@inproceedings{SaatjohannIsingGierlingsetal.2022, author = {Saatjohann, Christoph and Ising, Fabian and Gierlings, Matthias and Noss, Dominik and Schimmler, Sascha and Klemm, Alexander and Grundmann, Leif and Frosch, Tilman and Schinzel, Sebastian}, title = {Sicherheit medizintechnischer Protokolle im Krankenhaus}, series = {SICHERHEIT 2022. Hrsg. Christian Wressnegger, Delphine Reinhardt, Thomas Barber, Bernhard C. Witt, Daniel Arp, Zoltan Mann}, booktitle = {SICHERHEIT 2022. Hrsg. Christian Wressnegger, Delphine Reinhardt, Thomas Barber, Bernhard C. Witt, Daniel Arp, Zoltan Mann}, publisher = {Gesellschaft f{\"u}r Informatik e.V.}, address = {Bonn}, isbn = {978-3-88579-717-3}, issn = {1617-5468}, doi = {10.18420/sicherheit2022_09}, url = {http://nbn-resolving.de/urn:nbn:de:hbz:836-opus-150072}, year = {2022}, abstract = {Medizinische Einrichtungen waren in den letzten Jahren immer wieder von Cyber-Angriffen betroffen. Auch wenn sich diese Angriffe derzeit auf die Office-IT-Infrastruktur der Einrichtungen konzentrieren, existiert mit medizinischen Systemen und Kommunikationsprotokollen eine weitere wenig beachtete Angriffsoberfl{\"a}che. In diesem Beitrag analysieren wir die weit verbreiteten medizintechnischen Kommunikations-Protokolle DICOM und HL7 sowie Protokoll-Implementierungen auf ihre IT-Sicherheit. Daf{\"u}r pr{\"a}sentieren wir die Ergebnisse der Sicherheitsanalyse der DICOM- und HL7-Standards, einen Fuzzer "MedFUZZ" f{\"u}r diese Protokolle sowie einen Schwachstellenscanner "MedVAS", der Schwachstellen in medizintechnischen Produktivumgebungen auffinden kann.}, language = {de} } @inproceedings{MayerPoddebniakFischeretal.2022, author = {Mayer, Peter and Poddebniak, Damian and Fischer, Konstantin and Brinkmann, Marcus and Somorovsky, Juraj and Schinzel, Sebastian and Volkamer, Melanie}, title = {"I don't know why I check this...'' - Investigating Expert Users' Strategies to Detect Email Signature Spoofing Attacks}, series = {Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)}, booktitle = {Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)}, publisher = {USENIX Association}, address = {Boston, MA}, isbn = {978-1-939133-30-4}, pages = {77 -- 96}, year = {2022}, abstract = {OpenPGP is one of the two major standards for end-to-end email security. Several studies showed that serious usability issues exist with tools implementing this standard. However, a widespread assumption is that expert users can handle these tools and detect signature spoofing attacks. We present a user study investigating expert users' strategies to detect signature spoofing attacks in Thunderbird. We observed 25 expert users while they classified eight emails as either having a legitimate signature or not. Studying expert users explicitly gives us an upper bound of attack detection rates of all users dealing with PGP signatures. 52\% of participants fell for at least one out of four signature spoofing attacks. Overall, participants did not have an established strategy for evaluating email signature legitimacy. We observed our participants apply 23 different types of checks when inspecting signed emails, but only 8 of these checks tended to be useful in identifying the spoofed or invalid signatures. In performing their checks, participants were frequently startled, confused, or annoyed with the user interface, which they found supported them little. All these results paint a clear picture: Even expert users struggle to verify email signatures, usability issues in email security are not limited to novice users, and developers may need proper guidance on implementing email signature GUIs correctly.}, language = {en} }