Data Safety and Information Security

For the "W3C Workshop on the Future of Social Networking", taking place in Barcelona January 2009

The concept of a Web of Trust is most closely associated with Phil Zimmerman and PGP. The basic idea is that by signing each other's keys, usually at things like key signing parties, people could grow the network of keys they trusted to sign or encrypt documents such as email, sign legal documents, etc... The distributed system of trust feels right, but the idea never really took off, even though the keysigning parties must have been fun, probably because they still required physical presence. In foaf+ssl we are also using a Web of Trust mechanism, but as I will show here, this does not require key signing, and furthermore it uses PKI to do this (some may say it subverts PKI to do this). It should therefore be able to grow much faster, and hopefully give us the same benefits.

Product security plans and automating security with security as code offer a new — and better — approach to achieving app and cloud security goals.

Everyone loves themes. Doesn’t matter if it’s a text editor or a smart display in the kitchen, we want to be able to easily customize its look and feel to our liking. When setting up a …

How to secure BigData or microservices efficiently on the Web

Have you heard about SOPS? If you have already been in a situation where you needed to share sensitive information with your teammates, this is for you.

Learn how to encrypt your secrets with Mozilla/SOPS

Modern and secure platform to manage a decentralized identity based on cryptographic keys

Read on to understand how Google currently evaluates the threat landscape related to post-quantum cryptography, and what implications this has for migrating from classical cryptographic algorithms to PQC.

When I first used passkeys, I felt they had too many issues to be used in production, but I’ve changed my mind. I recommend these steps for using them.

A cautionary FOSDEM talk from the Nix community about all the vulnerable software that may still overlooked on your systems.

Authentication is central to securing applications and enabling personalised websites. This post discusses the different forms of authentication used in software.

Police believe a string of nine robberies in Edina have used this tech.

This blog post uses storytelling to introduce beginners to Verifiable Credentials, followed by a...

The Best Memorable Password Generator ever that is completely free. Easily create secure, unique and strong passwords in no time.

How ZITADEL, an open source identity and access management solution, implements event sourcing right from the start.

A tool intended for security, SSH-Snake, now aids attackers in exploiting networks. Discover the depths of its reach and how to safeguard your infrast

Learn how to use Postgres’ Row Level Security functionality. It’s a great tool for managing key-based partitioning in a multi-tenant world.

Verifiable Credentials can be stored on digital devices, and you can use cryptography to verify their data and authorship. Let's learn mo...

Techstrong Research finds the imperative to secure the software supply chain and CI/CD pipelines is undeniable and urgent.

Repo-jacking is a specific type of supply chain attack. This blog post explains what it is, what the risk is, and what you can do to stay safe.

DNS resolvers (those that handle DNSSEC, at least) are almost uniformly vulnerable to an exploit that has been named "KeyTrap". In short, the right type of packet can send a DNS system into something close to an infinite loop, taking it out of service indefinitely.

Bot detection is the process of distinguishing between bot and human activity, as well as between malicious and legitimate bots.

Want to improve your bot detection? Learn how to detect & prevent sophisticated bots with powerful & easy-to-implement bot detector methods.

Learn about the scalability challenges of Pre-shared (PSK) configurations in the enterprise, as well as how 802.1X addresses and resolves them elegantly.

The physical world is full of zero trust examples, but they gather attributes for the access control decisions in a very different way than we're used to online.

Rest assured, adopting a Zero Trust strategy need not be overwhelming or complicated —we encourage gradual implementation and highlight the potential for steady progress and strengthened resilience within any organization. Get started on your Zero Trust journey today.