Another lazy Sunday (oh well, actually I should be writing papers and grant proposals but we are not talking about that right now) and I'm scrolling through my email when I stumbled upon a "FedEx notice" with your usual "you have not picked up your package" scam and I figured …
read more31c3 - A New Dawn
read moreAnother year, another c3
This year marked my 11th year of congress (and 10th visit with a short hiatus in 2012). Just like all the years before we headed to the conference location a day before the start of the 31c3. After arriving in Hamburg (after a quick detour through …
'sploits or having fun with the heap, stack, and format strings
As part of the weekly CTF meetings we discussed some basic stack-based, heap-based, and format string based exploits. For system security challenges these are bread and butter techniques and rely on a huge amount of pre-existing knowledge about operating systems, kernels, process creation, dynamic loading, C programming, stack layouts, and …
read moreA walkthrough for a difficult point and click adventure or deleting a GApps domain and all Google services
Deleting an old GApps account can result in infinite pain. Here's why.
read moreHaving phun with Symbolic Execution (SE)
An introduction article that explains what symbolic execution is and how it can be chained to trigger vulnerabilities hidden deep inside binaries.
read more30c3, a log of the 30st chaos communication congress
Just like every year I visited the 30c3, a hacker congress in Hamburg. This blog post summarizes my experiences and lists talks that you should watch.
read moreHow to choose secure passwords for insecure websites
Protect your passwords for low-security websites using cryptographic hashes.
read moreThe day (or week) I left the Google cloud
The day I decided to leave the Google cloud and take the security and privacy of my data into my own hands.
read moreWarGames in memory: shall we play a game?
Memory corruption (e.g., buffer overflows, random writes, memory allocation bugs, or uncontrolled format strings) is one of the oldest and most exploited problems in computer science. Low-level languages like C or C++ trade memory safety and type safety for performance: the compiler adds no bound checks and no type …
read moreHard data on YouPorn
read moreIntroduction
As you might have heard (or not) YouPorn Chat had a huge information leak on February 21st 2012. One of their servers served a directory with all registration log files from the last couple of years (http://chat.youporn.com/tmp). Apparently this chat server is not serviced by …