In the course of attending the lecture “Secure Systems” I became aware of a blog post by Geoff Huston on how the Domain Name System (DNS) handles “no such domain name” (NXDOMAIN) responses and which possible attack vectors could result from this. His analysis showed how little effort is necessary to perform a Denial of Service (DoS) attack against random authoritative name servers. After a presentation on this subject I decided to delve a little bit deeper into this topic and I came across the fuss about the new DNS over HTTPS (DoH) protocol earlier this year. The juicy findings during my research inspired me to write an own blog post about it. As with any technology, there are two sides to every coin. It always depends on which perspective you take and what hidden agenda you may pursue. For that reason, this blog post is not intended as a critique of the DoH protocol itself, which can be a valued addition to the internet and appears to have helpful uses. Therefore, my focus was on how DoH might currently be implemented having regard to the overall context. Herein, I will not go into technical details of the DoH protocol and thus refer to the corresponding RFC 8484 containing all these information.Continue reading
600 million people – almost every tenth in the world – fall ill every year with contaminated food, 420,000 of them die (cf. World Health Organization 2019). The main reason for this are supply chains that can not be properly traced back to the source of the contamination (cf. Yiannas 2018). Experts say that the blockchain technology is capable of reducing these numbers drastically by increasing traceability in the supply chain. That’s why we wanted to take a closer look at the implementation and benefits of blockchain technology in supply chain management. We decided to build a prototype of an app using ethereum blockchain.
A brief introduction to the fundamental concepts of Erlang and Elixir
Ever since the first electronic systems have been created, engineers and developers have strived to provide solutions to guarantee their robustness and fault-tolerance. Thereof arose the understanding that developing and building a fault-tolerant system is not an easy task, because it requires a deep understanding of how the system should work, how it might fail, and what kinds of errors could occur. Indeed, it became obvious that successful error detection and management are essential for the accomplishment of fault tolerance. That is, once an error has occurred, the system might be able to tolerate it by replacing the offending component, using an alternative means of operation, or raising an exception. However, architectures relying on such approaches exhibited considerable complexity, and thus, resulted in unpredictable and less reliable systems. Consequently, the development of robust and error resistant systems has become an ongoing endeavor for engineers and software developers alike, who evermore intent to develop new approaches to solve this enduring problem inherent to complex systems.Continue reading
From time to time there are reports in the media about spy cameras in hotels rooms or in Airbnb apartments. These cameras are used to spy the gusts. But there are other spy gadgets then cameras, there are gadgets to attack wireless connections or to collect all keystrokes of a system.
In this article is a list of some spy gadgets and why some off them are illegal in Germany. At the end there are tips to protect against these spy gadgets.Continue reading
Hardly any service today works without an API that allows users to log in and then use features that are not available to unregistered users. To do this, the user can create an account that is password protected. Services such as the Google Maps API also provide access interfaces to allow application developers to easily develop very helpful features and make them available to their users.Continue reading
Election campaigns are increasingly carried out in social networks to influence voters. Social bots are being used for this purpose, which raises the question of how much influence they have on voters and whether they can even endanger a democracy. Furthermore, the question arises as to who can be held responsible for this and how users of social networks can protect themselves against social bots.Continue reading
For the most of us, voices are a crucial part in our every-day communication. Whether we talk to other people over the phone or in real life, through different voices we’re able to distinguish our counterparts, convey different meanings with the same words, and – maybe most importantly – connect the voice we hear to the memory of a person we know – more or less.
In relationships lies trust – and whenever we recognize something that’s familiar or well-known to us, we automatically open up to it. It happens every time we make a phone call or receive a voice message on WhatsApp. Once we recognize the voice, we instantly connect the spoken words to that person and – in case of a friend’s or partner’s voice – establish our connection of trust.Continue reading
It isn’t always necessary to attack by technical means to collect information or to penetrate a system. In many cases, it’s more effective to exploit the human risk factor. To successfully protect yourself and your company from social engineering, you’ve to understand how a social engineer works. And the best way to do this is by listening to the world’s most wanted hacker Kevin David Mitnick. Nowadays, the former social engineering hacker uses his expert knowledge to advise companies on how to protect themselves against such attacks. This blog entry is based on his bestseller “The Art of Deception: Controlling the Human Element of Security”. It sheds light on the various techniques of social engineering and enumerates several ways in which you can arm yourself against them.Continue reading
Security hit a high level of importance due to rising technological standards. Unfortunately it leads to a conflict with Usability as Security makes operations harder whereas Usability is supposed to make it easier. Many people are convinced that there is a tradeoff between them. This results in either secure systems that are not usable or in usable systems that are not secure. Though developers are still struggling with the tradeoff, this point of view is outdated somehow. There are solutions that do help to design secure systems people can use.Continue reading