Over the weekend I have increased security and automatized processes - that’s lame! This can be anything or nothing, too vague and unspecific. Well technically correct and with a touch of cynicism: “I translated bash scripts to YAML.” Okay, let’s agree on: I consolidated numerous bash scripts for automatically renewing certificates, reduced complexity, eliminated potential security risks when transferring certificates from outside reverse proxies to inside hosts, and made everything more transparent with both Ansible and Git. Read more

A quizzle for the weekend: Which of the following domains is most likely a malicious one? Look closely! ԁeutsche-telekom.de sparkasse-ԁarmstadt.de cloud.sessionID.cf.373.tw/323.fra.commerzbank.de Quite simple, some will say. Others claim they never fail to phishing mails or open unknown file attachments. This always happens to the others! Whoever knows such a person may pass this quiz to him or her. Read more

Yesterday and today I’ve noticed the author malvuln1. He has uncovered vulnerabilities for 14 malware and backdoor applications. Yes, you are correct: He has found vulnerabilities in malware and backdoors, practically with proof-of-concepts to reproduce. No need to emphasise, that’s all Windows malware we’re talking about. Read more

In the previous webinar on IT risk assessment and information security, participants questioned me during the 15-minute live hacking session: Is this not illegal? We took a closer peek at the servers of an ambulant care unit and two other businesses. I found them by chance from a total of 28 million hosts1 across Germany using specific search terms. Read more