AliceBob&Eve - A blog about software security, specifications and fuckups. Mobile Version.

Latest entries

  • Wifi cracking and pwnagotchi - An AI boosted mobile bettercap tool

    During the last few weeks I had a lot of fun with a nice little project called pwnagotchi. It’s an automation frontend for bettercap, can be run on a Pi Zero and enables automated wifi-handshake collection. An AI supports finding better scanning parameters. And it has an adorable face.
    (~ 6 minutes reading time) Read more...

  • 2nd Factors, an overview about Fido, OATH and One-Time-Pads

    I felt like upgrading my Yubikey to a USB-C version and use that opportunity to dive a little bit deeper into the different OTP specs and how I want to use my second factor. Still falling down the rabbit hole, but here is some kind of overview of fido2, u2f, oath-hotp, yubico-otp and others…
    (~ 9 minutes reading time) Read more...

  • Don't use security questions!

    The railway company Deutsche Bahn just added security questions to their booking application, or at least bothers me to add some. It’s 2019 and we all should know by now, that this kind of measures weaken security. Let’s see why…
    (~ 7 minutes reading time) Read more...