Wednesday, May 13, 2015 - 19:16

Bleep. Just more useless closed source cryptography

Bleep is a secure Messenger for iOS, Android and for Windows and OSX desktops. The company behind it are the same guys who are behind BitTorrent and Bleep is exploiting on this fact. Most notably with it's decentralized approach. But ...
Saturday, May 2, 2015 - 14:54

Buffer Overflow puts Dreamliner's power generators to sleep

The problem doesn't seem to be as drastic as it sounds under real conditions since it requires the plane to be powered for a full 8 month. On the other hand the problem raises questions about the general quality of software development at Boeing or the industry in general.
Sunday, February 22, 2015 - 02:48

GCHQ and NSA likely capable of attacking large volumes of cellphone communications

The Intercept came up with a story that should not be surprising. For some reason however we were surprised. And I'm no exception to that.
Friday, February 20, 2015 - 00:28

Pre-installed adware on Lenovo Laptops.

This stunt is absurd bordering surrealism. For some reason beyond me Lenovo decided to pre-load Superfish Visual Discovery. In this form the software qualifies as adware.
Tuesday, February 10, 2015 - 14:53

MongoDBGate. When idiots are tasked way over their heads

Computer science students of the university of Saarland discovered nearly 40.000 unprotected MongoDB installation accessible from public networks.
Thursday, February 5, 2015 - 15:37

BMW ConnectedDrive hacked.

The reasons for security failures are legion and quite a few have one or more major fuck-ups at their root. This one however is a fuck-up of epic proportions in its own league.
Saturday, January 24, 2015 - 01:15

unserialize() vs. json_decode() in PHP. The exploit devil is in the detail.

For quite some time there is a dogma battle going on what to use. And some folks will still proclaim that json_decode is really just unserialize in slow. That's however not the only difference.
Monday, November 10, 2014 - 21:58

Der BND und die aufgekauften Exploits

Aktuell kursieren Meldungen, dass der BND 0-Day Exploits aufkauft bzw. aufkaufen will, um sie für die geheimdienstliche Informationsbeschaffung zu nutzen. Das machen andere auch. Auch bei den meisten von denen ist das eine sehr dumme Idee.
Saturday, September 6, 2014 - 20:26

JackPair: An open source and open hardware voice encryption dongle.

I stumbled upon this little gadget yesterday and I think I like it if they deliver on their open statement. The device is encrypting audio between headset and the phone's audio jack. So it's a hardware solution requiring both parties to own the device.
Friday, September 5, 2014 - 21:53

Wie sicher ist Smart bzw. ChipTAN?

Ein Urteil des Landgericht Darmstadt sieht die Haftung in einem verhandelten Fall auf Seiten des geschädigten Kunden, da dieser SmartTAN eingesetzt hatte.

Pages