Abstract Authenticating websites is an ongoing problem for users. Recent proposals have suggested strengthening current server authentication methods by incorporating website location as an additional authentication factor. In this work, we explore how location information affects users’ decision-making for security and privacy. We conducted a series of qualitative interviews to learn how users relate location
Abstract – MELBL – (MELANI Botnet List): The MELANI botnet list contains botnet IPs/Domains which, we extract from malware binaries/configs or which we get from other partners. Different ISPs block the listed C&Cs via BGP Feed or on their security gateways. – MalDB: The malware database is filled up by MELANI and we inform infected website owners respectively their
Abstract Cache and differential power analysis attacks are major concerns for cryptographic implementations. Constant-time security and probing security are information flow policies used by practitioners to improve side-channel resistance of their code against cache attacks and DPA attacks respectively. I will present recent work [1,2,3] on rigorous approaches for proving that implementations verify constant-time and probing security. [1] J. C. Bacelar
Abstract Man-in-the-middle attacks in TLS due to compromised CAs have been mitigated by log-based PKI enhancements such as Certificate Transparency. However, these log-based schemes do not offer sufficient incentives to logs and monitors, and do not offer any automatic actions that domains can take in response to CA misbehavior. We propose REACT, an Ethereum-based PKI
Abstract Open Systems is an independent Swiss IT security provider based in Zurich, which has recently become a proud member organisation of ZISC. With its operation centres in Zurich and Sydney, Open Systems monitors and secures network infrastructure and business-critical applications for over 100 enterprises and NGOs in 180 countries. On roughly 4’000 devices, we