Data Safety and Information Security

Head’s up: This is a blog post about applied cryptography, with a focus on web and cloud applications that encrypt data at rest in a database or filesystem. While the lessons can be broadly a…

In session after session, attendees at EIC are hearing the message that decentralized identity is the answer to their identity problems.

David A. Wheeler's Page on Countering 'Trusting Trust' through Diverse Double-Compiling (DDC) - Countering Trojan Horse attacks on Compilers

When I started this blog over a decade ago, my understanding of postmodernism arose from my college studies of art history and aesthetics. Like Camille Paglia, I was not a fan of the movement or th…

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers…

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort…

The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called "likely the world's largest botnet ever." The arrest…

Plus: A whistleblower claims the Biden administration falsified a report on Gaza, “Operation Endgame” disrupts the botnet ecosystem, and more.

musings on tech, politics, music, and more

Unlock the Power of Zero Knowledge Proofs with our Comprehensive Guide. Learn How to Implement and Utilize this Cutting-Edge Technology Today

Learn about Zero Knowledge claims and how they can help in securing your Identity.

Zero-knowledge proofs are probabilistic assessments that take efficiency of portable digital identity solutions to the next level.

We discuss the impact of API gateways on API management and security, helping you to make the right choices in your integration journey.

Zero-knowledge proofs (ZKPs) have emerged as a pivotal cryptographic innovation representing a paradigm shift replacing the need to trust with the ability to verify. This comprehensive exploration will shed light on how ZKPs are reshaping privacy and security paradigms across various sectors. By the end of this article, policymakers will have gained a nuanced understanding of ZKPs' potential to improve security while maintaining privacy across a wide range of use cases and why they are indispensable in today’s digital ecosystem.

In the digital age, confirming our age has become a routine part of our online interactions. Whether it’s accessing social media platforms…

On June 13, 2023, the Ethics and Public Policy Center and the Institute for Family Studies released a new legislative...

Introduction

Passwords are a poor solution for authenticating users–but none of the alternatives are very good, either. So, what do I use?

Learn how to use JWT for authorization, understand the basics of what JWT is, and explore examples of proper JWT usage in authentication and authorization.

This is a lightly edited transcript of my presentation today at the ACCSS/NCSC/Surf seminar ‘Cyber Security and Society’. I want to thank the organizers for inviting me to their conference & giving me a great opportunity to talk about something I worry about a lot. Here are the original slides with notes, which may be useful to view together with the text below. In the notes there are also additional URLs that back up the claims I make in what follows.

By leveraging an attestation mechanism and simplifying the provision of security services via blockchain node gateways, we can improve user safety in web3.

Uncovering what each identity is accessing and why, startup Token Security provides essential data to understand microservices vulnerabilities.

William writing at Firstyear's blog-a-log: Passkeys: A Shattered Dream Passkeys are now seen as a way to capture users and audiences into a platform. What better way to encourage long term entrapment of users then by locking all their credentials into your platform, and even better, credentials that can't be

an interactive guide to the game theory of why & how we trust each other

TunnelVision vulnerability has existed since 2002 and may already be known to attackers.

The Internet of Things (IoT) security is one of the most important issues developers have to face. Data tampering must be prevented in IoT devices and some or all of the confidentiality, integrity, and authenticity of sensible data files must be assured in most practical IoT applications, especially when data are stored in removable devices such as microSD cards, which is very common. Software solutions are usually applied, but their effectiveness is limited due to the reduced resources available in IoT systems. This paper introduces a hardware-based security framework for IoT devices (Embedded LUKS) similar to the Linux Unified Key Setup (LUKS) solution used in Linux systems to encrypt data partitions. Embedded LUKS (E-LUKS) extends the LUKS capabilities by adding integrity and authentication methods, in addition to the confidentiality already provided by LUKS. E-LUKS uses state-of-the-art encryption and hash algorithms such as PRESENT and SPONGENT. Both are recognized as adequate solutions for IoT devices being PRESENT incorporated in the ISO/IEC 29192-2:2019 for lightweight block ciphers. E-LUKS has been implemented in modern XC7Z020 FPGA chips, resulting in a smaller hardware footprint compared to previous LUKS hardware implementations, a footprint of about a 10% of these LUKS implementations, making E-LUKS a great alternative to provide Full Disk Encryption (FDE) alongside authentication to a wide range of IoT devices.

In the era of passwordless systems, Bitwarden is looking beyond passkeys and into broader protection of sensitive info.

Dive into the world of Authz and its role in streamlining user permissions at scale. Explore AuthZ, and the benefits of fine-grained authorization and access management.

Welcome to the SpiceDB and AuthZed docs site.