Data Safety and Information Security

While network protocols such as TCP (Transmission Control Protocol), UDP (User Datagram Protocol), and SCTP (Stream Control Transmission Protocol)

Network Protocols: Beyond the Web's Horizon Software's communication capabilities extend far beyond the familiar confines of HTTP. Applications frequently

Data Structures: The Blueprint of Network Communication At the heart of every network protocol lies its data structures. These are the meticulously

Weigh the soul of incoming HTTP requests to protect your website!

Magic links, those emailed one-time login links, are annoying and inconvenient for folks who use a password manager, but they radically accept some fundamental truths about signing in for everyone else. By layering passkeys on top of magic links, websites can provide a seamless authentication experience for all users.

Today, we open sourced our Zero-Knowledge Proof (ZKP) libraries, fulfilling a promise and building on our partnership with Sparkasse to support EU age assurance.

What we’ve learned the hard way: Isolation might be the most important primitive in distributed computing that we still haven’t gotten right.

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report…

A cabal of Russian-nexus adtech companies are the cybercriminal choice to drive users to scams and malware from millions of compromised sites.

I often ask people: What’s the most important thing you need to have a successful fishing trip? I get a lot of different answers about bait, equipment, and boats. Some people tell me beer. Bu…

Abuse allows Meta and Yandex to attach persistent identifiers to detailed browsing histories.

Understand the common authentication methods used for NHIs, each method's architecture, typical use cases, and real-world security posture.

KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been…

The Dangerous Illusion of Trustless Systems

Decentralized Identity (DID) offers a groundbreaking solution…

.

DID Authentication is a protocol that enables the controller of an DID to sign a random message. In other words, giving proof of ownership of a DID.

This article will provide a comprehensive yet simple introduction to DID:WEB and the W3C Verifiable Credentials. It will also comes with…

Deciding when to use Advanced Cryptography to protect your data

Key signing parties attempted to establish decentralized trust but they ultimately failed due to poor usability, lack of incentives, and shallow trust models. Verifiable Relationship Credentials (VRCs) provide a modern, peer-to-peer approach that enables actionable, contextual trust built on decentralized identifiers, and secure messaging. First-person identity emerges from direct connections that form relationships, mutual authentication, and portable, verifiable trust.

Listening to Drummond Reed at VRM Day, I was struck by how “first person”—a term that resonates more intuitively than “self-sovereign”—captures the essence of empowering individuals to build digital relationships rooted in personal agency, without intermediaries.

When dynamic access control with JIT access is thoughtfully implemented, you shift the burden of security from employees to systems that automate protection, making it proactive and intelligent.

IIW XL brought together over 300 participants from 27 countries, highlighting the growing global momentum behind decentralized identity, digital wallets, and agent-based architectures.

Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.” Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI models—models that, by accident or malice, can generate existential threats to humanity. Although Guillotine borrows some well-known virtualization techniques, Guillotine must also introduce fundamentally new isolation mechanisms to handle the unique threat model posed by existential-risk AIs. For example, a rogue AI may try to introspect upon hypervisor software or the underlying hardware substrate to enable later subversion of that control plane; thus, a Guillotine hypervisor requires careful co-design of the hypervisor software and the CPUs, RAM, NIC, and storage devices that support the hypervisor software, to thwart side channel leakage and more generally eliminate mechanisms for AI to exploit reflection-based vulnerabilities. Beyond such isolation at the software, network, and microarchitectural layers, a Guillotine hypervisor must also provide physical fail-safes more commonly associated with nuclear power plants, avionic platforms, and other types of mission critical systems. Physical fail-safes, e.g., involving electromechanical disconnection of network cables, or the flooding of a datacenter which holds a rogue AI, provide defense in depth if software, network, and microarchitectural isolation is compromised and a rogue AI must be temporarily shut down or permanently destroyed. ...

Used by nation-states and crime groups, fast flux bypasses many common defenses.

Here at Trail of Bits we review a lot of code. From major open source projects to exciting new proprietary software, we’ve seen it all. But one common denominator in all of these systems is that for some inexplicable reason people still seem to think RSA is a good cryptosystem to use. Let me save […]

Your printer is a snitch. It's a homing beacon for law enforcement– even offline.