Bitmuncher

Sometimes I feel like a motherless child who stores memories in digital paintings and analog photos. - Security Consultant for a company in Germany - likes drawing on iPad and taking photos with real cameras - interested in too many topics - (chaos) magician and dimensional traveler - thinks . o O ( "Senior Nerd" should be a job title )

Die 4 Pfeiler die IT-Sicherheit

Grundsätzlich kann der Schutz von IT-Systemen in 4 Stufen unterteilt werden. Diese sind Prävention, Erkennung, Bewertung und Reaktion. In der richtigen Kombination können sie die IT-Plattform eines jeden Unternehmens so weit wie möglich schützen. Prävention Der Bereich der Prävention ist wahrscheinlich der umfassendste Bereich für die Sicherheit von IT-Systemen. Er lässt sich grundlegend in Datenschutz und Systemschutz unterteilen. Zum Datenschutz gehören Dinge wie Datenverschlüsselung, Transp...
Read post

AI und warum sie bereits jetzt durch Datenschutz-Gesetze reguliert wird

Einführung Das schnelle Wachstum der Nutzung von AI (englisch für "Artificial Intelligence") bzw. KI (deutsch für "Künstliche Intelligenz") wie ChatGPT, Bard u.a.hat die Möglichkeiten dieser Technologie bei fast jedem Geschäftsführer auf den Schirm gebracht. ChatGPT ist ein generatives KI-Sprachmodell - eine Art Machine Learning - die es Benutzern ermögicht, Fragen oder Aufgaben zu stellen und daraufhin Antworten zu erhalten, die eine menschliche Konversation nachbilden. Interessant dabei ist...
Read post

NIS2 und für wen es relevant ist

Weil in meinem Netzwerk gerade etwas Panik-Stimmung herrscht wegen NIS2... Calm down! Für wen ist NIS2 relevant? Zuerstmal ist NIS2 nur für bestimmte Unternehmen bekannt, nämlich jene aus dem KRITIS-Bereich. Dazu gehören 2 Kategorien / Sektoren: Essentieller Sektor: Energieunternehmen Transportunternehmen Banken Finanzmärkte Gesundheitswesen Trinkwasser Abwasser Digitale Infrastruktur Öffentliche Verwaltung Raumfahrt Wichtiger Sektor: Post und Kurierdienste Abfallwirtschaft Chemikalie...
Read post

Hacker's Handbook to survive in a war (for civilians)

Preface The following document relates primarily to conventionally waged wars. But it still assumes that these can escalate quickly in today's world if nuclear superpowers are involved. Therefore, it also asumes to how to get shelter against nuclear explisions within different regions of the world relatively quickly. But this is not the main intention. Since it is a "Hacker's Handbook", it partially asumes that you have some specific knowledge in using IT, telephone and power systems if you ...
Read post

Speechless

Actually, I didn't want to express myself politically in my blogs anymore. But what is happening in Europe at the moment is so present in my life that I cannot remain silent about it. My beloved girlfriend has Russian and Ukrainian roots. I myself have friends in both countries. And we look stunned at the horror that is befalling the people in Ukraine at this very moment. As if the conflicts in Donbass and Luhansk were not already terrible enough... now the horror becomes even greater. Beloved...
Read post

Vater des Krieges

Vater, spürst du wie die Erde bebt? Ein dichtes Netz hat der Feind nun gewebt. Vater hörst du nicht die Menschen dort schreien? Ruhig mein Sohn, man wird sie befreien. Vater, der Mann dort, er sagt es sei Krieg. Ja, mein Sohn, und nun eile zum Sieg. Vater, warum soll ich kämpfen gehen? Willst du deinen Vater denn nicht stolz hier sehen? In die Reihen der Gegner stürmte der Sohn, Bekam von den Seinen und den Gegnern den Lohn. Wurde zerissen durch Raketen Gesplitter, Hörte das Donnern noch wie e...
Read post

Krieg / War

EN: I wrote this poem (in German) when I was 18 years old and came back from a mission as a medic in the Congo. It makes me infinitely sad that it is more relevant today than ever. Ich schrieb dieses Gedicht als ich 18 Jahre alt war und von einem Einsatz als Sanitäter im Kongo zurück kam. Es macht mich unendlich traurig, dass es heute aktueller ist denn je. Eine Träne rinnt über ihr kleines Gesicht, Rot schimmernd wie Blut vom blassen Abendlicht. Kniet dort nieder und weint um ihre Schwester, ...
Read post

Never again Docker on macOS

If you don't want to use Docker Desktop because it's extremely annoying without a Pro account, since you always have to apply every update immediately, Docker on macOS can become a real pain in the ass. In theory, docker-machine should be an alternative. Unfortunately, it often causes problems with VirtualBox or the network configuration when using Hyperkit isn't working. Fortunately, I always have enough Linux machines available. However, it is of course also annoying when you always have to lo...
Read post

How to create a secure password that you can easily remember

You need a secure password that you can easily remember? Do the following: Make a sentence of at least 12 words that you can easily remember. Take the first letter of each word. Make every second letter of them a capital letter. Replace 'E' by '3', 'I' by '1', 'S' by '5', 'B' by '8', 'O' by '0' and 'a' by '@' (because th353 num83r5 l00k 51m1l@r t0 th3 r3pl@c3d l3tt3r5). Add a special character at the beginning or at the end of the character string (especially if you had no 'a', that you replace...
Read post

The 10 Golden Rules of Lomography

Rule #1 - Take your camera everywhere you go. Rule #2 - Use it any time – day and night. Rule #3 - Lomography is not an interference in your life, but part of it. Rule #4 - Try the shot from the hip. Rule #5 - Approach the objects of your Lomographic desire as close as possible. Rule #6 - Don’t think (William Firebrace). Rule #7 - Be fast. Rule #8 - You don’t have to know beforehand what you captured on film. Rule #9 - Afterwards either Rule #10 - Don’t worry about any rules ...
Read post

Ensuring Information Security - A more practical view with TOMs

IntroductionHave you ever wondered what a company in  the EU has to do to ensure information security and all the depending legal requirements? You can get a rough idea by looking at the so-called "Technical and Organizational Measures" (TOM) which a company has to implement in its processes. Whenever I audit our information security measures I create a list of TOMs relevant for the processes of our company. Additional to the TOMs I check the list of security assets, their risks and the implemen...
Read post

Art and how it affects my life

After divorcing my ex-wife, I met my current girlfriend. Her drive in life is largely determined by art. Whenever she comes in contact with any kind of art, she explodes in a ball of energy that inevitably carries you along. And I love it to get infected by this energy, too. Sometimes we sit together in a room, doing our own stuff... she's drawing, I'm working. But sometimes I put my work aside, pick up my iPad, start drawing and then it happens... I swim through the waves of creative energy alo...
Read post

IaC - why you should(n't) use it

Yes, I hate IaC (Infrastructure as Code)... and I love it... sometimes. Of course there are a lot of advantages of IaC. It makes infrastructure reproducible (partially), auditable (partially) and by that... easier to control (partially). But you should ever take a closer look if it's really useful for your company. In fact it's not useful for more or less static infrastructures. If you don't use a server network with more than 100 servers or if you don't use a constantly changing server network...
Read post

The 4 Levels of IT Security

In principle, protection of IT systems can be separated into 4 levels. These are prevention, detection, assessment and response. In the proper combination, they can secure the IT platform of any company as much as it is possible to do. Prevention The area of prevention is probably the most comprehensive area for IT system security. It can be fundamentally separated into data protection and system protection. Data protection includes things like data encryption, transport encryption, backups an...
Read post

Why we don't use Getstream - or why more privacy means more problems

While developing our mobile app, we also search for a service provider to provide text chat to our users. The solution from Getstream.io looked very nice and a test implementation showed, that it worked perfectly for our needs. As usual I searched for a Data Processing Agreement (sometimes also called Data Processing Addendum, especially if it's based on the so-called Standard Clauses) because Art. 28 GDPR requires it if private / sensible data is processed by a third-party provider ((also calle...
Read post

My privacy toolkit

As someone who always has an eye on protecting private data, not only for our company's customers, partners and employees but also for myself, I've looked at some tools over the years and some of them I made part of my daily workflows. But before I talk about some of them, I want to make clear some points. First of all, I'm an Apple user. And I am by conviction. I'm not an Apple fanboy who needs always the newest iPhone, iPad, Watch and Mac and sleeps in front of an Apple store to be the first...
Read post

100 days Challenge

Writing every day is nearly impossible for me, at least at the moment. Too much work has to be done before the launch of our new app. On some days I work around 16-18 hours. Around 7 days left until everything has to be compliant to European and German laws. Nevertheless, I‘ll still try to write some short lines every day. In around 4 hours I’ll have my next meeting. So I should call it a day and try to get some sleep. Of course this is not an all time condition but rather an exception. After ...
Read post

Preparing the launch of a new app from the (data) security perspective

Our company is currently preparing the launch of a new mobile app. This means stress throughout the whole company. Marketing has to prepare all the campaigns and their tracking, the associated website has to be designed and tested, the management is constantly in contact with various agencies and the funders and that the developers hardly have a quiet minute, you can imagine for sure. I'm in the exciting position to be able to be involved everywhere. After all, there is hardly any department i...
Read post

FF-Sec says hello

Hello world! With the output of this line, many people start programming nowadays. Looks like a good start for a blog to me, too. ;) When I dove into the world of computers over 20 years ago, I could not have guessed the journey I would begin. It was not my first contact with a computer (a KC-85 from the GDR in our school was the first computer I used), but the real journey began when I first installed a Linux on my 386 PC, because Windows (3.11) and gaming bored me. On it I learned my first ...
Read post