Category Archives: IT Security

Any security related topics such as posts about vulnerabilities, malware, rootkits

FIDO2 für Kreditkarte (Sparkasse). Aber nicht mit Linux!

Im letzten Jahr hatte ich eine Kreditkarte bei der Sparkasse beantragt — Mastercard war das einzige was im Angebot war, aber gut. Also beantragt und direkt nach Erhalt einmal benutzt. Schon der zweite Versuch ging in die Hose, da aufgrund … Continue reading

Posted in DE, IT Security, Meinung | Tagged , | 7 Comments

ASR rule “Block Win32 API calls from Office macros”

Microsoft says it’s fixed. It may be, but I think there’s more to it than meets the eye. Colleagues of mine noticed that, aside from shortcuts disappearing, Defender also started acting up on TortoiseProc.exe from TortoiseSVN. Notably, checkouts would fail … Continue reading

Posted in Administration, EN, IT Security | Tagged , , | Leave a comment

Certum Open Source Code-Signing certificate

In the past I used a variety of code-signing CAs. But for a few years now I am using Certums affordable offer for Open Source developers. Let’s assume you already have their latest hardware and merely want to renew or … Continue reading

Posted in EN, IT Security, Software | Tagged , | Leave a comment

FLOSS-Developers gone bonkers?

So as I understand under the hashtag #StandWithUkraine some idiots have started supply-chain attacks, targeting Russian and Belarussian targets. I’ll leave the exercise to find the respective repos on GitHub to the inclined reader. Has everyone gone bonkers now? Aside … Continue reading

Posted in EN, IT Security, Opinion, Software, Thoughts | Tagged | Leave a comment

Unprofessional, hopeless, Sectigo

In February I applied for an AuthentiCode code-signing certificate for personal projects. I decided to go with KSoftware, a reseller of Sectigo certificates. That was February 15th. TL;DR: More than two months and dozens of emails later I’m none the … Continue reading

Posted in EN, IT Security, Opinion, Software | Tagged , , | Leave a comment

Swiss companies and IT security

Given there’s a rather (in?)famous Swiss messenger touted as secure — but not open source — and the same was said about Crypto AG products until someone lifted the lid off the conspiracy surrounding that I’m wondering how one can … Continue reading

Posted in EN, IT Security, Thoughts | Leave a comment

GnuPG

Recently I ran across a little problem with GnuPG which required some pragmatic solution. I came across a patch that looked promising and because no binaries were provided and if they had been I would not have trusted them, I … Continue reading

Posted in EN, IT Security, Privacy, Software | Leave a comment

Finally … (adblocking)

I’ll out myself as iPhone 5s user now. I bought it with a German vendor who specializes in used and refurbished devices, not just from Apple. The latest update to iOS brings two features I really like: accommodates ad-blockers and … Continue reading

Posted in EN, IT Security, Opinion | Tagged , | Leave a comment

Oh my, shock moment with my private key

So I had generated myself a private key using OpenSSL to create a CSR for an Authenticode code signing certificate from Symantec. Today the certificate was issued, but to collect it, one needs to get the key into the browser. … Continue reading

Posted in EN, IT Security | Tagged , | 2 Comments

What a headline “FBI arrests 100 hackers over Blackshades malware”

Claims The Guardian. Well, a few things: Hacker refers to a very broad skill set, it doesn’t refer to motives or lack of ethical framework. The term in such case is usually cracker. Many skilled people with a perfectly intact … Continue reading

Posted in EN, IT Security, Opinion | Leave a comment

Critique of systemd

ewontfix.com/14/

Posted in EN, IT Security, Linux, Software | Leave a comment

Schneier briefed Congress

Bruce Schneier, a well-known cryptography expert and one of the few with access to the documents leaked by Snowden, briefed six Congress representatives on Thursday. Probably still a more honest speech than Obama’s. ON another note, here’s a fun quote … Continue reading

Posted in EN, IT Security, Privacy, Thoughts | Leave a comment

A list of links

… in no particular order: nullifynsa.com and offnow.org thedaywefightback.org taskforce.is Hashtags: #NullifyNSA and #StopTheNSA // Oliver

Posted in EN, Human Rights, IT Security, Privacy | Leave a comment

“Why are you spying on Grandma?”

… just got to read these two gems earlier today: Former Top NSA Officials Insist Employees Are Leaving Because Obama Is Mean, Not Because They Object To NSA’s Current Activities NSA Sent Home Talking Points for Employees to Use in … Continue reading

Posted in EN, Human Rights, IT Security, Opinion, Privacy, Thoughts | Leave a comment

Speaking of the devil

Just recently I mentioned Clean MX in this blog post and sure enough today I received another automated abuse message from them and relayed to me via Hetzner, my hoster. This time, however, I plan not to be so lenient … Continue reading

Posted in EN, IT Security, Opinion, Thoughts | Leave a comment

No relief

In the past software I wrote ended up in detection of anti-malware programs, more traditionally known under the term antivirus (AV) programs1. As you may or may not know I work for an AV vendor and as such I sit … Continue reading

Posted in EN, IT Security, Thoughts | Leave a comment

Bruce Schneier about the latest information concerning NSA/GCHQ and cryptography

How to remain secure against NSA surveillance Take it always with a grain of salt, but he is an established expert and he has been openly critical against surveillance in his newsletters. // Oliver PS: another comment from Schneier: The … Continue reading

Posted in EN, IT Security, Privacy | Leave a comment

What the creator of PGP thinks …

Read it over here. Excerpt: If we have a change in the government sometime in the future, that government will have such a powerful tool of surveillance, that we will find ourselves in a terrible predicament that we won’t be … Continue reading

Posted in EN, IT Security, Opinion, Privacy | Leave a comment

Catch 22

So in the UK porn filters will be mandatory soon on public WLAN hotspots and even homes, reports Wired. Well, good for them chaps on the British Isles. Only this creates a small problem. Being slightly paranoid, I am using … Continue reading

Posted in EN, IT Security, Privacy, Thoughts | Tagged , , , , | Leave a comment

Will we learn from the NSA eavesdropping scandal?

Having used encryption for a long time and having used PGP consequently for more than five years it seems unlikely to me that people will go the extra mile to ensure the confidentiality of their electronic correspondence. Leaving aside the … Continue reading

Posted in EN, IT Security, Thoughts | Tagged , , , , | Leave a comment