Blog

E-Voting? Aber sicher! Sehr geehrte Damen und Herren Entweder gar kein E-Voting oder aber ein hochsicheres E-Voting. Diese Forderung stellte Nationalrat Marcel Dobler vor zwei Wochen an den Bundesrat. Die Regierung hatte im April beschlossen, das Projekts zur fläc... continue reading

It is hard to teach people not to click on links and attachments or to avoid suspicious places on the web. Would not it be smarter if systems in general would not be vulnerable to PDF exploits and drive by downloads? Yet it seems surprisingly difficult to achieve this and I have often wondered why that is the case. Xorlab is a Swiss startup t... continue reading

When I introduced the E-Voting Focus at Swiss Cyber Storm, I hoped we could help to ignite a public discussion on this transformation of our democratic process. As I am writing this, I know this public discussion has started and our role is now to add knowledge and information to the discussion. Since I wrote the announcement in August, we have... continue reading

Last spring, I attended a presentation by the boss of a large translation bureau. Not what you expect at a meeting of security experts, so I was not sure what I would learn. But the longer he took, the more interested I got. Here was somebody who was using security to sell his service: He was not merely fulfilling requirements to pass audits a... continue reading

The plot was thickening for E-Voting making real inroads into Switzerland a few years ago. Swiss Post must have become aware that the physical transport of ballots was possibly going to be reduced in the long run. Swiss Post is transporting the voting material to every Swiss voter and then - a specialty in Switzerland - most of the filled out b... continue reading

The more we depend on the internet for our everyday lives, the more we realize how many design flaws are built into its basic architecture. The net was built for scale and resilience, but it was not built for security. The much needed performance boosts often come in the form of bolt-on hacks instead of long-term visions. You could say that we a... continue reading

So there are two E-Voting offerings in Switzerland: one by the State of Geneva and one by Swiss Post. These two unlikely competitors are struggling to win Swiss cantons over to their solution. Geneva has been doing E-Voting since 2003 and five years ago, Thomas Hofer joined the team to serve as technical administrator and operator of the voting ... continue reading

“Given a choice between dancing pigs and security, users will pick dancing pigs every time”. Generations of security officers have made jokes based on this popular saying and I have never heard anybody challenge its true core. Yet, why are users behaving like this? And why have 20 years of friends getting hacked, near-daily press coverage of sec... continue reading

The Swiss Cyber Storm is a non profit organization hosting the international Swiss Cyber Storm Conference and running the Swiss part of the European Cyber Security Challenges with a focus of identifying and supporting young cyber talents. From September 1st until September 3rd 2017 the best swiss cyber talents met in Sursee to build the natio... continue reading

“With all its distinct and partly contradictory security requirements and goals, electronic voting is the supreme discipline among secure communication protocols.” This is what University of Zurich associate Professor Rolf Oppliger told me when we discussed E-Voting last year. He went on to explain that online banking needs strong authenticatio... continue reading

There is no business case for securing IoT hardware. There is no legislation and no incentive to lock it down. But there is a lot of legal knowledge how a manufacturer can sneak out of the responsibility via extensive EULAs. Our industry has been having great fun dissecting electronic scales, smart toothbrushes and even IoT egg containers (here ... continue reading

There have been a few statements by Swiss politicians lately, trying to funnel more money into the army to grow real cyber units with extensive attack capabilities. Initiatives as this have been around for a while and usually I do not bother, but the statements are growing more systematic in recent weeks. On top of it, they coincidence with the ... continue reading

When we think of Bulletproof Hosting, we usually think of shady firms in the style of the Russian Business Network that dodge all inquiries and take-down notices from governments and potentially operating in corrupt legislations where such behaviour is accepted. Nowadays, this traditional centralized Bulletproof Hosting no longer works, although... continue reading

There is a shift in the world of IT security. Back in the 1990ties, people thought security was a purely technical if not mathematical problem. In one of his more famous quotes, Bruce Schneier stated that having written “Applied Cryptography” he really thought, that security was solved since he had just told the world how to apply encryption. ... continue reading

We are very proud to have Paul Vixie as our keynote speaker. I do not need to tell you about Paul’s greatness or about the fact that he is a veteran with over 30 years in the IT industry. But let me tell you about two things that I think striking: Paul has been introduced to the Internet Hall of Fame Paul runs a company called Farsight Sec... continue reading

The internet of things is all the rage and talks about the insecurity of smart devices and tech assistants are a constant companion at tech conferences these days. But it’s also a bit boring in the sense that the whole audience knows IoT is insecure and the presentations are often déjà-vus of stupid mistakes on cheap devices. Jos Wetzels, Sec... continue reading

Tarah Wheeler can be really vocal when it comes to gender equality, workplace diversity and American politics in general. She is a thought leader and we could fill a conference with Tarah explaining her view on all these topics. But then you could also read her book about Women in Tech or ask her directly. At Swiss Cyber Storm she will speak as ... continue reading

Imagine me attending the OWASP Application Security Europe conference two weeks ago; the Swiss Cyber Storm program was almost full, but I really wanted to have another addition to the management track. Security DevOps sounded ideal and AppSecEU was running a two day track with SecDevOps and DevSecOps. Although I can not really tell the two apart... continue reading

layout: post title: Introducing Swiss Cyber Storm 2017 Speaker Deviant Ollam header_image: blog.jpg — At Swiss Cyber Storm 2016, Walter Belgers from TOOOL Netherlands presented lock-picking as a metaphor of IT security hacking. This years speaker Deviant Ollam is Walter’s counterpart in TOOOL United States. He has been called the godfather of... continue reading

The waiting has finally come to an end. Sign up today for the Swiss Cyber Strom Security Challenges 2017. The SCS is waiting for  you . Talents with best scores are invited to the Swiss final in Sursee where we evaluate the Swiss national team. The Swiss team will compete against other European teams in the run of the European Cyber Secu... continue reading

We had a few impressive talks at Swiss Cyber Storm 2016. Troy Hunt surprised me regarding his diligence with everything around account breaches. John Matherly / Shodan and Marc Ruef with his Dark Net talk hit it home in a perfect way. I was very happy that Nick Galbreath’s talk resonated with so many people in the room who had never heard his n... continue reading

The schedule for the SCS Challenges 2017 has been launched. Register today on our challenges page. You don’t know the SCS Challenges? Are you born in 1992 or later? Working with computers and networks is your passion and you are not (yet) a security professional? Then the European Cyber Security Challenge is for you! You have to solve security... continue reading

In Sursee this weekend, Switzerland’s best young hackers competed against each other at the Swiss qualification round of the European Cyber Security Challenge. Participants were required not only to perform technical tasks but also to demonstrate their presentation skills and ability to work in a team. This Sunday afternoon, the ten winners wer... continue reading

International Hacker Competition: Europe is preparing against cyber threats Last night, the national qualification phase of this year’s “European Cyber Security Challenge” ended. The 20 best young hackers in Switzerland have been identified and are competing for entry into the European finale in Dusseldorf. The annual hacker competition is an ... continue reading

Already exited about the European Cyber Championship 2016? Share your passion with collegues. Please find below the flyer for the upcoming event German flyer, Frensh flyer, Italian flyer. Stay tuned for more information about this years conference and watch out for news about the Cyber Security Challenges! continue reading

Starting Monday morning, things get serious for young Swiss hackers: the national qualifications phase for the European Cyber Security Challenge of 2016 opens. Young talents between the ages of 14 and 30 have the possibility of qualifying for the Swiss National Team and competing against other nations in the European finals in Düsseldorf. The c... continue reading