- Can Security Become a Routine? A Study of Organizational Change in an Agile Software Development Group. (CSCW'17)
- Emission statt Transaktion: Weshalb das klassische Datenschutzparadigma nicht mehr funktioniert. (Forum Privatheit)
- An In-Depth Study of More Than Ten Years of Java Exploitation. (CCS'16)
- Penetration Tests a Turning Point in Security Practices? Organizational Challenges and Implications in a Software Development Team. (2nd WSIW)
- First-time Security Audits As a Turning Point? Challenges for Security Practices in an Industry Software Development Team. (CHI'16 EA)
Lost iPhone? – Lost Passwords!
iPhone weakness demonstrates that encryption by itself does not provide protection – companies have to react quickly when an iPhone is lost
Passwords are not secure on iPhones that are lost. This is the result of tests carried out at Fraunhofer Institute SIT in Darmstadt. Within six minutes the institute's staff was able to render the iPhone's encryption void and decipher many passwords stored on it. If the iPhone is used for business purposes then the company's network security may be at risk as well. The flawed security design affects all iPhone and iPad devices containing the latest firmware. Written documentation and a video about the attack are available below. Only companies prepared for such an attack will be able to reduce their risk.
iOS firmware versions up to iOS 5 are also affected by the described weakness. The FAQ document contains further current information regarding common questions.