Third times a charm… Or so they say. The OpenSource encryption library OpenSSL had its third “major” security vulnerability, which was fixed with a patch available as of November 1, 2022. As per CVE-2022-3786 and CVE-2022-3602 the security vulnerability constitute X.509 email address buffer overflows. 8 years ago it was Heartbleed. This security vulnerability was … More And another OpenSSL security vulnerability
In his regular show on Friday Oct 7, 2022**, German satirist and TV host, Jan Böhmermann, reported about Germany’s Cybersecurity council. The question only is, which one… Turns out we have two: One, which was inaugurated by Germany’s Ministry of Defence. This is a council made up of politicians from Bund and Länder (representatives from … More Germany’s Cybersecurity council(s) or Social Engineering goes organisations*
After a couple of articles on fraud related topics, I decided that it is high time that I publish another article on a security topic, which is dear to my heart. Quantum computing is on the brink of becoming a reality. IBM conducts research and innovation with its system Quantum Eagle. The German government decided … More Quantum computing will soon break current encryption algorithms
Is there an after one seems to wonder? Although the major hardware vendors have shipped fixes or new chips closing these vulnerabilities, new findings seem to appear every so often. One also wonders how the hardware vendors closed these vulnerabilities as some cases required a major architectural change, which could only be accomplished with new … More After Spectre and Meltdown – what now?
There is so much talk about cyberwar and advanced persistent threats. One can get really scared. However, if you look at the facts, you only have to follow the money. Or in other words answer the question, where can an attacker make the most bang for the buck. It is true that cyberwar has become … More Do we all WannaCry – or which threats should we expect?
At least when your company is in California, a state that has been quite at the forefront lately when implementing and enforcing new laws, rules or regulations in regards to IT security and data privacy. And they seem to continue to be up and at them… The linked article quotes a report by the Californian … More Will legal consequences improve security? – If you have not implemented critical security controls, soon your negligence could cause legal consequences.
I have noticed lately that more and more customers start asking questions about how to implement X.509 certificates for authentication and Single Sign-On. What an interesting development!?! X.509 certificates were invented as digital identities to secure web applications, but did never really take off, because you need to set-up a quite intensive and costly administration in … More X.509 certificates are back
If you’re thinking about a decision methodology on which security measures to implement, one thought should be to look at Ease of Use versus security strengths and determine where in the down below picture your implementation fits. Unfortunately the easier the use of a security measure the less secure it ease. The more secure the … More Ease of use versus security strengths – the inversely proportional relationship
In this linked article where an NSA employee gives advice on how to keep your systems secure, it should become crystal clear that you have to keep your security patching up-to-date. According to the quotes in the article even security vulnerabilities that existed only for hours on a system can be exploited by adversaries. So … More How to keep your systems secure? – Always implement the latest security patch as soon as possible
In a recent meeting with a customer group on security topics, one of the attendees asked everybody else whether they had implemented system-to-system encryption behind the firewalls in their internal landscape. Only one attendee said yes. And it applied only for one system deemed extremely critical. To my astonishment nobody considered this strange or negligent. … More Encryption of communication paths – it’s so easy but often not implemented
Gerlinde 