This past weekend was DEF CON 29 (my second virtual DEF CON, though it was a hybrid event this year). Knowing that most content both from the main tracks as well as the villages would become available on YouTube, I decided to postpone serious...

Malware is a threat against both organization and individuals in enterprise environments. These days, a large majority of network-traffic is encrypted on the wire, which protects the confidentiality and integrity of the data – but also creates issues for...

Or: Unsolicited career-advice on the internet

It's been a long time since my last post.

Lots have happened since then, but I thought I'd summarize what looks to be the end of the saga of Smittestopp, the Norwegian Covid-app.

For more info, I recommend reading this and this post from the Peace...

Simula attempts to recover, rewrite history

Yesterday I came across a tweet from Lukasz Olejnik, sharing his work on privacy assessment in web standards – and data leakage via the W3C Ambient Light Sensor API in particular.

TLDR; It deals with a sort of side channel attack: A list of domains is...

... it's a starting point

We – the government appointed expert group – published our final public report last month (informally summarized by me in English here) on the Norwegian COVID-19 app "Smittestopp", ascertaining whether security and privacy is responsibly taken care...

Norwegian parliament passes mass surveillance bill

In this post I'll attempt to give a brief, but thorough introduction to privacy. This ambitious task is motivated in part by the staggering amount of people I've dealt with that lack a proper understanding of the subject – whether they be politicians,...