A while ago I wrote an article about the lessons learned from protecting the business-critical domain names and DNS of my employer Blendle. It was recently mentioned in an article about an attack on the DNS of security firm Fox-IT:

The weakest link in the chain’ is an overused metaphor in security, but this attack once again shows DNS to be a prime candidate. For advice on how to make your organization’s DNS more secure, I recommend an article by Koen Rouwhorst, who writes about his experience securing the critical DNS of his employer Blendle.

Last month, I went hunting for security bugs in GitHub, a popular platform for sharing and collaborating on code. After spending many hours mapping out GitHub’s infrastructure, and testing for weaknesses without any significant results or leads, I shifted my focus to the service providers. This is a write-up about two of the issues I found, which both have since been addressed.

Continue reading “GitHub bug bounty hunting” →

Hacking Team, the ethically bankrupt Milan-based company that sells surveillance technology to anyone willing to pay, got hacked. The hack was announced in a tweet last Sunday on the firm’s own hacked Twitter account, accompanied with a link to a torrent file for a 400 GB archive comprising internal emails, financial documents and source code.

Continue reading “Dutch police are looking to buy Hacking Team spyware” →

 

Documents from the ICTR-NE (Information and Communications Technology Research – Network Exploitation) organisation at the GCHQ show that it operates a program under the name FLYING PIG that provides analysts with information about secure communications over TLS/SSL. The primary motivation for this program was the increasing use of TLS/SSL by GCHQ targets, according to one of the documents.

The documents, originally published by Brazilian TV program Fantástico in September, provide an insightful look into the program that allows analysts to query the vast repository of metadata about the world’s secure communications. In this article, I describe the program on the basis of some actual screen captures of its interface.

Continue reading “FLYING PIG: GCHQ’s TLS/SSL knowledge base” →

Today, someone pointed me at an article in Belgian newspaper De Standaard in which Karolien Grosemans, a Belgian MP of the New Flemish Alliance (N-VA), claimed the U.S. Army had read one of her emails. In this email she asked an expert for advice on a draft legislation on cyber attacks and security, hence the subject field of the email contained the words “cyberaanvallen” (cyber attacks) and “cyber security”.
Continue reading “No, the U.S. Army did not read the emails of a Belgian MP” →

On Tuesday I found that former Dutch certificate authority DigiNotar, known for its security breach in 2011, was briefly mentioned in a Globo video report about NSA spying on Sunday. I documented the finding in a few tweets and put the four frames (of the same slide) that mentioned the name DigiNotar together in an album. Because the slide was only partly visible I had a difficult time making any sense of it. So, I wrote down what I considered to be plausible:

From the part of the text that is visible I suspect at least NSA’s ‘Flying Pig’ was used in some investigation of the security breach.

Continue reading “No, the NSA was not behind the DigiNotar hack” →

In recent weeks, there was some fuss about a new agreement between digital book distribution platform eBoekhuis and connected vendors. This agreement obliges vendors to hand over previously-private customer information to anti-piracy group BREIN, should a purchased e-book at some point turn up on the internet (e.g. BitTorrent, Usenet, file-sharing sites). In order to trace a book back to the customer, a transaction code is watermarked into it. When I noticed one of the eBookhuis-connected vendors (i.e. Bol.com) started selling watermarked e-books, I bought one to see what this watermark would look like.

Continue reading “What an e-book watermark looks like” →