After a few years of not updating this blog, I finally managed to get the static site generator Blogofile to build a new version of this site. In 2019, my colleague Tobias and I founded our own penetration testing company in St. Gallen and in Berlin called Pentagrid. For a few years now, we provide IT security testing services mainly for Switzerland, Liechtenstein, and Germany.
We publish most of our content regarding IT security such as advisories and pentesting tools over in our blog. Our company is also at Mastodon in the Information security community. If you are not in the Fediverse, but still on Twitter, you may follow Pentagrid's IT security related updates. We are also on Linkedin and Xing.
Am 14. März 2017 veranstaltete das Deutsches Krankenhausinstitut die Konferenz "IT-Sicherheit im Krankenhaus - Aktuelle Gefahren, Anforderungen und Lösungsansätze" in Düsseldorf. Ich war als Referent des Chaos Computer Clubs dort und sprach in meinem 30-Minuten-Slot über Goldstandard-Sicherheitsprobleme und sonstigen Cyber.
I would like to share some insights into “professional” traveling. This post condenses some personal travel experiences and experiences by others, because it is also possible to learn from mistakes and incautiousness of others. The focus is clearly on Europe, because if you travel to farther countries, you may experience more complex issues during your trip. Also, travelling with children is completely different, too. Here is my list of recommendations, but please take everything with a grain of salt as it should not be taken too serious.
Whatever you take as a vehicle to reach your destination, it will be delayed. This is no problem as long as you do not depend on any connecting train or plane. In a few situations, the connecting vehicle will wait to compensate the delay, but in most cases not. Thus, if you booked the last possible train or plane and it gets delayed, you may be braced for an overnight stay at a usually unpleasant location.
As already said, vehicles will be delayed—that should be clear, but usually you don’t know the exact reason for the delay, before. It could be snow and there is a slight chance that you can predict it. But be aware of situations, where the rail or road is blocked by another vehicle. Sometimes, there is a chance that you are able to leave your blocked vehicle and switch to a cab. In order to avoid more hassle than necessary, you should have some money to pay for it.
You know, you can’t put everything in your carry-on baggage. If you possess extraordinary items like—let’s say shampoo—you have to book extra baggage for your flight. But be aware, don’t put everything in your baggage. You should expect that things will fail. An absolutely unsuitable failure is the loss of baggage by the airline, when you want to meet your customer on site the next day with clean clothes. Thus, put some backup clothes in your carry-on baggage. Everything else could be bought at an airport or at a petrol station or is part of your first-aid kit from the lost baggage service. Contrary to a popular book, a towel is not necessary.
Be aware, that most family-operated hotels or hotels outside the big metropolises have no 24/7 reception. Thus, you should always ensure that you are able to get your room, even if you are beyond your original traveling schedule. Call your hotel at latest on the day of arrival and ask if everything is fine. You are already aware that the booking service may have failed, too.
If you live in a big city, you should be aware that opening hours at your destination may have unexpected limits such as 6 p.m. and that buying things may be a problem. If you get surprised, petrol stations are your friend.
If you read Sherlock Holmes carefully, you should know that taking the first hackney, which waits in front of 221B Baker Street is a beginner's mistake. You should also know that this situation has not changed since. Certainly you will not start your trip at Baker Street, but likely at an airport in a foreign city. If there is someone unknown catching you at the airport exit and asking you if you need a cab, just say “no” and choose a cab by yourself.
As a pro, you will have researched taxi fares via the Internet before and you asked the cab driver for a cost estimation at the latest when you are entering the cab.
Things are different once you leave your home zone and you have to deal with unexpected and unrecognized situations. First, bank holidays differ from country to country. Familiarize yourself with the circumstances at your destination. Second, be aware of local strikes you may have not read about them in the trans-regional papers. You may fall back to cabs, but everyone needs one, if there is a public transport strike. Thus, be early.
Check for trade shows as early as possible. If not, you may notice it, once you want to book your hotel at the latest possible moment. A two-star hotel room with shared toilet and bad breakfast may cost 300 Euros in Germany per night and algorithms at your preferred booking platform may boost hotel prices up to 1000 Euros per day.
Instead of paying too much money for a too poor hotel, you may prefer a hotel that is distant from your site of operation and that comes up with surprising levels of quality. Pay less for a much better breakfast and a better hotel room in a beautiful city or district.
If you book your hotel via a travel agency, do not rely on their assessment. In most cases, they usually will not know your requirements, they will not know the on-site circumstances, the weighting factors for your booking decision or what level of quality you will get for a certain amount of money. Research for yourself or a ask people you know.
Be prepared and have a pleasant journey!
Image source: Sidney Paget
As I work for quite some time as a full-time analyst at modzero, a boutique security company, I finally updated this website to reflect this change. I will keep my blog posts here and if there are things I like to document - likely security-related - that will happen here, too.
Welcome to my new blog. I will use this blog for IT security related postings, but it is not limited to. Please do not expect frequent updates.
Over at Pentagrid, we provide pentesting services.