Parcels – Insinuator.net

April 25, 2024 by Florian Bausch

Breaking GLS Parcel Tracking

Recently, we held a talk at the Winterkongress¹ of the Digitale Gesellschaft Schweiz in Winterthur, Switzerland, about our research project on breaking German parcel tracking sites. We could not name all the parcel services for which we identified vulnerabilities respecting disclosure timelines. Today, we describe our findings at GLS, another player in the German parcel market, and the disclosure process of corresponding vulnerabilities.

Continue reading “Breaking GLS Parcel Tracking”

Breaking

April 10, 2024 by Florian Bausch

Breaking UPS Parcel Tracking

Today, we describe our findings at United Parcel Service of America, Inc. (UPS), another German parcel market player, and the corresponding vulnerabilities’ disclosure process.

Continue reading “Breaking UPS Parcel Tracking”

Breaking

April 3, 2024 by Florian Bausch

I know what you ordered last summer @ Winterkongress 2024

Dennis and I already published blog posts about our research project dealing with vulnerabilities in parcel tracking implementations at DHL and DPD. At the Winterkongress (winter congress) in Winterthur, Switzerland, we had the great opportunity to give a talk about the matter. The talk was recorded and can be watched here.

DigiGes held the Winterkongress, which took place in Winterthur on 01.03. till 02.03.2024. The main topics are ethics, threats, and opportunities of IT. This year, many talks looked at AI in some way. Continue reading “I know what you ordered last summer @ Winterkongress 2024”

Breaking

September 12, 2023 by Florian Bausch

Breaking DPD Parcel Tracking

This blog post is the continuation of our parcel research. We already reported about how we broke parcel tracking at DHL and the disclosure process of the identified problems. As DHL is not the only parcel service in Germany, we also investigated the other available parcel services. In this blog post, we want to talk about DPD, also called Geopost, which belongs to the French Post Office.

Continue reading “Breaking DPD Parcel Tracking”

Breaking

July 11, 2023 by Florian Bausch

All your parcel are belong to us – Talk at Troopers 2023

At Troopers 2023, we gave a talk on how to attack DHL parcel tracking information based on OSINT. Since we previously had an exemplary disclosure process about this attack with DHL, Mr. Kiehne (from DHL) joined us to provide interesting background information and insights on how they addressed our findings.

Continue reading “All your parcel are belong to us – Talk at Troopers 2023”