In this blog CERT.at's employees can post research and thoughts. This is done with least possible oversight, so opinions in blogposts are not necessary opinions of CERT.at

Alternatively you can receive CERT.at's blog as a feed.

Mar 11

One quick note on DNSSEC Validation failures

I wrote back in 2010 that ISPs should prepare for the inevitable backlash if their DNSSEC-aware resolvers black out an important domain.

We now had just such a case: the protagonists make it even juicier than I imagined: Comcast customers could not access the new HBO website where they could get ...

Read more
Nov 28

Lesestoff: Ron Deibert

Wir leben nicht nur in einer technisch interessanten Zeit, sondern auch die gesellschaftliche Diskussion rund um Geheimdienste, Privatsphäre, Verschlüsselung, 0-Days bis hin zu "Cyberwar" ist für die Zukunft des Internets sehr relevant.

Dazu wird viel geschrieben und publiziert, ich ...

Read more
Sep 30

Completed: Maintenance work on Tuesday, Sep. 30th, 2014

Because of required changes in our firewall infrastructure, all Internet-reachable services of CERT.at will be unavailable for some time on Tuesday, September 30th, 2014, starting at about 9am CEST. An "emergency" website with restricted functionality will be made available.

In urgent cases please ...

Read more
Aug 13

(Updated 2014/8/13) Syria offline - initial analysis of BGP (and explanation)

This blog post evolved over time - initially it was a mere scratchpad for notes during our initial research between 2012/11/29 and 11/30. Later, after Syria was back online again, I added a summary and some potential explanations of what might have happened at the end of this blog post.

UPDATE 2014/8/13: ...

Read more
Jul 09

Elastic Search being hacked automatically today

At the moment we are seeing a lot of automatic scanning and hacking of Elastic Search installations worldwide.  Please make sure that port 9200 is locked down in case you run ES.

IOCs:
* C&C IP address:   119.1.109.43  (China)
* C&C Port: 10991 ...

Read more
Jun 14

Transforming JSON to CSV

CERTs are all about processing information security notifications. Most of the time, these arrive in the form of CSV files. However, occasionally we do get some JSON data. While CSV is line oriented, JSON allows for more complex structures (arrays, objects, objects in objects, etc.)

So how to you ...

Read more
Mar 28

New PGP keys

At CERT.at we had to phase out some old 1024 bit DSA keys as well as create new master-signing keys.  This turned out to be a major effort. Key roll-overs are never easy.

In order to easy the key roll-over pains, we created a key transition document. This document is signed by the old keys in order ...

Read more
Dec 04

Completed: Maintenance work on Wednesday, December 4th, 2013

Because of required changes in our power-infrastructure, all Internet-reachable services of CERT.at will be unavailable for some time on Wednesday, December 4th, 2013. An "emergency" website with restricted functionality will be made available.

In urgent cases please contact us by telephone: +43 ...

Read more
Jul 30

Completed: Maintenance work on Tuesday, July 30th, 2013

Because of necessary changes in our power-infrastructure, all Internet-reachable services of CERT.at will be unavailable for some time on Tuesday (July 30th, 2013). An "emergency" website with restricted functionality will be made available.

In urgent cases please contact us by telephone: +43 1 505 ...

Read more
Jul 17

Maintainance work on Wednesday, July 17th, 2013

Because of urgent changes in our power-infrastructure, all Internet-reachable services of CERT.at will be unavailable for some time tomorrow (July 17th, 2013). An "emergency" website with restricted functionality will be made available.

In urgent cases please contact us by telephone: +43 1 505 64 ...

Read more