Tomorrow I will give a short presentation for the DigiNet Südwestfalen December, 1st 2020, 08:30 am on my Conferencing-Server Topic: “Security of Conferencing Software” giving Stakeholders and Decision-Makers Orientation for risk-assesment. This is a non-public event. Please register via Sonja Pfaff on the DiginetSWF Website. About DigiNet Südwestfalen: In early 2019, the …Read more

Black Friday is here. And with Christmas ante portas the final countdown with the toughest end-bosses in IT support begins: The own parents, partners or children with their new or old digital devices. The fundaments are laid in the upcoming days and weeks when stuff with more or less technical debts is bought. Basically at the moment of your purchase it’s already junk and an environmental …Read more

Due to a vulnerability (CVE-2020-3419), attackers could join Webex meetings without being listed in the participants list. Hidden as a “ghost” from the other participants, attackers could eavesdrop on audio and video content. This is what Heise writes in his article today. But this is only possible (…) if attackers have access to meetings in the form of shared links and a …Read more

What a pity, this is exactly the scenario I first expected for Microsoft. But I’m not really surprised that Apple is now ahead, what happened? The ocsp.apple.com server was apparently down and/or unreachable between yesterday and today. Unfortunately macOS tries to reach it every time an app is opened to check if a certificate has expired or an app has been retracted or some more magic. Of …Read more

A new XOJO User Meeting (in german) is scheduled for this November, 6th 2020 at 1800 LT. Topics Made with XOJO project review by Michael Eckert maybe Arbed - not yet confirmed Duration: 45 Min. Followed by smalltalk/ hangout with open end, Chatham House Rule applies. Link to Conference-room: https://meet.jakobs.systems/b/tom-kks-v5k-xka The passwort will be published here and in XOJO Forum couple …Read more

This weekend, Jochen T. contacted me with an interesting question about Hugo and the theme I am using for this blog: I don’t understand how I can create a “normal” feed, I have searched for help, but found nothing. My feed only contains the categories “micro”, “blog” or “page”, but I would like to have a feed with the individual posts in full …Read more

For my presentations and webinars I am always looking for good quotations. A treasure of them, I found yesterday evening in the Netflix documentary “The Social Dilemma”, of course in the original English version. I do not know the German translation. Some of those quotes I would like to share with you but not without first saying something about their context. Besides the inventors of …Read more

This weekend I was very active in improving my own security. I have also found two neat tools for quality testing which are Hardenize and DNSViz - both added to my Micro-Blog post “Measuring website quality”. On my own mailserver I have implemented MTA-STA according to RFC 8461 incl. reporting. This standard is quite new (2018) and is particularly suitable for servers without DANE. …Read more

I’ve started using Apache-Exporter for monitoring and checking this weekend how useful it is and how it can be integrated into my Prometheus monitoring enviroment. The server-status requests inevitably lead to more “background noise” in the Apache logfiles. The screenshot below clearly shows in the upper less section: Of course the requests cannot be prevented, but you can …Read more

I need to admit: I really love writing audits. It has a certain degree of scientific working to falsify statements. So I was recently confronted with the following quote from a responsible IT manager: We are not concerned with security, but with liability. If Microsoft promises security, this is enough for us. Well, unfortunately I did not attend a judicial exam but when I read the Microsoft EULA …Read more