Patrik Fehrenbach – Insinuator.net

November 21, 2016 by Patrik Fehrenbach

IoT the S is for Secure – Unknown Administration Interface in Wireless Plug

Dear Readers,

just recently i bought a wireless plug on Amazon with the main use of controlling my coffee machine with an app. The installation of the wireless plug was quite easy and only requires me to set my Wifi SSID and my passphrase – that’s it. But what happened behind the scenes? I visited the control interface of my router and saw that along with the other devices there was a new one with the network name HF-LPB100 and a local IP address in my case 192.168.0.235. First of all i wondered about the name itself, but ignored that and kept on looking for open ports.

Continue reading “IoT the S is for Secure – Unknown Administration Interface in Wireless Plug”

Building

May 18, 2016 by Patrik Fehrenbach

Review about the System and Security Info iOS App from SektionEins GmbH

Dear readers of Insinuator,

Today I want to give a little review about the latest app released by SektionEins called “System and Security Info” due to its recent media appearance. So first of all the app can be obtained via the Apple App store for 0,99€ at the time this article was written. This article will try to answer two basic questions: for whom (or “which groups of people”) is this app helpful, and which security features does this app actually has. The design of the app is straight forward and pretty minimalistic with a clean and modern design. The first page of the Application called “Overview” provides nothing more than the current CPU usage of the device, with detailed subdivision in User, Idle, Total and Load. The next section provides an overview about the used RAM divided into Wire, Active RAM usage, Inactive RAM usage, “other”, free and the total amount of the device’s ram. The next option shows the used and unused part of the devices available storage, with “used”, “free” and total amount of space. While these features can be handled with several other (free and open source) applications I won’t write a comment wether it these components make sense. Continue reading “Review about the System and Security Info iOS App from SektionEins GmbH”

Events

March 28, 2016 by Patrik Fehrenbach

Security Evaluation of Dual-Stack Systems [Troopers 2016 recap] (Part 1)

Dear Readers of Insinuator,

tldr;This blogpost presents a measurement study of a current security state regarding to open ports on a direct comparison of IPv4 and IPv6. The study analyses almost 58,000 dual-stacked domains in order to find discrepancies in applied security policies. We further discuss the potential reasons and, more importantly, the implications of the identified differences. \tldr;

For those of you who couldn’t participate at Troopers Conference 2016 in Heidelberg or watch my talk at the IPv6 Security Summit, I want to recap some of the most important parts of my research in this blogpost.

Continue reading “Security Evaluation of Dual-Stack Systems [Troopers 2016 recap] (Part 1)”

Building

October 19, 2015 by Patrik Fehrenbach

OCSP over HTTP testing with Python

Dear Readers,

today we want to share a method on how to test an OCSP over HTTP validation service with Burp and some Python magic. First a little background about OCSP (Online Certificate Status Protocol): the main purpose of OCSP is to validate the status of an X.509 certificate.

Continue reading “OCSP over HTTP testing with Python”