If you want to backup your crypto containers, you have mainly two choices:
1.) Open the container on your machine and one on the backup server and than you can start with an incremental backup.
2.) You always transfer the whole crypto container.
From a security point of view it’s not acceptable to open a container on a [...]

Long time ago, I posted a guide on how to make John the Ripper able to crack MD5 hashes (http://www.disenchant.ch/blog/teaching-john-the-ripper-how-to-crack-md5-hashes/106). In that posting where some errors and also it’s not up to date so I made a small shell script which downloads, patches and compile JtR 1.7.3.4 for you automatically
wget http://www.openwall.com/john/g/john-1.7.3.4.tar.gz
tar xvf john-1.7.3.4.tar.gz
wget http://www.openwall.com/john/contrib/john-1.7.3.4-jumbo-1.diff.gz
gunzip john-1.7.3.4-jumbo-1.diff.gz
cp [...]

There’s a new version of the Firefox Security Tool Kit (FSTK) online
Download and/or Install the FSTK v4.0 now
You’ll find more information on the FSTK here but the Extensions have changed.
At this point I also wish to thank Kaspar Brand (the developer of Cert Viewer Plus) for letting me know, that there where some licensing [...]

The last weekend, I was in Rapperswil (Switzerland) for a quiet special event. There, the “Swiss Cyber Storm II” took place, organized by Compass Security. The SCSII is a hacking wargame contest, where hackers, IT security specialists, computer scientists etc. try to solve security related tasks and get points for them. For example there was [...]

Too long ago, I wrote a posting about Certified Secure Web (CSW) and announced to post more information on the specific certifications CSWD and CSWT. Because of the official web site is now also available in English it doesn’t make sense to copy&paste it into my blog. You’ll find it at https://www.certifiedsecureweb.com/.
If there are any [...]

Hi everyone out there, I know that it was a long time since I wrote my last blog posting but as most of you know, time is always rare. Anyway, I’ll try to write more in the feature, especially because there is really stuff, I think it’s worth to write about. So today I’d like [...]

Many of my readers will know, that example.com, example.net and example.org are reserved for use in documentation, according to RFC 2606. If you surf to any of these sites, there will be just the same information I wrote before and also a link to the RFC 2606. So it’s quiet interesting, why according to my [...]

It’s much later than I wanted to post this but finally here is my demonstration I’ve done for the Security-Zone 2008. Because there are so much resources about XSS and SQL Injections out there already, this posting is just about the hidden phishing method.
How it works:

Attacker needs a XSS vulnerability at example.com
Configuration of the hackIt.js [...]

The Security-Zone is as far as I know, the most important and biggest security event in Switzerland and like last year I was there to present some stuff. Also like the last time, I wasn’t alone, there where Pascal Mittner from Astalavista IT Engineering and Pascal C. Kocher from Defcon Switzerland (I’ll write something about [...]

I totally forgot to click publish for this blog posting but better now then never
The Metropolitan Police Service launched a Counter-Terrorism campaign and unfortunately it seems to be real and not just a joke.
The following is copied from here:

The five-week campaign asks members of the public to report any suspicious behaviour in confidence [...]