In this blog CERT.at's employees can post research and thoughts. This is done with least possible oversight, so opinions in blogposts are not necessary opinions of CERT.at

Alternatively you can receive CERT.at's blog as a feed.

Jan 27

Heartbleed: (Almost) three years later

Shodan recently published a report on the state of Heartbleed which was picked up by lots of media outlets.

I took this as an opportunity to have a look at our statistics. Shodan performs its scan based on IP-addresses and makes the results searchable. CERT.at also runs daily scans, but these are ...

Read more
Apr 11

DROWN update

As I wrote in our initial DROWN blogpost, we're scanning .at for mail- and web-servers which are still supporting SSLv2. We're notifying our constituency and we see a steady drop in the number of servers (as measured by IP-Addresses) that are vulnerable:

So it is slowly getting better.

Looking ...

Read more
Mar 11

One quick note on DNSSEC Validation failures

I wrote back in 2010 that ISPs should prepare for the inevitable backlash if their DNSSEC-aware resolvers black out an important domain.

We now had just such a case: the protagonists make it even juicier than I imagined: Comcast customers could not access the new HBO website where they could get ...

Read more
Nov 28

Lesestoff: Ron Deibert

Wir leben nicht nur in einer technisch interessanten Zeit, sondern auch die gesellschaftliche Diskussion rund um Geheimdienste, Privatsphäre, Verschlüsselung, 0-Days bis hin zu "Cyberwar" ist für die Zukunft des Internets sehr relevant.

Dazu wird viel geschrieben und publiziert, ich ...

Read more
Sep 30

Completed: Maintenance work on Tuesday, Sep. 30th, 2014

Because of required changes in our firewall infrastructure, all Internet-reachable services of CERT.at will be unavailable for some time on Tuesday, September 30th, 2014, starting at about 9am CEST. An "emergency" website with restricted functionality will be made available.

In urgent cases please ...

Read more
Aug 13

(Updated 2014/8/13) Syria offline - initial analysis of BGP (and explanation)

This blog post evolved over time - initially it was a mere scratchpad for notes during our initial research between 2012/11/29 and 11/30. Later, after Syria was back online again, I added a summary and some potential explanations of what might have happened at the end of this blog post.

UPDATE 2014/8/13: ...

Read more
Jul 09

Elastic Search being hacked automatically today

At the moment we are seeing a lot of automatic scanning and hacking of Elastic Search installations worldwide.  Please make sure that port 9200 is locked down in case you run ES.

IOCs:
* C&C IP address:   119.1.109.43  (China)
* C&C Port: 10991 ...

Read more
Jun 14

Transforming JSON to CSV

CERTs are all about processing information security notifications. Most of the time, these arrive in the form of CSV files. However, occasionally we do get some JSON data. While CSV is line oriented, JSON allows for more complex structures (arrays, objects, objects in objects, etc.)

So how to you ...

Read more
Mar 28

New PGP keys

At CERT.at we had to phase out some old 1024 bit DSA keys as well as create new master-signing keys.  This turned out to be a major effort. Key roll-overs are never easy.

In order to easy the key roll-over pains, we created a key transition document. This document is signed by the old keys in order ...

Read more
Dec 04

Completed: Maintenance work on Wednesday, December 4th, 2013

Because of required changes in our power-infrastructure, all Internet-reachable services of CERT.at will be unavailable for some time on Wednesday, December 4th, 2013. An "emergency" website with restricted functionality will be made available.

In urgent cases please contact us by telephone: +43 ...

Read more