Auflistung nach Autor:in "Posegga, Joachim"
1 - 6 von 6
Treffer pro Seite
Sortieroptionen
- ZeitschriftenartikelDie Sicherheitsaspekte von Java(Informatik-Spektrum: Vol. 21, No. 1, 1998) Posegga, JoachimJava stellt, insbesondere hinsichtlich des Applet-Konzepts, eine äußerst interessante Technologie dar, die darauf beruht, Programme über ein Netz zu transportieren und auszuführen. Aus der Sicht der IT–Sicherheit ist ein solches Vorgehen jedoch nicht unproblematisch. Im folgenden wird diese Problematik näher beleuchtet, das Java zugrundeliegende Konzept erläutert und eingeordnet. Das Ziel ist, den Leser in die Lage zu versetzen, die tatsächlich mit dem Einsatz von Java verbundenen Sicherheitsrisiken bei Anwendungen einschätzen zu können.Summary Java is a very promising emerging technology, in particular because of the concept of downloadable code behind Java applets. The underlying idea is to provide smallish applications (applets) in a network, which can be downloaded and executed as needed. Unfortunately, such a procedure is quite problematic from the perspective of IT security. This paper investigates the problems involved with using such downloadable code, and reviews the solutions proposed in the Java runtime environment. The aim of the paper is to support the reader in understanding the technology and help him/her to asses the actual risks of Java applications.
- ZeitschriftenartikelJava auf Chipkarten(Informatik-Spektrum: Vol. 21, No. 1, 1998) Kaiserswerth, Matthias; Posegga, Joachim
- ZeitschriftenartikelJini: Infrastruktur für dynamische Dienste in verteilten Systemen(Informatik-Spektrum: Vol. 22, No. 1, 1999) Posegga, Joachim
- KonferenzbeitragSanitizable signed privacy preferences for social networks(INFORMATIK 2011 – Informatik schafft Communities, 2011) Pöhls, Henrich Christopher; Bilzhause, Arne; Samelin, Kai; Posegga, JoachimPrivacy preferences are the handling rules and constraints under which a data subject allows a third party to process, store, and use his personal data. We have analysed Facebook and show how the Social Network System fails to collect, manage, and hand-over to third-parties user's consent. Todays technical solutions of collecting the consent on the Internet can be argued to fullfil the regulatory requirements of an informed consent to the service's Privacy Policy and Terms of Service. We found no change in Facebook's processes for collecting and managing user consent from 2009 to 2011. The technical solutions used today neither allow to manage, thus change this consent over time, nor allow to hand-over the consent to a third party. We sketch one technical solution, which lends a lot from public key infrastructures. A social network is already trusted by users to keep or federate their data. Hence, we describe the next step of Social Networks becoming an authority and sign the consent collected from its users to making the available data verifiable for third-parties. Better yet, if you do not trust the Social Network a user himself can run his own certificate authority or a group of users can provide one as a community service.
- KonferenzbeitragSession fixation – the forgotten vulnerability?(Sicherheit 2010. Sicherheit, Schutz und Zuverlässigkeit, 2010) Schrank, Michael; Braun, Bastian; Johns, Martin; Posegga, JoachimThe term 'Session Fixation vulnerability' subsumes issues in Web applications that under certain circumstances enable the adversary to perform a session hijacking attack through controlling the victim's session identifier value. We explore this vulnerability pattern. First, we give an analysis of the root causes and document existing attack vectors. Then we take steps to assess the current attack surface of Session Fixation. Finally, we present a transparent server-side method for mitigating vulnerabilities.
- ZeitschriftenartikelWireless Internet Security(Informatik-Spektrum: Vol. 24, No. 6, 2001) Posegga, Joachim; Vetter, SimonImmer kleiner, immer schneller, immer mobiler – Wireless LANs (WLANs) haben Einzug in Unternehmen und Hochschulen gehalten und GPRS soll den Mobilfunk revoluzionieren.