Nach­rich­ten & Blog

Cen­sors Igno­re Un­en­cryp­ted HTTP/2 Traf­fic

Using Unencrypted HTTP/2 to Circumvent Censorship

Mehr erfahren

Cir­cum­ven­ting the GFW with TLS Re­cord Frag­men­ta­ti­on

How Fragmentation Can Be Extended to the TLS Layer

Mehr erfahren

We Re­al­ly Need to Talk About Ses­si­on Ti­ckets

A Large-Scale Analysis of Cryptographic Dangers with TLS Session Tickets

Mehr erfahren

Früh­lings-Uni

As a part of the "Frühlings-Uni", Juraj has held a presentation on the importance of IT security and presented CTFs.

Mehr erfahren

Ba­che­lor's The­sis: Web Key Di­rec­to­ry and Other Key Ex­change Me­thods for Open­PGP

a security analysis on the OpenPGP key exchange method Web Key Directory

Mehr erfahren

Usa­ge Sta­ti­stics of 3D Prin­ting File For­mats

an overview of the usage of different file formats used for 3D printing

Mehr erfahren

Our stu­dy on e-mail si­gna­ture spoofing at­tacks pre­sen­ted at SOUPS

Do you use S/MIME or OpenPGP to secure your emails? Do you think that validating e-mail signatures is easy? If your answer is yes, you should take a look at our study published together with our colleagues from Karlsruhe Institute of Technology, Münster University of Applied Sciences, and Ruhr University Bochum.

Mehr erfahren

TLS-An­vil pre­sen­ted at USE­NIX Se­cu­ri­ty

Together with our colleagues from the Ruhr University Bochum, we have published our paper on combinatorial testing of TLS implementations. The paper is presented at USENIX Security in Boston this week.

Mehr erfahren

Two open PhD po­si­ti­ons for our NERD2 pro­jects

We are searching for two new research candidates, who would like to work in the areas of Web and TLS security.

Mehr erfahren

Herb­s­tu­ni

As a part of the "Herbstuni", Katharina has held a presentation on the importance of IT security and presented CTFs.

Mehr erfahren

ESO­RICS Tu­to­ri­al on TLS 1.3

Together with Robert Merget, we gave a hands-on tutorial on TLS 1.3 and how you can analyze it with TLS-Attacker. The tutorial was recorded and is now available on YouTube.

Mehr erfahren

TLS-At­ta­cker de­vel­opers

We are searching for Java developers for our TLS-Attacker project.

Mehr erfahren

Two pa­pers pre­sen­ted at USE­NIX Se­cu­ri­ty this week

We worked on two papers that are going to be presented at the USENIX Security 2021 conference this week.

Mehr erfahren

AL­PA­CA At­tack

We published a new attack called ALPACA. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one…

Mehr erfahren

IT Se­cu­ri­ty "Stamm­tisch"

In cooperation with /upb/hack, we organize an IT Security "Stammtisch". The topics in the first months include Content Security Policy, OpenID Connect, and PDF security.

Mehr erfahren