- The Trouble With Security Requirements. (RE'17)
- Hardening Java’s Access Control by Abolishing Implicit Privilege Elevation. (IEEE S&P'17)
- Breaking New Ground for Researching Secure Software Development with Social Theory. (CSCW'17 WS)
- Can Security Become a Routine? A Study of Organizational Change in an Agile Software Development Group. (CSCW'17)
- Emission statt Transaktion: Weshalb das klassische Datenschutzparadigma nicht mehr funktioniert. (Forum Privatheit)
Lost iPhone? – Lost Passwords!
iPhone weakness demonstrates that encryption by itself does not provide protection – companies have to react quickly when an iPhone is lost
Passwords are not secure on iPhones that are lost. This is the result of tests carried out at Fraunhofer Institute SIT in Darmstadt. Within six minutes the institute's staff was able to render the iPhone's encryption void and decipher many passwords stored on it. If the iPhone is used for business purposes then the company's network security may be at risk as well. The flawed security design affects all iPhone and iPad devices containing the latest firmware. Written documentation and a video about the attack are available below. Only companies prepared for such an attack will be able to reduce their risk.
iOS firmware versions up to iOS 5 are also affected by the described weakness. The FAQ document contains further current information regarding common questions.