Die 4 Pfeiler die IT-Sicherheit
Grundsätzlich kann der Schutz von IT-Systemen in 4 Stufen unterteilt werden. Diese sind Prävention, Erkennung, Bewertung und Reaktion. In der richtigen Kombination können sie die IT-Plattform eines jeden Unternehmens so weit wie möglich schützen. Prävention Der Bereich der Prävention ist wahrscheinlich der umfassendste Bereich für die Sicherheit von IT-Systemen. Er lässt sich grundlegend in Datenschutz und Systemschutz unterteilen. Zum Datenschutz gehören Dinge wie Datenverschlüsselung, Transp...
Read post
AI und warum sie bereits jetzt durch Datenschutz-Gesetze reguliert wird
Einführung Das schnelle Wachstum der Nutzung von AI (englisch für "Artificial Intelligence") bzw. KI (deutsch für "Künstliche Intelligenz") wie ChatGPT, Bard u.a.hat die Möglichkeiten dieser Technologie bei fast jedem Geschäftsführer auf den Schirm gebracht. ChatGPT ist ein generatives KI-Sprachmodell - eine Art Machine Learning - die es Benutzern ermögicht, Fragen oder Aufgaben zu stellen und daraufhin Antworten zu erhalten, die eine menschliche Konversation nachbilden. Interessant dabei ist...
Read post
NIS2 und für wen es relevant ist
Weil in meinem Netzwerk gerade etwas Panik-Stimmung herrscht wegen NIS2... Calm down! Für wen ist NIS2 relevant? Zuerstmal ist NIS2 nur für bestimmte Unternehmen bekannt, nämlich jene aus dem KRITIS-Bereich. Dazu gehören 2 Kategorien / Sektoren: Essentieller Sektor: Energieunternehmen Transportunternehmen Banken Finanzmärkte Gesundheitswesen Trinkwasser Abwasser Digitale Infrastruktur Öffentliche Verwaltung Raumfahrt Wichtiger Sektor: Post und Kurierdienste Abfallwirtschaft Chemikalie...
Read post
Hacker's Handbook to survive in a war (for civilians)
Preface The following document relates primarily to conventionally waged wars. But it still assumes that these can escalate quickly in today's world if nuclear superpowers are involved. Therefore, it also asumes to how to get shelter against nuclear explisions within different regions of the world relatively quickly. But this is not the main intention. Since it is a "Hacker's Handbook", it partially asumes that you have some specific knowledge in using IT, telephone and power systems if you ...
Read post
Speechless
Actually, I didn't want to express myself politically in my blogs anymore. But what is happening in Europe at the moment is so present in my life that I cannot remain silent about it. My beloved girlfriend has Russian and Ukrainian roots. I myself have friends in both countries. And we look stunned at the horror that is befalling the people in Ukraine at this very moment. As if the conflicts in Donbass and Luhansk were not already terrible enough... now the horror becomes even greater. Beloved...
Read post
Vater des Krieges
Vater, spürst du wie die Erde bebt? Ein dichtes Netz hat der Feind nun gewebt. Vater hörst du nicht die Menschen dort schreien? Ruhig mein Sohn, man wird sie befreien. Vater, der Mann dort, er sagt es sei Krieg. Ja, mein Sohn, und nun eile zum Sieg. Vater, warum soll ich kämpfen gehen? Willst du deinen Vater denn nicht stolz hier sehen? In die Reihen der Gegner stürmte der Sohn, Bekam von den Seinen und den Gegnern den Lohn. Wurde zerissen durch Raketen Gesplitter, Hörte das Donnern noch wie e...
Read post
Krieg / War
EN: I wrote this poem (in German) when I was 18 years old and came back from a mission as a medic in the Congo. It makes me infinitely sad that it is more relevant today than ever. Ich schrieb dieses Gedicht als ich 18 Jahre alt war und von einem Einsatz als Sanitäter im Kongo zurück kam. Es macht mich unendlich traurig, dass es heute aktueller ist denn je. Eine Träne rinnt über ihr kleines Gesicht, Rot schimmernd wie Blut vom blassen Abendlicht. Kniet dort nieder und weint um ihre Schwester, ...
Read post
Never again Docker on macOS
If you don't want to use Docker Desktop because it's extremely annoying without a Pro account, since you always have to apply every update immediately, Docker on macOS can become a real pain in the ass. In theory, docker-machine should be an alternative. Unfortunately, it often causes problems with VirtualBox or the network configuration when using Hyperkit isn't working. Fortunately, I always have enough Linux machines available. However, it is of course also annoying when you always have to lo...
Read post
How to create a secure password that you can easily remember
You need a secure password that you can easily remember? Do the following: Make a sentence of at least 12 words that you can easily remember. Take the first letter of each word. Make every second letter of them a capital letter. Replace 'E' by '3', 'I' by '1', 'S' by '5', 'B' by '8', 'O' by '0' and 'a' by '@' (because th353 num83r5 l00k 51m1l@r t0 th3 r3pl@c3d l3tt3r5). Add a special character at the beginning or at the end of the character string (especially if you had no 'a', that you replace...
Read post
The 10 Golden Rules of Lomography
Rule #1 - Take your camera everywhere you go. Rule #2 - Use it any time – day and night. Rule #3 - Lomography is not an interference in your life, but part of it. Rule #4 - Try the shot from the hip. Rule #5 - Approach the objects of your Lomographic desire as close as possible. Rule #6 - Don’t think (William Firebrace). Rule #7 - Be fast. Rule #8 - You don’t have to know beforehand what you captured on film. Rule #9 - Afterwards either Rule #10 - Don’t worry about any rules ...
Read post
Ensuring Information Security - A more practical view with TOMs
IntroductionHave you ever wondered what a company in  the EU has to do to ensure information security and all the depending legal requirements? You can get a rough idea by looking at the so-called "Technical and Organizational Measures" (TOM) which a company has to implement in its processes. Whenever I audit our information security measures I create a list of TOMs relevant for the processes of our company. Additional to the TOMs I check the list of security assets, their risks and the implemen...
Read post
Art and how it affects my life
After divorcing my ex-wife, I met my current girlfriend. Her drive in life is largely determined by art. Whenever she comes in contact with any kind of art, she explodes in a ball of energy that inevitably carries you along. And I love it to get infected by this energy, too. Sometimes we sit together in a room, doing our own stuff... she's drawing, I'm working. But sometimes I put my work aside, pick up my iPad, start drawing and then it happens... I swim through the waves of creative energy alo...
Read post
IaC - why you should(n't) use it
Yes, I hate IaC (Infrastructure as Code)... and I love it... sometimes. Of course there are a lot of advantages of IaC. It makes infrastructure reproducible (partially), auditable (partially) and by that... easier to control (partially). But you should ever take a closer look if it's really useful for your company. In fact it's not useful for more or less static infrastructures. If you don't use a server network with more than 100 servers or if you don't use a constantly changing server network...
Read post
The 4 Levels of IT Security
In principle, protection of IT systems can be separated into 4 levels. These are prevention, detection, assessment and response. In the proper combination, they can secure the IT platform of any company as much as it is possible to do. Prevention The area of prevention is probably the most comprehensive area for IT system security. It can be fundamentally separated into data protection and system protection. Data protection includes things like data encryption, transport encryption, backups an...
Read post
Why we don't use Getstream - or why more privacy means more problems
While developing our mobile app, we also search for a service provider to provide text chat to our users. The solution from Getstream.io looked very nice and a test implementation showed, that it worked perfectly for our needs. As usual I searched for a Data Processing Agreement (sometimes also called Data Processing Addendum, especially if it's based on the so-called Standard Clauses) because Art. 28 GDPR requires it if private / sensible data is processed by a third-party provider ((also calle...
Read post
My privacy toolkit
As someone who always has an eye on protecting private data, not only for our company's customers, partners and employees but also for myself, I've looked at some tools over the years and some of them I made part of my daily workflows. But before I talk about some of them, I want to make clear some points. First of all, I'm an Apple user. And I am by conviction. I'm not an Apple fanboy who needs always the newest iPhone, iPad, Watch and Mac and sleeps in front of an Apple store to be the first...
Read post
100 days Challenge
Writing every day is nearly impossible for me, at least at the moment. Too much work has to be done before the launch of our new app. On some days I work around 16-18 hours. Around 7 days left until everything has to be compliant to European and German laws. Nevertheless, I‘ll still try to write some short lines every day. In around 4 hours I’ll have my next meeting. So I should call it a day and try to get some sleep. Of course this is not an all time condition but rather an exception. After ...
Read post
Preparing the launch of a new app from the (data) security perspective
Our company is currently preparing the launch of a new mobile app. This means stress throughout the whole company. Marketing has to prepare all the campaigns and their tracking, the associated website has to be designed and tested, the management is constantly in contact with various agencies and the funders and that the developers hardly have a quiet minute, you can imagine for sure. I'm in the exciting position to be able to be involved everywhere. After all, there is hardly any department i...
Read post
FF-Sec says hello
Hello world! With the output of this line, many people start programming nowadays. Looks like a good start for a blog to me, too. ;) When I dove into the world of computers over 20 years ago, I could not have guessed the journey I would begin. It was not my first contact with a computer (a KC-85 from the GDR in our school was the first computer I used), but the real journey began when I first installed a Linux on my 386 PC, because Windows (3.11) and gaming bored me. On it I learned my first ...
Read post