3. The guy in the front
Johann-Peter Hartmann
Fulltime PHP Developer since 3.0.4
4. The guy in the front
Johann-Peter Hartmann
Fulltime PHP Developer since 3.0.4
likes PHP because people are nice and PHP is fun
5. The guy in the front
Johann-Peter Hartmann
Fulltime PHP Developer since 3.0.4
likes PHP because people are nice and PHP is fun
likes Security because Security is fun
6. The guy in the front
Johann-Peter Hartmann
Fulltime PHP Developer since 3.0.4
likes PHP because people are nice and PHP is fun
likes Security because Security is fun
Founder and CTO of Mayflower GmbH
7. The guy in the front
Johann-Peter Hartmann
Fulltime PHP Developer since 3.0.4
likes PHP because people are nice and PHP is fun
likes Security because Security is fun
Founder and CTO of Mayflower GmbH
CEO of SektionEins GmbH, founded with Stefan Esser
20. Why they attack You Informationsdiebstahl
Defacement
Malware
Unknown
Fraud
Blackmail
Link Spam
Worms
Phishing
Information Warfare
Source: Breach 2007
21. Why they attack You Informationsdiebstahl
Defacement
Malware
Unknown
Fraud
Blackmail
Link Spam
Worms
Phishing
42 % Information Warfare
Source: Breach 2007
22. Why they attack You Informationsdiebstahl
Defacement
Malware
Unknown
Fraud
Blackmail
Link Spam
Worms
Phishing
42 % Information Warfare
23 %
Source: Breach 2007
23. Why they attack You Informationsdiebstahl
Defacement
Malware
Unknown
Fraud
Blackmail
Link Spam
Worms
Phishing
42 % Information Warfare
15 %
23 %
Source: Breach 2007
24. Why they attack You Informationsdiebstahl
Defacement
Malware
Unknown
Fraud
Blackmail
Link Spam
Worms
8 %
Phishing
42 % Information Warfare
15 %
23 %
Source: Breach 2007
25. Why they attack You Informationsdiebstahl
Defacement
Malware
Unknown
Fraud
Blackmail
3 % Link Spam
Worms
8 %
Phishing
42 % Information Warfare
15 %
23 %
Source: Breach 2007
26. Why they attack You Informationsdiebstahl
Defacement
Malware
Unknown
Fraud
3 % Blackmail
3 % Link Spam
Worms
8 %
Phishing
42 % Information Warfare
15 %
23 %
Source: Breach 2007
27. Why they attack You Informationsdiebstahl
Defacement
Malware
3 % Unknown
Fraud
3 % Blackmail
3 % Link Spam
Worms
8 %
Phishing
42 % Information Warfare
15 %
23 %
Source: Breach 2007
28. Why they attack You Informationsdiebstahl
Defacement
Malware
3 % Unknown
Fraud
3 % 1 % Blackmail
3 % Link Spam
Worms
8 %
Phishing
42 % Information Warfare
15 %
23 %
Source: Breach 2007
29. Why they attack You Informationsdiebstahl
Defacement
Malware
3 % Unknown
Fraud
3 % 1 %
1 % Blackmail
3 % Link Spam
Worms
8 %
Phishing
42 % Information Warfare
15 %
23 %
Source: Breach 2007
30. Why they attack You Informationsdiebstahl
Defacement
Malware
3 % Unknown
Fraud
3 % 1 %
1 % Blackmail
3 % Link Spam
Worms
8 %
Phishing
42 % Information Warfare
15 %
23 %
Source: Breach 2007
31. How they attack You
SQL Injection
Information Disclosure
Known Exploits
XSS
Missing Authentication
Guessing of Logins/Sessions
OS Code Execution
Wrong configurations
Missing Anti-Automation
Denial Of Service
Redirect
Wrong Session-Timeout
CSRF
Source: NSI 2006
32. How they attack You
SQL Injection
20 % Information Disclosure
Known Exploits
XSS
Missing Authentication
Guessing of Logins/Sessions
OS Code Execution
Wrong configurations
Missing Anti-Automation
Denial Of Service
Redirect
Wrong Session-Timeout
CSRF
Source: NSI 2006
33. How they attack You
SQL Injection
20 % Information Disclosure
Known Exploits
XSS
Missing Authentication
Guessing of Logins/Sessions
OS Code Execution
17 % Wrong configurations
Missing Anti-Automation
Denial Of Service
Redirect
Wrong Session-Timeout
CSRF
Source: NSI 2006
34. How they attack You
SQL Injection
20 % Information Disclosure
Known Exploits
XSS
Missing Authentication
Guessing of Logins/Sessions
OS Code Execution
17 % Wrong configurations
Missing Anti-Automation
Denial Of Service
Redirect
Wrong Session-Timeout
15 % CSRF
Source: NSI 2006
35. How they attack You
SQL Injection
20 % Information Disclosure
Known Exploits
XSS
Missing Authentication
Guessing of Logins/Sessions
OS Code Execution
17 % Wrong configurations
Missing Anti-Automation
Denial Of Service
Redirect
12 % Wrong Session-Timeout
15 % CSRF
Source: NSI 2006
36. How they attack You
SQL Injection
20 % Information Disclosure
Known Exploits
XSS
Missing Authentication
Guessing of Logins/Sessions
OS Code Execution
17 % Wrong configurations
10 % Missing Anti-Automation
Denial Of Service
Redirect
12 % Wrong Session-Timeout
15 % CSRF
Source: NSI 2006
37. How they attack You
SQL Injection
20 % Information Disclosure
Known Exploits
XSS
Missing Authentication
8 % Guessing of Logins/Sessions
OS Code Execution
17 % Wrong configurations
10 % Missing Anti-Automation
Denial Of Service
Redirect
12 % Wrong Session-Timeout
15 % CSRF
Source: NSI 2006
38. How they attack You
SQL Injection
20 % Information Disclosure
Known Exploits
3 % XSS
Missing Authentication
8 % Guessing of Logins/Sessions
OS Code Execution
17 % Wrong configurations
10 % Missing Anti-Automation
Denial Of Service
Redirect
12 % Wrong Session-Timeout
15 % CSRF
Source: NSI 2006
39. How they attack You
SQL Injection
20 % Information Disclosure
Known Exploits
3 %
3 % XSS
Missing Authentication
8 % Guessing of Logins/Sessions
OS Code Execution
17 % Wrong configurations
10 % Missing Anti-Automation
Denial Of Service
Redirect
12 % Wrong Session-Timeout
15 % CSRF
Source: NSI 2006
40. How they attack You
SQL Injection
3 % 20 % Information Disclosure
Known Exploits
3 %
3 % XSS
Missing Authentication
8 % Guessing of Logins/Sessions
OS Code Execution
17 % Wrong configurations
10 % Missing Anti-Automation
Denial Of Service
Redirect
12 % Wrong Session-Timeout
15 % CSRF
Source: NSI 2006
41. How they attack You
3 % SQL Injection
3 % 20 % Information Disclosure
Known Exploits
3 %
3 % XSS
Missing Authentication
8 % Guessing of Logins/Sessions
OS Code Execution
17 % Wrong configurations
10 % Missing Anti-Automation
Denial Of Service
Redirect
12 % Wrong Session-Timeout
15 % CSRF
Source: NSI 2006
42. How they attack You
3 % SQL Injection
2 % 20 % Information Disclosure
3 %
Known Exploits
3 %
3 % XSS
Missing Authentication
8 % Guessing of Logins/Sessions
OS Code Execution
17 % Wrong configurations
10 % Missing Anti-Automation
Denial Of Service
Redirect
12 % Wrong Session-Timeout
15 % CSRF
Source: NSI 2006
43. How they attack You
2 %
3 % SQL Injection
2 % 20 % Information Disclosure
3 %
Known Exploits
3 %
3 % XSS
Missing Authentication
8 % Guessing of Logins/Sessions
OS Code Execution
17 % Wrong configurations
10 % Missing Anti-Automation
Denial Of Service
Redirect
12 % Wrong Session-Timeout
15 % CSRF
Source: NSI 2006
44. How they attack You
2 %
3 % 2 % SQL Injection
2 % 20 % Information Disclosure
3 %
Known Exploits
3 %
3 % XSS
Missing Authentication
8 % Guessing of Logins/Sessions
OS Code Execution
17 % Wrong configurations
10 % Missing Anti-Automation
Denial Of Service
Redirect
12 % Wrong Session-Timeout
15 % CSRF
Source: NSI 2006
45. A simple view on our
favourite platforms stack
PHP-Application
Apache MySQL PHP
Linux
Network
48. Network Attacks: DDoS
Distributed Denial of Service Attacken
from hundreds to millions of compromised
computers (BotNet)
sending out udp, icmp, tcp packet love, reflected
DNS, smart attacks with http
Network
49. Network Attacks: DDoS
Distributed Denial of Service Attacken
from hundreds to millions of compromised
computers (BotNet)
sending out udp, icmp, tcp packet love, reflected
DNS, smart attacks with http
up to 25Network
GB/s
51. Distributed Denial of Service
It‘s a business model
Blackmail (in-ist-drin.de 7/2007, many more)
Network
52. Distributed Denial of Service
It‘s a business model
Blackmail (in-ist-drin.de 7/2007, many more)
Political Reasons (Estland 5/2007, more than
1.000.000 computer in the botnet)
Network
53. Distributed Denial of Service
It‘s a business model
Blackmail (in-ist-drin.de 7/2007, many more)
Political Reasons (Estland 5/2007, more than
1.000.000 computer in the botnet)
criminal activities (Anti-419, Anti-Dialer-Sites)
Network
54. Distributed Denial of Service
It‘s a business model
Blackmail (in-ist-drin.de 7/2007, many more)
Political Reasons (Estland 5/2007, more than
1.000.000 computer in the botnet)
criminal activities (Anti-419, Anti-Dialer-Sites)
actually it was developped by and for script kiddies in
Network
IRC
55. How to protect against
DDos
You can‘t protect yourself
Network
56. How to protect against
DDos
You can‘t protect yourself
Your firewall won‘t help you if your uplink is smaller
than 25 G/s
Network
57. How to protect against
DDos
You can‘t protect yourself
Your firewall won‘t help you if your uplink is smaller
than 25 G/s
Your Provider can, ask for „DDos Managed Security
Services“
Network
58. How to protect against
DDos
You can‘t protect yourself
Your firewall won‘t help you if your uplink is smaller
than 25 G/s
Your Provider can, ask for „DDos Managed Security
Services“
2 solutions: blackhole your traffic, or use cleaning
Network
routers
59. How to protect against
DDos
You can‘t protect yourself
Your firewall won‘t help you if your uplink is smaller
than 25 G/s
Your Provider can, ask for „DDos Managed Security
Services“
2 solutions: blackhole your traffic, or use cleaning
Network
routers
you won‘t blackhole your christmas business, and
cisco ddos cleaning infrastructure is expensive
60. Safety for your local network
You got a firewall and a DMZ
Network
61. Safety for your local network
You got a firewall and a DMZ
Attack surface reduction - disable what is not needed
Network
62. Safety for your local network
You got a firewall and a DMZ
Attack surface reduction - disable what is not needed
FTP, SSH, SUN-RPC, DNS, SMTP, IMAP, POP
Network
63. Safety for your local network
You got a firewall and a DMZ
Attack surface reduction - disable what is not needed
FTP, SSH, SUN-RPC, DNS, SMTP, IMAP, POP
for non-public services you actually need
Network
64. Safety for your local network
You got a firewall and a DMZ
Attack surface reduction - disable what is not needed
FTP, SSH, SUN-RPC, DNS, SMTP, IMAP, POP
for non-public services you actually need
packet filtering, an own management ip
Network
65. Safety for your local network
You got a firewall and a DMZ
Attack surface reduction - disable what is not needed
FTP, SSH, SUN-RPC, DNS, SMTP, IMAP, POP
for non-public services you actually need
packet filtering, an own management ip
Network
better: use a vpn
66. How to secure Linux
Deactivate what you don‘t need
Linux
67. How to secure Linux
Deactivate what you don‘t need
Uninstall what you don‘t need
Linux
68. How to secure Linux
Deactivate what you don‘t need
Uninstall what you don‘t need
Harden your kernel
Linux
69. How to secure Linux
Deactivate what you don‘t need
Uninstall what you don‘t need
Harden your kernel
Linux
deactivate unneeded kernel features
70. How to secure Linux
Deactivate what you don‘t need
Uninstall what you don‘t need
Harden your kernel
Linux
deactivate unneeded kernel features
deactivate loadable kernel modules
71. How to secure Linux
Deactivate what you don‘t need
Uninstall what you don‘t need
Harden your kernel
Linux
deactivate unneeded kernel features
deactivate loadable kernel modules
Mandantory Access Control like SELinux or AppArmor
76. SELinux
Security Enhanced Linux
developped by the NSA
pretty secure from a technical point of view
Linux
part of the mainline kernel 2.6 and Redhat/Fedora
more than 700 different permission types
77. AppArmor - what it is
Originally „SubDomain“ developped by Immunix
Linux
78. AppArmor - what it is
Originally „SubDomain“ developped by Immunix
... bought by Novell
Linux
79. AppArmor - what it is
Originally „SubDomain“ developped by Immunix
... bought by Novell
Default part of Novell/SuSE Linux
Linux
80. AppArmor - what it is
Originally „SubDomain“ developped by Immunix
... bought by Novell
Default part of Novell/SuSE Linux
Open Source, can easily be used within other linux
Linux
distributions
81. AppArmor - what it is
Originally „SubDomain“ developped by Immunix
... bought by Novell
Default part of Novell/SuSE Linux
Open Source, can easily be used within other linux
Linux
distributions
SELinux for idiots
82. AppArmor - what it is
Originally „SubDomain“ developped by Immunix
... bought by Novell
Default part of Novell/SuSE Linux
Open Source, can easily be used within other linux
Linux
distributions
SELinux for idiots
We use it
83. AppArmor - what it does
simplified interface to Mandantory Access Control
Linux
84. AppArmor - what it does
simplified interface to Mandantory Access Control
based on file permissions and POSIX capabilities
Linux
85. AppArmor - what it does
simplified interface to Mandantory Access Control
based on file permissions and POSIX capabilities
based on filenames
Linux
86. AppArmor - what it does
simplified interface to Mandantory Access Control
based on file permissions and POSIX capabilities
based on filenames
rather simple Workflow
Linux
87. AppArmor - what it does
simplified interface to Mandantory Access Control
based on file permissions and POSIX capabilities
based on filenames
rather simple Workflow
Linux
you profile your softwares permissions while using it
88. AppArmor - what it does
simplified interface to Mandantory Access Control
based on file permissions and POSIX capabilities
based on filenames
rather simple Workflow
Linux
you profile your softwares permissions while using it
the profile defines the permissions needed (needs
some rework, though)
89. AppArmor - what it does
simplified interface to Mandantory Access Control
based on file permissions and POSIX capabilities
based on filenames
rather simple Workflow
Linux
you profile your softwares permissions while using it
the profile defines the permissions needed (needs
some rework, though)
90. Why AppArmor works for
idiots
upload.php should be able to write to „/images/“
Linux
91. Why AppArmor works for
idiots
upload.php should be able to write to „/images/“
Default is always deny, so you need to enable it
Linux
92. Why AppArmor works for
idiots
upload.php should be able to write to „/images/“
Default is always deny, so you need to enable it
SELinux:
Linux
93. Why AppArmor works for
idiots
upload.php should be able to write to „/images/“
Default is always deny, so you need to enable it
SELinux:
docroot label is /var/www/html is http_sys_content_t
Linux
-> allow writing for the whole /var/www/html
94. Why AppArmor works for
idiots
upload.php should be able to write to „/images/“
Default is always deny, so you need to enable it
SELinux:
docroot label is /var/www/html is http_sys_content_t
Linux
-> allow writing for the whole /var/www/html
AppArmor:
95. Why AppArmor works for
idiots
upload.php should be able to write to „/images/“
Default is always deny, so you need to enable it
SELinux:
docroot label is /var/www/html is http_sys_content_t
Linux
-> allow writing for the whole /var/www/html
AppArmor:
/var/www/html/config.inc.php w
96. Why AppArmor works for
idiots
upload.php should be able to write to „/images/“
Default is always deny, so you need to enable it
SELinux:
docroot label is /var/www/html is http_sys_content_t
Linux
-> allow writing for the whole /var/www/html
AppArmor:
/var/www/html/config.inc.php w
98. Hardening Apache
Disable every module you don‘t need.
mod_parmguard
Apache
set validation rules for every parameter
99. Hardening Apache
Disable every module you don‘t need.
mod_parmguard
Apache
set validation rules for every parameter
mod_security
100. Hardening Apache
Disable every module you don‘t need.
mod_parmguard
Apache
set validation rules for every parameter
mod_security
a free, small web application firewall
101. Hardening Apache
Disable every module you don‘t need.
mod_parmguard
Apache
set validation rules for every parameter
mod_security
a free, small web application firewall
filters by regular expressions for every part of the
request
102. Hardening Apache
Disable every module you don‘t need.
mod_parmguard
Apache
set validation rules for every parameter
mod_security
a free, small web application firewall
filters by regular expressions for every part of the
request
default rulesets (gotroot)
105. mod_security
bought by Breach Security, dual-licensed
filtering the low hanging fruits
Apache
106. mod_security
bought by Breach Security, dual-licensed
filtering the low hanging fruits
Apache
Code Executions, Inclusions, SQL-Injections, XSS
107. mod_security
bought by Breach Security, dual-licensed
filtering the low hanging fruits
Apache
Code Executions, Inclusions, SQL-Injections, XSS
if a security issue is found, an error message (usually an
error 500) is returned to the user
108. mod_security
bought by Breach Security, dual-licensed
filtering the low hanging fruits
Apache
Code Executions, Inclusions, SQL-Injections, XSS
if a security issue is found, an error message (usually an
error 500) is returned to the user
mod_security 2.0 is stateful and implements session
support
110. Web Application Firewalls
granular security rules custom tailored for your
application
bridge, router, reverse proxy or embedded in your
webserver, appliance or software
111. Web Application Firewalls
granular security rules custom tailored for your
application
bridge, router, reverse proxy or embedded in your
webserver, appliance or software
brute force mitigation, cookie encryption, url mapping
112. Web Application Firewalls
granular security rules custom tailored for your
application
bridge, router, reverse proxy or embedded in your
webserver, appliance or software
brute force mitigation, cookie encryption, url mapping
can learn the default behavior of your application
113. Web Application Firewalls
granular security rules custom tailored for your
application
bridge, router, reverse proxy or embedded in your
webserver, appliance or software
brute force mitigation, cookie encryption, url mapping
can learn the default behavior of your application
http parameters are normalized
116. MySQL Security
run MySQL in SELinux/AppArmor
deactivate networking: skip-networking
MySQL
117. MySQL Security
run MySQL in SELinux/AppArmor
deactivate networking: skip-networking
MySQL
deactivate file access: set-variable = local-infile=0
118. MySQL Security
run MySQL in SELinux/AppArmor
deactivate networking: skip-networking
MySQL
deactivate file access: set-variable = local-infile=0
remove all unneeded things:
119. MySQL Security
run MySQL in SELinux/AppArmor
deactivate networking: skip-networking
MySQL
deactivate file access: set-variable = local-infile=0
remove all unneeded things:
test databases
120. MySQL Security
run MySQL in SELinux/AppArmor
deactivate networking: skip-networking
MySQL
deactivate file access: set-variable = local-infile=0
remove all unneeded things:
test databases
default users, default rights
121. MySQL Security
run MySQL in SELinux/AppArmor
deactivate networking: skip-networking
MySQL
deactivate file access: set-variable = local-infile=0
remove all unneeded things:
test databases
default users, default rights
only the needed user rights for a certain task
122. MySQL Security
run MySQL in SELinux/AppArmor
deactivate networking: skip-networking
MySQL
deactivate file access: set-variable = local-infile=0
remove all unneeded things:
test databases
default users, default rights
only the needed user rights for a certain task
128. Suhosin Engine Patches
Global protection for Low-Level-Bugs in PHP
PHP
Memory Manager Hardening (Canary/Safe-Unlink)
129. Suhosin Engine Patches
Global protection for Low-Level-Bugs in PHP
PHP
Memory Manager Hardening (Canary/Safe-Unlink)
Hashtable Destructor Protection
130. Suhosin Engine Patches
Global protection for Low-Level-Bugs in PHP
PHP
Memory Manager Hardening (Canary/Safe-Unlink)
Hashtable Destructor Protection
Protection against Format String Vulnerabilities
131. Suhosin Engine Patches
Global protection for Low-Level-Bugs in PHP
PHP
Memory Manager Hardening (Canary/Safe-Unlink)
Hashtable Destructor Protection
Protection against Format String Vulnerabilities
Realpath() Hardening
139. Suhosin Logging
for intrusion detection and configuration
supports several output channels
PHP
syslog, shell script, PHP script, file
140. Suhosin Logging
for intrusion detection and configuration
supports several output channels
PHP
syslog, shell script, PHP script, file
several impact levels
141. Suhosin Logging
for intrusion detection and configuration
supports several output channels
PHP
syslog, shell script, PHP script, file
several impact levels
Log Message with file, line and remote IP
142. Suhosin Logging
for intrusion detection and configuration
supports several output channels
PHP
syslog, shell script, PHP script, file
several impact levels
Log Message with file, line and remote IP
Simulation mode to tune suhosin
146. Coding Guidelines
E_ALL/E_STRICT safe coding
no global variables, no variable scope overwriting
PHP
forbidden functions
constants are used where they can be used
147. Coding Guidelines
E_ALL/E_STRICT safe coding
no global variables, no variable scope overwriting
PHP
forbidden functions
constants are used where they can be used
Parameter Binding Datenbank-API
148. Coding Guidelines
E_ALL/E_STRICT safe coding
no global variables, no variable scope overwriting
PHP
forbidden functions
constants are used where they can be used
Parameter Binding Datenbank-API
Libraries for CSRF protection, input validation, filtering,
escaping, database access
150. Input / Output Flow in PHP
Input check:
Validation is done based on the knowledge of the
expected content PHP
151. Input / Output Flow in PHP
Input check:
Validation is done based on the knowledge of the
expected content PHP
If the input isn‘t valid, it should be deleted or
sanitized
152. Input / Output Flow in PHP
Input check:
Validation is done based on the knowledge of the
expected content PHP
If the input isn‘t valid, it should be deleted or
sanitized
Output Escaping:
153. Input / Output Flow in PHP
Input check:
Validation is done based on the knowledge of the
expected content PHP
If the input isn‘t valid, it should be deleted or
sanitized
Output Escaping:
there are 5 escape methods for HTML, 1 for SQL, 2
for Shell usage. No Default escape.
155. PHP-IDS
It‘s an IDS, not an XSS filter
Better-than-nothing solution, like mod_security
PHP
156. PHP-IDS
It‘s an IDS, not an XSS filter
Better-than-nothing solution, like mod_security
PHP
there has always been a IDS evasion
157. PHP-IDS
It‘s an IDS, not an XSS filter
Better-than-nothing solution, like mod_security
PHP
there has always been a IDS evasion
no excuse to abandon proper validation, filtering and
escaping
158. PHP-IDS
It‘s an IDS, not an XSS filter
Better-than-nothing solution, like mod_security
PHP
there has always been a IDS evasion
no excuse to abandon proper validation, filtering and
escaping
Can be used to detect attacks and react in the
application
160. Questions?
Contact me at:
johann-peter.hartmann@sektioneins.de
Hinweis der Redaktion
PHP is used in a lot of environments where security is a good idea, like banks, credit data, porn sites etc. Who is working with personal data? who is working with credit card data? Medical information? information with personal sexual information (like a dating site)? \n
\n
\n
\n
\n
\n
\n
Sorry i can‘t go into depth \n
Sorry i can‘t go into depth \n
Sorry i can‘t go into depth \n
Sorry i can‘t go into depth \n
Sorry i can‘t go into depth \n
Sorry i can‘t go into depth \n
Sorry i can‘t go into depth \n
\n
Der Angreifer ist also keineswegs mehr der Amateur zuhause, sondern Dienstleister in einem funktionierenden Markt. „Für 40.000 Euro bekommt man die Daten jeder Firma“\n
Der Angreifer ist also keineswegs mehr der Amateur zuhause, sondern Dienstleister in einem funktionierenden Markt. „Für 40.000 Euro bekommt man die Daten jeder Firma“\n
Hauptmotivation ist Informationsdiebstahl, dh. der Diebstahl von sensiblen Daten. Aus diesem Grund wird dieses Thema auch explizit behandelt. \n
Hauptmotivation ist Informationsdiebstahl, dh. der Diebstahl von sensiblen Daten. Aus diesem Grund wird dieses Thema auch explizit behandelt. \n
Hauptmotivation ist Informationsdiebstahl, dh. der Diebstahl von sensiblen Daten. Aus diesem Grund wird dieses Thema auch explizit behandelt. \n
Hauptmotivation ist Informationsdiebstahl, dh. der Diebstahl von sensiblen Daten. Aus diesem Grund wird dieses Thema auch explizit behandelt. \n
Hauptmotivation ist Informationsdiebstahl, dh. der Diebstahl von sensiblen Daten. Aus diesem Grund wird dieses Thema auch explizit behandelt. \n
Hauptmotivation ist Informationsdiebstahl, dh. der Diebstahl von sensiblen Daten. Aus diesem Grund wird dieses Thema auch explizit behandelt. \n
Hauptmotivation ist Informationsdiebstahl, dh. der Diebstahl von sensiblen Daten. Aus diesem Grund wird dieses Thema auch explizit behandelt. \n
Hauptmotivation ist Informationsdiebstahl, dh. der Diebstahl von sensiblen Daten. Aus diesem Grund wird dieses Thema auch explizit behandelt. \n
Hauptmotivation ist Informationsdiebstahl, dh. der Diebstahl von sensiblen Daten. Aus diesem Grund wird dieses Thema auch explizit behandelt. \n
Hauptmotivation ist Informationsdiebstahl, dh. der Diebstahl von sensiblen Daten. Aus diesem Grund wird dieses Thema auch explizit behandelt. \n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
Nowadays you could start with the layer above, too - but don‘t ask me, ask the ajax in action guys about that. \n
\n
\n
\n
\n
There is a big dark area when it comes to blackmail. \nHappens usually on christmans\n
There is a big dark area when it comes to blackmail. \nHappens usually on christmans\n
There is a big dark area when it comes to blackmail. \nHappens usually on christmans\n
There is a big dark area when it comes to blackmail. \nHappens usually on christmans\n
There is a big dark area when it comes to blackmail. \nHappens usually on christmans\n