Rebooting the Blog with a clean WordPress install and finally no more encoding issues. WordPress still isn’t really doing what I want it to do.
Categories
(Crossposted from the CERT.at blog.) As I’ve written here, the EU unveiled a roadmap for addressing the encryption woes of law enforcement agencies in June 2025. As a preparation for this push, a “High-Level Group on access to data for effective law enforcement” has summarized the problems for law enforcement and developed a list of […]
Categories
NIS2 in Austria
We still don’t have a NIS2 law in Austria. We’re now more than a year late. As I just saw Süleyman’s post on LinkedIn I finally did the quick photoshop job I planned to do for a long time. Original: NIS2 Version: (Yes, this is a gross oversimplification. For the public administration side, we really […]
Categories
Browsertab Dump 2025-07-02
I keep accumulating pages in browser tabs that I should read and/or remember, but sometimes it’s really time to clean up.
Categories
LLM as compression algorithms
Back when I was studying computer science, one of the interesting bits was the discussion of the nformation content in a message which is distinct to the actual number of bits used to transmit the same message. I can remember a definition which involved the sum of logarithms of long-term occurrences versus the transmitted messages. […]
The EU is asking for feedback regarding the Implementing Acts that define some of the details of the NIS2 requirements with respect to reporting thresholds and security measures. I didn’t have time for a full word-for-word review, but I took some time today to give some feedback. For whatever reason, the EU site does not […]
Categories
Browsertab Dump 2024-07-23
I keep accumulating pages in browser tabs that I should read and/or remember, but sometimes it’s really time to clean up. So I’m trying something new: dump the links here in a blog post.
At CERT.at, we recently changed the way we send out bulk email notifications with RT: All Correspondence from the Automation user will have a different From: address compared to constituency interactions done manually by one of our analysts. How did I implement this? In the end, it was just a one-liner in the right spot. […]
(Crossposted from the CERT.at blog) Back in January 2024, I was asked by the Belgian EU Presidency to moderate a panel during their high-level conference on cyber security in Brussels. The topic was the relationship between cyber security and law enforcement: how do CSIRTs and the police / public prosecutors cooperate, what works here and […]
Categories
On Cybersecurity Alert Levels
Last week I was invited to provide some input to a tabletop exercise for city-level crisis managers on cyber security risks and the role of CSIRTs. The organizers brought a color-coded threat-level sheet (based on the CISA Alert Levels) to the discussion and asked whether we also do color-coded alerts in Austria and what I […]