Month: April 2024

Breaking
by Florian Bausch

Breaking GLS Parcel Tracking

Recently, we held a talk at the Winterkongress1 of the Digitale Gesellschaft Schweiz in Winterthur, Switzerland, about our research project on breaking German parcel tracking sites. We could not name all the parcel services for which we identified vulnerabilities respecting disclosure timelines. Today, we describe our findings at GLS, another player in the German parcel market, and the disclosure process of corresponding vulnerabilities.

Continue reading “Breaking GLS Parcel Tracking”

Continue reading
Misc
by Tillmann Oßwald

BSI Publishes Windows 10 SiSyPHuS Reports: Application Compatibility Infrastructure, Microsoft Defender Antivirus ETW Usage and Device Setup Manager Service

The German Federal Office for Information Security (BSI – Bundesamt für Sicherheit in der Informationstechnik) has published several papers ERNW created as part of the long-term SiSyPHuS Win10-Project. This project focuses on system analysis of selected parts of the Windows 10 operating system performed by ERNW.

Continue reading “BSI Publishes Windows 10 SiSyPHuS Reports: Application Compatibility Infrastructure, Microsoft Defender Antivirus ETW Usage and Device Setup Manager Service”

Continue reading
Breaking
by Florian Bausch

I know what you ordered last summer @ Winterkongress 2024

Dennis and I already published blog posts about our research project dealing with vulnerabilities in parcel tracking implementations at DHL and DPD. At the Winterkongress (winter congress) in Winterthur, Switzerland, we had the great opportunity to give a talk about the matter. The talk was recorded and can be watched here.

DigiGes held the Winterkongress, which took place in Winterthur on 01.03. till 02.03.2024. The main topics are ethics, threats, and opportunities of IT. This year, many talks looked at AI in some way. Continue reading “I know what you ordered last summer @ Winterkongress 2024”

Continue reading