Newsletter

Mehrfach im Jahr informieren wir herstellerneutral und unabhängig über aktuelle Sicherheitslücken, Case Studies und Forschungsergebnisse. Wenn Sie diesen kostenlosen Service nutzen möchten haben Sie hier die Gelegenheit uns Ihre E-Mail-Adresse anzuvertrauen.

Im Folgenden finden Sie das Archiv aller bereits veröffentlichten Newsletter.



We are pleased to announce the latest edition of our whitepaper, “Incident Handling: First Steps, Preparations Plans, and Process Models”.

ERNW_Whitepaper_58_Incident_Handling_Signed.pdf

We are pleased to announce our newest ERNW White paper,”IPv6 Source Address Selection”. A signed copy can be found through the link below:

ERNW_Whitepaper57_IPv6_lab_source_address_selection_signed.pdf

We are pleased to announce our newest ERNW White paper,”Cisco OEAP602 Key Extraction”.

ERNW_Whitepaper_56_Cisco_OEAP602_Key_Extraction_v1.0-signed.pdf

We are pleased to announce the latest edition of our newsletter, “Threat Analysis of malicious applications on mobile operating systems”. The signed pdf can be found below.

ERNW_Newsletter_55_Threat_Analysis_v1.0_signed.pdf

We are pleased to announce the latest edition of our newsletter, “Xenpwn”. The signed and unsigned pdfs can be found below.

ERNW_Newsletter_54_Xenpwn_v.1.0_signed.pdf

ERNW_Newsletter_54_Xenpwn_v.1.0.pdf

We are pleased to announce the latest edition of our newsletter, “Security Assessment of Microsoft DirectAccess”.

ERNW_Newsletter_53_MS_DA_Security_Assessment_Signed.pdf

ERNW_Newsletter_53_MS_DA_Security_Assessment_unsigned.pdf

We are pleased to announce the latest edition of our newsletter, “Some Recommendations Regarding Windows 10 Privacy Settings”.

ERNW_Newsletter_52_Win10_Priv_v1.0_signed.pdf

We are pleased to announce the latest edition of our newsletter “Playing with Fire: Attacking the FireEye MPS”:

ERNW_Newsletter_51_Playing_With_Fire_signed.pdf

We are pleased to announce the latest edition of our newsletter “Reflections on Vulnerability Disclosure and a Case Study”

Vulnerability disclosure has been a topic of fierce debates in the recent years. That’s not in the least, usually a number of ethical questions are involved and proponents of different perspectives assign different weights and priorities to the values touched. In this paper we will discuss some of the questions involved, how they can be tackled and how we handle some of them in the past (and which developments make us consider it necessary to re-think our way of handling). The piece is organized as follows: first we provide a short overview of approaches to vulnerability disclosure and why we followed a specific one (“responsible disclosure”). We will then discuss potential problems with responsible disclosure which have arisen in the interim. To illustrate these (types of) issues we will discuss a specific case study we’ve been involved with. Furthermore, we will formulate a set of questions to stimulate further discussion of the topic. It should be noted that this paper is written from a highly personal perspective and it’s not meant to provide definitive answers, but to raise awareness of the inherent challenges of the process.

Have a great week!

Newsletter 50 Vulnerability Disclosure Reflections CaseStudy

We are pleased to announce the latest edition of our newsletter “Security of Home Automation Systems”

Home Automation Systems are used more and more in new and modern buildings. They provide many comfortable functions, which make our daily life easier. Nearly every functionality in a building can be controlled with such a system, also security-relevant mechanisms like alarm systems. Therefore the security of the home automation itself should be as secure as possible. This fact should also apply to extensions like web interfaces for controlling smart homes via a web browser. This document examines different security aspects of the KNX technology as well as extensions, for example web interfaces which can also be part of an installation.

Have a great week!

ERNW_Newsletter_49_SecurityOfHomeAutomationSystems_signed.pdf