Data Safety and Information Security

Were you supposed to sign an electronic document? Come look deeper into what makes your electronic signature as secure as it should be.

In this guide, we will explain what SSRF attacks are and how you can protect against them with open-source Svix

Lots of companies are eager to provide their identity provider: Twitter, Facebook, Google, etc. For smaller businesses, not having to manage identities is a benefit. However, we want to avoid being locked into one provider. In this post, I want to demo how to use OpenID Connect using Google underneath and then switch to Azure. OpenID Connect The idea of an authorization open standard started with OAuth around 2006. Because of a security issue, OAuth 2.0 superseded the initial version. OAuth 2

The Biden administration today issued its vision for beefing up the nation's collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House's new national cybersecurity…

In secure website connections, a message authentication code (MAC) helps authenticate a message and its data integrity so you know its legit.

Following our popular article explaining what Adobe did wrong with its users’ passwords, a number of readers asked us, “Why not publish an article showing the rest of us how to do it ri…

I try to explain how attackers would guess your password, should they get their hands on your encrypted data. There are some thoughts on the strength of real-world passwords and suggestions for your new password.

Leaders will draw lessons from Ukraine for years, but one is already clear: delivering cyber defense assistance must be a key national security capability.

Today's adventure: DIY whole hog data exfiltration

Attackers have sophisticated, automated methods of prodding GraphQL deployments for security weaknesses, so stay alert about threats.

A woman shares her story on TikTok of almost being scammed by someone pretending to be a caller from her bank.

The botnet exploits flaws in various routers, firewalls, network-attached storage, webcams, and other products and allows attackers to take over affected systems.

Active in dozens of advanced hacks since 2009, Billbug is still going strong.

Shining a light on information threats

A modern, secure and privacy-friendly platform to establish your decentralized online identity

glibc 2.3.4 introduced _FORTIFY_SOURCE in 2004 to catch security errors due to misuse of some C library functions. The initially supported functions was fprintf, gets, memcpy, memmove, mempcpy, memset

D3FEND is a knowledge base of cybersecurity countermeasure techniques. In the simplest sense, it is a catalog of defensive cybersecurity techniques and their relationships to offensive/adversary techniques. The primary goal of the initial D3FEND release is to help standardize the vocabulary used to describe defensive cybersecurity technology functionality.

A number of financial institutions in and around New York City are dealing with a rash of super-thin "deep insert" card skimming devices designed to fit inside the mouth of an ATM's card acceptance slot. The card skimmers are paired…

Communities like Craigslist, OfferUp, Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don't deserve to end up in…

Denial of Service (DoS) attacks always have been the easiest way to inflict maximum financial damages without requiring advanced skills or techniques. With the advent of cloud computing, website owners can now deploy more resources than the attackers and gracefully handle these primitive attacks. It led to the development of

While software bill of materials (SBOMs) have emerged as a potential way for organizations to begin to secure their supply chains, they are not a panacea. However, complementing SBOMs with Supply-Chain Levels for Software Artifacts (SLSA) shows great promise. SLSA provides a framework and roadmap so that the industry can start adhering to the implementation of SBOMs and other security good practices for securing the software supply chain.

One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a "+" character after the username portion of your email address -- followed by…

We find it fascinating to contemplate the future of privacy and confidentiality in computation. Privacy-enhancing technologies (PETs), as a…

A new analysis commissioned by DARPA quantifies how the decentralized tech that runs the currency system could be compromised.