Posts in category “Security”

Ransomware vs. Antivirus

Category: Security - 03.09.2017

Ransomware has been an emerging threat for the last years. In May this year, a specific Ransomware called WannaCry brought news back onto this topic. While working on a paper on ransomware, I did some research on how ransomware attacks can be prevented - or how malware can be hidden from Antivirus software.

Read this post in about 5 minutes

Still using HTTP? That’s so 2015…

Category: Security - 25.04.2016

Since the launch of Let’s Encrypt CA in late 2015, obtaining TLS certificates has become cheap, quick and easy. Statistics this month showed Let’s Encrypt has yet issued nearly 1.8 million certificates. But it seems like this information hasn’t arrived at some website owners and API developers.

So I wrote a little script to poison DNS requests and let a little node.js script exchange all pictures requested by the victim (I will perhaps blog about this script another time). Sites and apps using TLS are perfectly fine, because they will reject connections to the fake webserver without a valid certificate. Without transport security, things get mad.

Read this post in about 1 minute

Adobe patches Flash - again

Category: Security - 12.03.2016

Adobe just released some new security-related patches for their Flash Player.

My question here is not “why again”, because I expected that. We all expected that. The real question is - who the hell still uses flash? And why are guides like “This is how you secure your flash installation now” so popular? (The expression “security hole” is always particularly funny; that’s obviously no hole here, because a hole clearly has an edge ;) )

The times when you needed Flash for watching YouTube videos are gone (they support HTML5 since, uh…) and they even set HTML5 as default in early 2015. So please stop writing tutorials on how to secure flash and start writing tutorials on how to use other technologies. Thanks.

Read this post in less than 1 minute