I need to admit: I really love writing audits. It has a certain degree of scientific working to falsify statements. So I was recently confronted with the following quote from a responsible IT manager: We are not concerned with security, but with liability. If Microsoft promises security, this is enough for us. Well, unfortunately I did not attend a judicial exam but when I read the Microsoft EULA1 regarding risks and liability, I consider the circumstances slightly more differentiated: Read more

Within a " digital breakfast " I will give a presentation for the DigiNet Südwestfalen at November, 3rd 2020, 08:30 am at my own Conferencing-Server Topic: “Security of Conferencing Software” giving Stakeholders and Decision-Makers Orientation for risk-assesment. This is a non-public event, please register via Sonja Pfaff on the DiginetSWF Website. About DigiNet Südwestfalen: In early 2019, the Transferverbund Südwestfalen started to track down service providers and networks active in the field of digitalization in South Westphalia as part of the NRW. Read more

In the previous webinar on IT risk assessment and information security, participants questioned me during the 15-minute live hacking session: Is this not illegal? We took a closer peek at the servers of an ambulant care unit and two other businesses. I found them by chance from a total of 28 million hosts1 across Germany using specific search terms. The search lasted just a few seconds and after that we browsed through the numerous directories with patient data and medical prescriptions. Read more

My rant showed some effect ;-) Coming Friday, 2nd October 2020 from 7pm on, I will give a presentation covering IT risk assessment and information security. Everything will be hands-on with realistic (live) examples from the web for an audience of developers, project managers, independent consultants and anyone interested in technology. Have a look at the original announcement here. Friday, 02.10.2020, 1900 (CEST, local time) Room: https://meet.jakobs.systems/b/tom-hwb-uzi-mo0 Password: 350533 Read more

Today I’ve recieved a Email with following Headers: Arc-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none Erhalten: from xxxxxxxx.protection.outlook.com May I ask openly what this “protection” outlook.com server does in the absence of common spam and security features? There are numerous tools in the web for (self-)checking. I usually provide this link and try to lead by example before going into further details like IP-Stripping, pentests or security: https://mxtoolbox.com/domain/jakobssystems.net/ With this in mind, Read more