Leitartikel
Der Bereich Leitartikel ist neben jenem für Neuigkeiten einer von zwei wesentlichen Bereichen für
Information dieser Internetpräsenz. Alle zur verfügung stehenden Artikel sind im Folgenden
aufgeführt.
Freitag, 1. Dezember 2017
Eine Übersetzung für diesen Text ist nicht verfügbar. Bitte wählen Sie die englische Version.
Due to the increased security awareness in the business world, some things have changed for the better. Today,
businesses have at least a subset of the technology and methods available, once reserved for nation-sate actors like
the police, intelligence agencies and the military. Some will therefore be discussed in this article.
Organizations worldwide feel the ever increasing pressure to adapt and thus tighten their IT security. Especially within the world of finance rapid progress took place in terms of cyber security posture improvements. Intelligence gathering today is often based on SIEM (Security Information and Event Management) solutions and adjacent technologies, such as traditional logging and monitoring systems. However, taking the whole spectrum of security technology into account, a sole focus on network and perimeter-centric solutions is misplaced. Monitoring and endpoint protection are not the ultimate solution to all problems. Also, though combined efforts to establish persistence across the technology landscape, efforts are often hindered due to time constraints, tight budgets and staff shortage. Fortunately, there is a wide array of security technology, including often neglected ones, such as MAC (Mandatory Access Control), system based on the Bell-LaPadula model.
Zuletzt aktualisiert (Montag, 15. Januar 2018)
Mittwoch, 15. Juni 2016
Eine Übersetzung für diesen Text ist nicht verfügbar. Bitte wählen Sie die englische Version.
A previous version of this article initially appeared on »House of Hackers« in June 2008, posted by seconded
agent A. Denton of directorate I: intelligence (ICT). Some aspects of it long remained significant for the
organization's sectret day-to-day operations. On these grounds the article could not be declassified and published
before.
In 2008 ED Denton used to work as an apprentice in the field of web engineering and security, when she was asked to assist GD Hollstein in an NGO web portal security audit. A subsequent report, which included a CoA along with a security and QA statement, had to be composed in due time. Step 1: System Lookup+Scans: The team first gathered target information, i.e. ISP and location, DNS records, OS and web/app server details. Further everything about the ISP's infrastructure itself, as well as information for later social engineering, was ascertained. To accomplish that, unixoid OSs and programs, i.e the 2007 BackTrack 3 GNU/Linux, next to publicly available database records from several authorities were employed. Of course every such software also required basic knowledge about ISO models, protocols, RFCs, networks and OSs to avoid potential hazards. Eventually the team discovered the targets were Gentoo GNU/Linux systems with kernel v2.4.22, hardened with grsecurity.
Zuletzt aktualisiert (Mittwoch, 15. März 2017)
Freitag, 1. Mai 2015
Eine Übersetzung für diesen Text ist nicht verfügbar. Bitte wählen Sie die englische Version.
The QUANTUM project was one of the most top-secret ventures of the NSA. During the last months several news
agencies reported on that specific technology. Since ✛ΔO considers the project as one of NSA's most
eminent threats to society until this day, the organization therefore published the present assessment along with an
evaluation of countermeasures.
As Bruce Schneier wrote in his book »Data and Goliath«, the clandestine QUANTUM project was meant to be kept as secret as possible. In the meantime though various reports indicated that this project was not the only one of its kind, but that the Chinese government is in possession of a very capable »Great Firewall of China«, for a longer period of time already. Quite often authors confused that one with the »Great Cannon of China« which is a different system indeed. The article »Don’t Be Fodder for China’s ‘Great Cannon’« roughly outlined the inner workings of the »Great Firewall« and the »Great Cannon«. It showed that the firewall only prevents access to sites by either blocking or redirecting requests, while the cannon does more and actually injects packets into the stream. That is because to call forth a more complex desired behavior on the machine, where the initial request originated from. Therefore that cannon is more comparable to NSA projects like FOXACID.
Zuletzt aktualisiert (Freitag, 1. Mai 2015)
Donnerstag, 15. Mai 2014
Eine Übersetzung für diesen Text ist nicht verfügbar. Bitte wählen Sie die englische Version.
In early April 2014 two independent IT security specialists from Codenomicon and Google Security discovered
a flaw introduced into OpenSSL in December 2011. This article does not cover the happening itself, but focuses on
common misunderstandings and wrong interpretations with regards to the catastrophe.
One common misinterpretation was that "Heartbleed", which is the way the flaw/bug was prematurely called, would only affect current versions of OpenSSL. However the truth is that older versions were affected as well – number 1.01 and 1.02 to be more precise. OpenSSL is a piece of software to encrypt traffic of connections on transport layer, which mostly affects TCP connections. The TCP/IP-stack is the dominant protocol-stack on the internet consisting of about 500+ different protocols. Since a lot of higher-level protocols, such as HTTP partially rely on encryption, TLS/SSL is employed on a regular basis to satisfy this constraint. For a disambiguation between TLS/SSL and SSH we suggest the article on Snailbook for reference. Basically OpenSSH is a protocol with several sub-protocols. (e.g. for multiplexing, password-based authentication, terminal management, etc.) which implements non-PKI authentication from S (session) to A (application) layer of the ISO:OSI model.
Zuletzt aktualisiert (Mittwoch, 1. April 2015)
Freitag, 15. März 2013
Eine Übersetzung für diesen Text ist nicht verfügbar. Bitte wählen Sie die englische Version.
After two years in the making, the organization released its new offline Web Content Management System, named
»LXCMS«. That system is part of the organization's recent strategy to improve its overall system security,
in the wake of increased world-wide threats to cyber as well as information security.
The new system is set to improve the situation in the area of content delivery, though Joomla! SE was our trusted wCMS software in operation for a long time. However the underlying Joomla! was always developed for the masses to fit their unspecific needs. Additionally Joomla! was always licensed under the GNU/GPL, unlike our new LXCMS which was put under our much simpler LTDL 2010. With Joomla! SE we could not have done the same thing for obvious legal reasons. Also Joomla may have been easy to install and upgrade, but was time-consuming to administer in later stages of use. The Joomla core itself was reliable indeed and so was the core of our wCMS Joomla! SE. Further developments though required our systems engineers to acquire a deeper knowledge of the software's code base. Unfortunately development was never optional but explicitly mandatory, since new features and security enhancements had to be ported back to our advantage and our security.
Zuletzt aktualisiert (Mittwoch, 1. April 2015)
