man” are often used as catchwords, when talking about the shrinking privacy on the internet. This blog post will how a possible way of protecting the anonymity and privacy of the users in the internet. A possible way to do so, is to access the…
How is XSS still a thing?
Back in 2005, the words ‘But most of all, samy is my hero’ caused great agitation among MySpace engineers as Samy Kamkar injected a Cross Site Scripting (XSS) worm into the social network. The attack consisted in an infected user, publishing a post in their myspace page showing these words honoring its creator, and of…
The Elixir Programming Language
An introduction to the language, its main concepts and its potential. The number of security incidents has been on the rise for years, and the growth of the Internet of Things is unlikely to improve the situation. Successful attacks on all kinds of interconnected smart devices, from car locks over home security systems to highly…
Side-channel Attacks
This post will give you an introduction to Side-channel Attacks by looking at some common vulnerabilities and concrete attacks that try to exploit those. But first: What actually is a Side-channel attack in general? A Side-channel Attack is an attack on a system, most probably a “secure” system, that does extract secret data by using…
Web App – File Upload Vulnerabilities
Today we will discuss file upload vulnerabilities; a topic that is widely underestimated by developers. First, we will imagine a website in which it is possible to upload images with the format .jpg, .png, .gif and so on. If an application does not have proper form validation for file uploads, an attacker is able to gain…
Keyless Gone – Vulnerabilities in keyless car systems
(written by Antonia Böttinger and Andreas Gold) Introduction Modern cars embed complex technologies to improve the drivers comfort and safety. In 1999 the automobil industry introduced the smart key system that more and more cars use. Even if manufacturers make use of various designations like Keyless Go, KeyFree Power or Smart Key the technique is…
You must be logged in to post a comment.