Web Security Hardening

Posted on So, 2014-07-27 in security • Tagged with web, security

Last year during my summer internship I had the chance to catch up with current developments in Web-Security. In particular I had a closer look at mechanisms, that are used as a second line of defense or hardening mechanisms against common web attacks. I created drafts of blog entries describing …

Continue reading

Some Notes on CBC-Mode, IVs and MACs

Posted on Mo, 2013-10-28 in crypto • Tagged with cryptography, security

I recently read this tweet which gave an example for why you should use good IVs in your crypto. The tweet was:

Why you should always use good IVs in your #crypto http://i.imgur.com/jxUv3ha.png

This is the about the example that was given [1]

$ echo 'Give …

Continue reading

Current State of Android "Physical" Security

Posted on Mo, 2013-09-02 in android • Tagged with android, security

About a year ago I gave a talk to my fellow students about the security of android devices, once you get physical access to them. This post will be pretty much that talk plus some additional infos and links. You can find the slides here [1].

The Evil Maid Attacks …

Continue reading