My Articles on IT Security, Monitoring, PKI.

(elkement. Last changed: 2015-11-07. Created: 2014-06-01. Tags: Postings, Blogging, Resources, Links, IT, Monitoring, PKI, Security, X.509, Cryptography. German Version.)

My lecture slides on PKI and security are a bit dated already, I add them for completeness though.

Articles on my blog are targeted to a broader audience - perhaps they are too 'philosophical' for security experts. See the complete list of postings below, after the image.

X.509 Certificate

Echo Unreadable Hex Characters in Windows: forfiles (2019-05-08 16:26:32)
How to transfer small files to a locked-down Windows machine? When there is no option to copy, ftp, or http GET a file. When powershell is blocked so that you can only use Windows cmd commands? My first choice would …

Ethereal @ hackthebox: Certificate-Related Rabbit Holes (2019-03-16 23:34:30)
This post is related to the ‘insanely’ difficult hackthebox machine Ethereal that was recently retired. Beware – It is not at all a full comprehensive write-up! I zoom in on openssl, X.509 certificates, signing stuff, and related unnecessary rabbit holes …

Certificates and PKI. The Prequel. (2019-02-18 09:26:36)
Some public key infrastructures run quietly in the background since years. They are half forgotten until the life of a signed file has come to an end – but then everything is on fire. In contrast to other seemingly important …

Modbus Server on Raspberry Pi as Babelfish for UVR16x2 (2019-01-18 14:59:27)
Our main data logger is the Control and Monitoring Interface of the freely programmable controller UVR16x2. There are two pieces of hardware you need for logging – the actual control unit and the logger connected to the controller via the …

Unintended 2nd Order SQL Injection (2018-12-15 10:01:28)
Why I am not afraid of the AI / Big Data / Cloud powered robot apocalypse. SQL order injection means to run custom SQL queries through web interfaces because the input to the intended query is not sanitized, like appending …

A Color Box. Lost in Translation (2018-11-18 15:58:02)
It was that time again. The Chief Engineer had rebuilt the technical room from scratch. Each piece of heavy equipment had a new place, each pipe and wire was reborn in a new incarnation (German stories here.) The control system …

Cyber Something (2018-10-14 12:04:41)
You know you have become a dinosaur when you keep using outdated terminology. Everybody else uses the new buzz word, but you just find it odd. But someday it will creep also into your active vocabulary. Then I will use …

Hacking (2018-08-05 15:33:41)
I am joining the ranks of self-proclaimed productivity experts: Do you feel distracted by social media? Do you feel that too much scrolling feeds transforms your mind – in a bad way? Solution: Go find an online platform that will …

Cloudy Troubleshooting (2) (2018-06-25 14:34:38)
Unrelated to part 1 – but the same genre. Actors this time: File Cloud: A cloud service for syncing and sharing files. We won’t drop a brand name, will we? Client: Another user of File Cloud. [Redacted]: Once known for reliability and as The …

Infinite Loop: Theory and Practice Revisited. (2018-06-10 11:56:55)
I’ve unlocked a new achievement as a blogger, or a new milestone as a life-form. As a dinosaur telling the same old stories over and over again. I started drafting a blog post, as I always do since a while: …

Where Are the Files? [Winsol – UVR16x2] (2018-05-28 20:10:13)
Recently somebody has asked me where the log files are stored. This question is more interesting then it seems. We are using the freely programmable controller UVR16x2 (and its predecessor) UVR1611) … .. and their Control and Monitoring Interface – …

Cloudy Troubleshooting (2018-05-13 11:46:48)
Actors: Cloud: Service provider delivering an application over the internet. Client: Business using the Cloud Telco: Service provider operating part of the network infrastructure connecting them. elkement: Somebody who always ends up playing intermediary. ~ Client: Cloud logs us off …

Logging Fun with UVR16x2: Photovoltaic Generator – Modbus – CAN Bus (2018-04-24 11:20:37)
The Data Kraken wants to grow new tentacles. I am playing with the CMI – Control and Monitoring Interface – the logger / ‘ethernet gateway’ connected to our control units (UVR1611, UVR16x2) via CAN bus. The CMI has become a …

Let Your Hyperlinks Live Forever! (2018-03-18 13:01:13)
It is the the duty of a Webmaster to allocate URIs which you will be able to stand by in 2 years, in 20 years, in 200 years. This needs thought, and organization, and commitment. (https://www.w3.org/Provider/Style/URI) Joel Spolsky did it: …

Reverse Engineering Fun (2017-12-05 11:23:12)
Recently I read a lot about reverse engineering –  in relation to malware research. I for one simply wanted to get ancient and hardly documented HVAC engineering software to work. The software in question should have shown a photo of …

Simulating Life-Forms (2): Cooling Energy (2017-11-28 16:09:55)
I found this comprehensive research report: Energy Use in the Australian Residential Sector 1986–2020 (June 2008) (several PDFs for download, click the link Energy Use… to display them) There are many interesting results – and the level of detail is …

The Orphaned Internet Domain Risk (2017-10-21 11:59:11)
I have clicked on company websites of social media acquaintances, and something is not right: Slight errors in formatting, encoding errors for special German characters. Then I notice that some of the pages contain links to other websites that advertize …

Data for the Heat Pump System: Heating Season 2016-2017 (2017-10-12 09:58:29)
I update the documentation of measurement data [PDF] about twice a year. This post is to provide a quick overview for the past season. The PDF also contains the technical configuration and sizing data. Based on typical questions from an …

Computers, Science, and History Thereof (2017-09-29 15:38:40)
I am reading three online resources in parallel – on the history and the basics of computing, computer science, software engineering, and the related culture and ‘philosophy’. An accidental combination I find most enjoyable. Joel on Software: Joel Spolsky’s blog – …

Heat Transport: What I Wrote So Far. (2017-07-14 09:15:49)
Don’t worry, The Subversive Elkement will publish the usual silly summer posting soon! Now am just tying up loose ends. In the next months I will keep writing about heat transport: Detailed simulations versus maverick’s rules of thumb, numerical solutions …

Other People Have Lives – I Have Domains (2017-06-06 22:17:47)
These are just some boring update notifications from the elkemental Webiverse. The elkement blog has recently celebrated its fifth anniversary, and the punktwissen blog will turn five in December. Time to celebrate this – with new domain names that says …

Earth, Air, Water, and Ice. (2017-02-05 11:48:33)
In my attempts at Ice Storage Heat Source popularization I have been facing one big challenge: How can you – succinctly, using pictures – answer questions like: How much energy does the collector harvest? or What’s the contribution of ground? …

My Data Kraken – a Shapeshifter (2016-12-22 10:53:56)
I wonder if Data Kraken is only used by German speakers who translate our hackneyed Datenkrake – is it a word like eigenvector? Anyway, I need this animal metaphor, despite this post is not about facebook or Google. It’s about …

Give the ‘Thing’ a Subnet of Its Own! (2016-11-20 11:44:44)
To my surprise, the most clicked post ever on this blog is this: Network Sniffing for Everyone: Getting to Know Your Things (As in Internet of Things) … a step-by-step guide to sniff the network traffic of your ‘things’ contacting …

Internet of Things. Yet Another Gloomy Post. (2016-09-30 21:18:41)
Technically, I work with Things, as in the Internet of Things. As outlined in Everything as a Service many formerly ‘dumb’ products – such as heating systems – become part of service offerings. A vital component of the new services …

Hacking My Heat Pump – Part 2: Logging Energy Values (2016-08-24 09:52:12)
In the last post, I showed how to use Raspberry Pi as CAN bus logger – using a test bus connected to control unit UVR1611. Now I have connected it to my heat pump’s bus. Credits for software and instructions: …

Hacking My Heat Pump – Part 1: CAN Bus Testing with UVR1611 (2016-08-03 10:04:39)
In the old times, measuring data manually sometimes meant braving the elements: Now, nearly all measurements are automated: In order to calculate the seasonal performance factor of the heat pump system we have still used the ‘official’ energy reading provided …

Have I Seen the End of E-Mail? (2016-06-10 09:46:03)
Not that I desire it, but my recent encounters of ransomware make me wonder. Some people in say, accounting or HR departments are forced to use e-mail with utmost paranoia. Hackers send alarmingly professional e-mails that look like invoices, job …

Photovoltaic Generator and Heat Pump: Daily Power Generation and Consumption (2016-06-01 12:21:02)
You can generate electrical power at home but you cannot manufacture your own natural gas, oil, or wood. (I exempt the minority of people owning forestry). This is often an argument for the combination of heat pump and photovoltaic generator. …

Everything as a Service (2016-05-19 13:57:08)
Three years ago I found a research paper that proposed a combination of distributed computing and heating as a service: A cloud provider company like Google or Amazon would install computers in users’ homes – as black-boxes providing heat to …

Personal website of Elke Stangl, Zagersdorf, Austria, c/o punktwissen.
elkement [at] subversiv [dot] at.