SmartCities’s Cyber Security Role and Ethical Challenges

Security and safety challenges of smart-cities are under hot discussion, and thanks to its property as an umbrella term every cyber-security vendor has an opinion on it. Most technical research on smart-cities aren’t addressing cyber security and privacy concerns. The consensus is that it’s the vendor/integrator who should be held accountable when things go wrong. But […]

Read More

Thoughts on Streembit without getting too technical

I have been trying to come up with a simple explanation of Streembit. Almost like an explanation without actually explaining it: “Streembit is a peer-to-peer human and machine communication platform. Secure, peer-to-peer, decentralized network formation is a fundamental and unsolved information technology problem.“ Streembit aims to solve this problem. But what exactly is the problem […]

Read More

Can Passengers Access an Aircraft’s Safety Critical Systems via the IFE?

Interesting discussion has popped up on my LinkedIn feed over a picture showing an ancient version of Linux used in an In-Flight Entertainment (IFE) system. The question was raised again (over and over) whether a passenger can issue safety critical commands or access functions from the cockpit. IFE’s are typically certified to Design Assurance Level […]

Read More

Attacking the Internet of Things for Fun and Profit

Last updated 22nd Sept. 2016. Below we’re collecting the most interesting and influential IoT Security papers. This post targets engineering professionals who want to jump-start their IoT Security foo or wish to move into this Brave New World that is the Internet of Things or more specifically learn about IoTSecurity. The below content is evolving (hopefully with your help). If you find something missing […]

Read More

Misconfigured US DoS website leaked classified files into archive.org

thiébaud.fr has recently pointed out that the robots.txt file from the US Department of State website contains a grave misconfiguration. A robots.txt is part of a webservers configuration and supposed to be publicly readable. It tells search engines which links on the site should (not) be indexed. But the configuration directives which were used in robots.txt must have […]

Read More

DevOps and Security

Software developers are “bonused and incentivized” for causing change. That’s how they make their money. Operations people inherit these changes and earn their money by maintaining stability. As change is the natural enemy of stability, developers and operations are natural enemies. DevOps changes this by harmonizing and aligning their incentives.  But what about Security? The recent “heartbleed” and “shellhock” exploits […]

Read More