Nach­rich­ten & Blog

Two of the students who have written their thesis with us won an award for outstanding theses in the context of IT security. We congratulate Simon Nachtigall on his first place with the topic of “Evaluation of TLS session tickets” in the “Master’s Thesis” category and Nico Heitmann on another first place in the category “Bachelor’s Thesis” with the topic “Security Analysis of the Web Conferencing System BigBlueButton”.

Mehr erfahren

Do you use S/MIME or OpenPGP to secure your emails? Do you think that validating e-mail signatures is easy? If your answer is yes, you should take a look at our study published together with our colleagues from Karlsruhe Institute of Technology, Münster University of Applied Sciences, and Ruhr University Bochum.

Mehr erfahren

Together with our colleagues from the Ruhr University Bochum, we have published our paper on combinatorial testing of TLS implementations. The paper is presented at USENIX Security in Boston this week.

Mehr erfahren

We are searching for two new research candidates, who would like to work in the areas of Web and TLS security.

Mehr erfahren

As a part of the "Herbstuni", Katharina has held a presentation on the importance of IT security and presented CTFs.

Mehr erfahren

Together with Robert Merget, we gave a hands-on tutorial on TLS 1.3 and how you can analyze it with TLS-Attacker. The tutorial was recorded and is now available on YouTube.

Mehr erfahren

We are searching for Java developers for our TLS-Attacker project.

Mehr erfahren

We worked on two papers that are going to be presented at the USENIX Security 2021 conference this week.

Mehr erfahren

We published a new attack called ALPACA. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one…

Mehr erfahren

In cooperation with /upb/hack, we organize an IT Security "Stammtisch". The topics in the first months include Content Security Policy, OpenID Connect, and PDF security.

Mehr erfahren

We are searching for motivated students, who would like to work on CTF challenges and further maintain or develop the CTF platform developed by the students of UPB.

Mehr erfahren

I gave a presentation about IT security at "Infotage für Schüler*innen".

Mehr erfahren

If you like attacks with logos, you should definitely check out our newest attack :)

Mehr erfahren

In our work, we analyzed how to prevent our Efail attacks and make OpenPGP and S/MIME secure again.

Mehr erfahren

We have open positions in the area of IT security. For more information, see our job offers.

Mehr erfahren