In our Tech Zone we publish security research articles and white papers. This is a mostly unsorted collection as we publish our insights as a result of our daily work.
- 01.04.2008: »HTTP over X.509 — a whitepaper«. In this whitepaper, a security issue inherent in RFC 3280 is described that allows unauthenticated users to trigger arbitrary HTTP requests. Corresponding advisories on Outlook, Windows Live Mail and Microsoft Office 2007 have also been published.
- 27.05.2008: »Good numbers, bad numbers« (German version: Gute Zahlen, schlechte Zahlen). This article describes the severe security implications a careless modification of the random number generator in Debian's version of OpenSSL caused.