Latest updates

We update our website at the moment

Hello! 😊

Updating our back end is almost done. We test a JavaScript-based feature, allowing secure and private searching. We will upload some revised content soon. Thank you for your patience.

InfoSec Handbook, September 2021

Exposed IP cameras may disclose your physical address

IP cameras are affordable and ubiquitous. You can conveniently monitor your home from almost everywhere. However, hundreds of IP cameras are unmaintained and vulnerable to attackers. In the worst case, exposed IP cameras can be misused to locate your physical address.

In this article, we show how attackers may locate your camera’s physical location and provide tips on securing your device.

Hi, I'm your unmaintained IP camera, broadcasting your life 24/7

Do you operate an IP camera, which is connected to the internet? Did you ever check its configuration? Did you check if the device runs the latest firmware? Did you check whether everybody on the internet can access your camera?

In this article, we share several risks coming with unmaintained IP cameras and tips on how you can secure your device.

Modern credential management — keep it simple

Each year, “the worst passwords of the year” make it into the news. Passwords like “123456,” “111111,” “querty,” or “password” are always on these lists. If you look at leaked passwords, you quickly realize that passwords are short, non-random, and may have a trailing “!” as the special character. Companies try to get rid of weak passwords by enforcing password rules; however, users find creative ways to bypass these unpopular rules, again using weak passwords.

While countless websites flood the internet with tips to create the “perfect” password, many of them forget about two essentials: Defining a threat model, and keeping credential management as simple as possible.

NTS – Securing NTP with RFC 8915

The Network Time Protocol (NTP) is one of the remaining protocols on the internet without state-of-the-art security. The RFC 8915 “Network Time Security for the Network Time Protocol” tries to change this by proposing cryptographic protection for NTP’s client-server mode. In this article, we use the NTP implementation “NTPsec” and NTS to synchronize the system’s time securely.