Exactly 38 days ago today the Berlin daily newspaper TAZ listed an inconspicuous ad with the title tuwat.txt. That one speaks today still about this small announcement from a local newspaper is among other things because of that which developed from it likewise because it is today still just as current as before 38 years. [Read more…] about Memorial to the anniversary of tuwat.txt and the Chaos Computer Club
At the end of August, hackers and technology enthusiasts from the Chaos Computer Club met at the Mildenberg Brickworks Park for the Chaos Communication Camp, which takes place every four years. Between tent cities and network routers in Dixieklos, the so-called “data clos”, many workshops and lectures took place this time, typical for CCC.
The hacker camp at the Chaos Communication Camp
For 20 years now the Chaos Computer Club has organized a summer camp every four years. This took place for the second time already in the brickworks park Mildenberg in Brandenburg. Besides many projects of the local CCC Hackerspaces like automatic wafer-, donut- and cocktail-machines or an internal CCC-Post there was a lot of discussion and knowledge transfer. This is usually done in lectures which can be streamed live or afterwards.
Privacy Breakdowns at Chaos Communication Camp
The first recommendation on our part is a lecture by Stefan Brink, Data Protection Officer of the State of Baden Würtenberg, and Alvar Freude, Speaker for Technical Data Protection and Freedom of Information of the State of Baden Würtenberg, entitled “Achtung, Datenpannen! – The big data protection and DSGVO show”. This lecture, which is partly very humorous, conveys the basics of data protection in a simple way. Special emphasis is placed on the technical implementation of DSGVO requirements. For example, it is explained how personal data should be stored in encrypted form. In the past, we have also reported on some of the major glitches in the implementation of the basic data protection regulation. Here you will find further information on the topics mentioned:
- GDPiRate: Side channel attack reveals DSGVO vulnerabilities
Rethinking in the critical infrastructure
One topic that has been much discussed in the IT security industry in recent years is the BSI Criticism Ordinance of 2016, which defines which nine infrastructures represent the indispensable foundations of society and how they must handle their IT security.
Exactly with this topic area the second lecture recommendation of us concerns itself. The lecture with the title “#Defensive statt #Offensive am Beispiel von KRITIS” by Manuel Atug the Head of the working group Kritis deals with the current trend to invest more money in offensive IT security than in defensive. The implications for the Kritis sector in Germany and the extent to which this will lead to an arms race among market participants will be highlighted.
Hacking of networked buildings on the Chaos Communication Camp
The third and last lecture recommended by us is the lecture “IT security in networked buildings” by the security researcher Simeon of the University of Rostock. Using the example of the industry standard and field bus protocol KNX, this lecture shows how building automation is conceived and which weaknesses and security gaps are concealed in it. The security researcher will show how personal information can be derived from harmless sensor activity data. Finally, recommendations for action are discussed which can be applied to already installed building automation systems in order to increase safety.
Communication of knowledge at the Chaos Communication Camp
In addition to the three lectures recommended by us, there were over 100 further lectures on various topics at this year’s Chaos Communication Camp. Therefore we can recommend you to have a look at the whole lecture program after reviewing the above mentioned lectures. This can be found at https://media.ccc.de/c/camp2019.
Translated with www.DeepL.com/Translator
At the beginning of October, the IT security industry will meet at it-sa 2019 – and this year AWARE7 GmbH will also be present. Own booth, Live Hacking Shows & an experience project for the increase of IT security awareness. Visit us at booth 10.0-520! [Read more…] about AWARE7 GmbH at the it-sa 2019!
It is now standard to work on the road. In almost every train or plane people are sitting in front of laptops working. Whether it’s just retrieving e-mails or coordinating appointments, these types of data should not fall into the wrong hands. All you have to do is follow our tips so that you can work on the road and prevent your data from being tapped.
1. The correct use of WIFI hot spots
You can find them everywhere and meanwhile almost every train is equipped with a public WIFI hot spots. We already reported on the use of this type of Internet access last year. If you regularly use open WIFI hot spots, you should read the entire article and apply the tips listed there.
In short, it is important that you connect to the right hot spot. The name or a login window are not sufficient authentications. Since you are in a public network you should assume that everything can potentially be read by someone else. Accordingly, sensitive actions such as online banking should be avoided.
Pay special attention to dubious links or warning messages. Avoid surfing on HTTP pages and rename your device so that no personal details are integrated (default Apple name: Iphone from Jan).
2. Never leave your devices unattended
Always keep an eye on your technical equipment to protect it from theft. If there is no other way than to leave your technical equipment unattended, such as going to the toilet, you should protect it with passwords or PINs.
3. Do not allow a view of your screen
There are two ways to make sure that no one can look over your shoulder:
Use privacy filters for your screen. This filter blackens the image for people who are not sitting right in front of the screen. (Available for about 30€).
Choose a seat that does not allow strangers to look at your screen unnoticed. Seats at the window are ideal for this, as people in the aisle cannot see the screen.
4. Call as anonymously as possible
During telephone calls, the entire train compartment inevitably listens in. As a rule, we recommend that you postpone telephone calls as far as possible, as you may disturb other people, among other things. If it is not possible to postpone the call, you should avoid mentioning sensitive data. This includes full names, telephone numbers, company names or company-related data.
5. Carry out updates before you start your journey
Updates are used to close security gaps among other things. Since you are always a potential target in a public network, you should ensure that known security gaps are closed with current updates.
Try to do as much offline work as possible on the road so you don’t have to connect to a public network.
If you use the tips listed above, you can work safely on the road but we recommend that you use sensitive data as sparingly as possible in public networks.
In addition to the many forms of cyber crime, one kind of data theft often goes unnoticed in public reporting and perception: RFID technology and so-called RFID skimming.
The data stored on the chip is read by attackers. For example, criminals can quickly focus on their own bank cards. Every year, around 7 million pounds are captured. [Read more…] about RFID technology – a practical companion that holds risks!