As of September 8th, 2015 this website has been added to the HSTS preloading list of Google Chrome. I expect Firefox to follow soon. This ensures that all connections from your browser is sent over encrypted HTTP, even when you try to connect with http://vulnerability.ch. You can check HSTS-Settings in Chrome under: chrome://net-internals/#hsts How to add […]
Continue ReadingGoogle’s BeyondCorp and some Thoughts
One of the big news stories last week was the Wall Street Journal article, reporting that Google has “given up on their internal network” and are moving their business applications to the internet (called BeyondCorp). The reason behind is that they don’t see the internal network as private/protectable anymore. With todays adversaries, malware and general lack […]
Continue Reading“You order form:[RANDOM] from 06/05/15 recived;” Attachment Analysis
Today I came across a message, which was rather interesting. The mails were received with different subjects, random company names in them as well as random attachment names. The attachment is a Word document with the “*.doc” extension (never a good sign). Quickly analysing shows that the Word document contains a Marco script, which, when executed, […]
Continue ReadingPhishing Gang Forgets Source Code
I love to analyse and take apart phishing pages. Such phishing pages are nothing new, you can find them almost daily. I always enjoy poking around and investigating if I find something new, something of interest or just some sort of timestamp to be able to pinpoint the speed a gang has in setting up new phishing pages. […]
Continue ReadingHack of the Day: Xing
Hack of the Day – Xing I have been using Xing for close to eight years. And I have tried the Premium feature for a little while. But luckily my card run out and that solved the hassle ton cancel my account 😉 However, have you every seen this on your front page: The “Profile Visitors” […]
Continue ReadingCreative Commons: Donors Data Leak
A few days ago has the Creative Commons team sent out an email, informing me and some other donors about a data leak that happened on their GitHub repository: Creative Commons believes in open, frank, and prompt communication with our community, including our donors. We also take your privacy seriously. We are committed to responsibly guarding the personal information you […]
Continue ReadingZeitgeist Daemon on Xubuntu does not respect your privacy
I toyed around with my Xubuntu, and found the strange named process “Zeitgeist”. What’s this? “zeitgeist-daemon is a daemon which keeps track of activities on your system (file usage, browser history, calendar events, etc.) and logs them into a central database. It does not only create a chronologic register, but also supports tagging and can […]
Continue ReadingDownloadable List of all Swiss Mobile Phone Numbers
This is more of a fun post. I needed a list off all Swiss mobile phone numbers. I created a list for all currently used “area codes” 076-079 and decided to share the text files with anyone. 075 is currently not really used by Swisscom, though it was announced they will start to use the […]
Continue Reading
Why Password Re-Use Is Bad For You
Every now and than, a website on the Internet gets hacked and sensitive data of its users are stolen. Sensitive data can be anything, from your email address, to your birthday, social security number, credit card details or your password (either in hashed, encrypted or plain text form). While all this data is critical to […]
Continue ReadingThe Onion Write-Up On How Their Twitter Account was Compromised
The Onion (a mostly for-fun online news outlet) was recently a victim of the Syrian Electronic Army hacker group. The group has been in the news recently for hacking high profile Twitter accounts and posting false/bogus information. On of the victims was @The_Onion. They have now published a story on how they were compromised, including […]
Continue Reading