I’m gonna be in Tanzania for the next few weeks. This is my first time in Sub-Saharan Afrika. Let’s hope that I don’t turn into this mamafat guy. I’ve arrived almost 2 weeks ago and I’ve been staying with a friend in Kigamboni. That’s a suburb of Dar es Salaam, but separated from the city …
Author Archives: michael
Fall of Civilizations [en]
A while ago, the YouTube algorithm suggested an episode of the Fall of Civilizations podcast. Not exactly sure why, because I rarely watch history topics online. (I do sometimes read up on history topics on Wikipedia, so maybe that’s why? Although I cannot see any obvious 3rd-party tracking code on Wikipedia.) Even more rarely do …
DIN vs Denkmalschutz [en]
The most German thing I’ve seen in a while: The stairs are closed, because the steps do not comply to the DIN standard.But they cannot be reconstructed, because they are under a preservation order. That’s almost as German as Stackenblochen, but probably more authentic.
XSS Demo [en]
Finally some good use for my new infrastructure. I’ve had this small Angular app lying around, which I wrote for a presentation/demo on XSS a couple of years ago. So far, I’ve run it locally to demonstrate XSS vulnerabilities and how to exploit them. Now I have a place to put it and share it …
The B in BYOK stands for Bullshit [en]
I’ve recently encountered someone, who insisted on a Bring-Your-Own-Key (BYOK) setup for compliance reason. I’ve always been skeptical about that and I didn’t have to search long for confirmation. This is what the Wikipedia article on BYOK has to say: […] a cloud computing security marketing model […] […] gives the enterprise the perceived control …
Let’s Revoke! [en]
Getting TLS certificates from Let’s Encrypt is easy, but that’s just part of the story. It may sound paranoid, but being able to revoke certs is almost equally important. The premise is that there’s always a chance that your private keys will leak. Maybe it will never happen to me, but it will eventually happen …
Let’s Encrypt! [en]
… is where I’m getting the TLS certificates for this blog nowadays (after moving away from CAcert). I’ve been using Let’s Encrypt at work now and then. Many colleagues in my department are heavy users and my employer is a sponsor. So I knew what to expect and how to get started. Nevertheless, here’s a …
Goodbye CAcert [en]
When I started this blog back in 2010, I wanted HTTPS, but I didn’t want to pay extra for it. Back then that wasn’t as easy as it is today. So I compromised and got my TLS certificates from CAcert. Problem was that almost no OS or browser vendor trusted their certs. Debian and Ubuntu …
OK, Boomer [en]
Looking for a web security challenge? I recommend this XSS Game. Frankly, I’ve even struggled with some of the “easy” warmups. Let alone the challenges. Luckily, they’ve published solutions, too. Kudos to Pwn()!
Die Stones leben noch [de]
… aber MCA ist tot. Keith Flint ist tot. Sebastian Hackert ist tot. Und jetzt ist auch noch einer meiner Lieblingsmoderatoren bei FM4 gestorben: Martin Blumenau. Er bleibt mir vor allem als Moderator der Wunschsendung FM4 Zimmerservice in Erinnerung. Er hatte da diesen gewissen Wiener Schmäh. (Zumindest erschien einen außenstehenden Piefke wie mir das so.) …