lists.rwth-aachen.de
Sign In
Sign Up
Manage this list
Sign In
Sign Up
×
Keyboard Shortcuts
Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
rwth-security
Thread
Start a new thread
Download
Threads by
month
----- 2024 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2023 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2022 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2021 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2020 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2019 -----
December
November
October
September
August
July
June
May
April
March
February
January
----- 2018 -----
December
November
October
September
August
July
rwth-security@lists.rwth-aachen.de
July 2021
2 discussions
Security Engineering — Third Edition
by Bernd Kohler
10 Mar '22
10 Mar '22
Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "Security Engineering — Third Edition" "... from phone phreaks to Android malware and from SIM swaps and SS7 hacking to 5G ..." VG Bernd [0]
https://www.cl.cam.ac.uk/~rja14/book.html
-- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de
www.itc.rwth-aachen.de
Social Media Kanäle des IT Centers:
https://blog.rwth-aachen.de/itc/
https://www.facebook.com/itcenterrwth
https://www.linkedin.com/company/itcenterrwth
https://twitter.com/ITCenterRWTH
https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ
1
1
0
0
Skript bzgl. application layer protocol content confusion attack
by Bernd Kohler
10 Oct '21
10 Oct '21
Hallo zusammen, ich habe den Artikel [0] zu ALPACA ("Application Layer Protocols Allowing Cross-Protocol Attacks") mal zum Anlaß genommen, ein kleines Skript zu schreiben. Dieses prüft aber eigentlich nur, ob die empfohlene TLS extension Application Layer Protocol Negotiation (ALPN) aktiv ist oder nicht. SNI habe ich zudem ausgeklammert. Das Skript analysiert also nicht ALPACA, dazu fehlt bspw noch die Prüfung auf notwendiges SMTP/FTP/... sondern lediglich eine Empfehlung Dies habe ich mit Blick auf den von mir gesetzen Zeitrahmen (noch?) nicht implementiert. Verbesserte/korrigierte Versionen bitte gerne wieder zurück in diese Runde. Also fröhliches Testen der eigenen (!) Web-Server bzgl. ALPN. VG Bernd [0]
https://www.heise.de/news/ALPACA-Attacke-Angreifer-koennten-mit-TLS-gesiche…
[1]
https://alpaca-attack.com/
-- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler(a)itc.rwth-aachen.de
www.itc.rwth-aachen.de
Social Media Kanäle des IT Centers:
https://blog.rwth-aachen.de/itc/
https://www.facebook.com/itcenterrwth
https://www.linkedin.com/company/itcenterrwth
https://twitter.com/ITCenterRWTH
https://www.youtube.com/channel/UCKKDJJukeRwO0LP-ac8x8rQ
1
2
0
0
Results per page:
10
25
50
100
200
