Data Safety and Information Security

A non-security person's take on using CSPs in the real world.

I hope this post can help reduce confusion around exactly how Sigstore’s trust model works, and how trust flows from the community root…

The modern internet is full of services that want to know who you are. Fingerprinting is the latest way to do this: capturing many small…

Trust and integrity are critical to the internet of things. If a business or consumers can’t trust the data, the IoT fails.

What is the difference between permissions, privileges, and scopes in the authorization context? Let's find out together.

In engineering, a common approach to security concerns is to address those requirements after delivery. This is inefficient for the following reasons: Fails to consider how the requirement(s) can b…

Digital memories are an important component of our digital embodiment. SSI provides a foundation for self-sovereign digital memories to solve the digital-analog memory divide.

Boffins measure the black hole of dubious certs and find it troubling

Photuris: Session-Key Management Protocol (RFC )

What is the trusting trust problem? Schneier on Security, Countering "Trusting Trust" Way back in 1974, Paul Karger and Roger Schell discovered a devastating attack against computer systems. Ken Thompson described it in his classic 1984 speech, “Ref...

When first integrating your apps with an IAM system, there is a learning curve to identify and meet the important requirements.

Zero-knowledge proofs are a powerful cryptographic technique at the heart of self-sovereign identity (SSI). This post should help you understand what they are and how they can be used.

In the early 1950s, a prominent magician wrote a top-secret manual of "trickery and deception" for the C.I.A.

Learn spy terms, phrases, and code words with the International Spy Museum. Put in the work here and you’ll be using spy lingo in no time.

Tradecraft: The CIA, KGB, Mossad and More

Leo recognizes IoCs mentioned in articles, and can gather them for you

Researchers urge developers to secure code by disallowing non-ASCII characters

We did the basics—now let's look at some more detailed steps to protect yourself.

In this first of two parts, we go over some security steps everyone should be taking.

Data privacy software for businesses. Fides is a suite of open-source devtools and data tools for developers and privacy teams.

The Linux Foundation has introduced LFX Security, a new tool to help secure software supply chains. It scans for vulnerabilities using Synk's open source security platform and looks for secrets-in-code and non-inclusive language using BluBracket's automatic scanning functionality.

The bots convincingly and effortlessly help hackers break into Coinbase, Amazon, PayPal, and bank accounts.

Now that most of our communications are digital, a problem arises: How to keep our messages private despite all the intermediaries? Internet Service Providers (ISPs) and Service providers (Facebook, Telegram, Line, WeChat…) are all in a position of Man-In-The-Middle (MITM) and are able to inspect, record, and even modify our communications without our consent or knowledge. And this is before talking about malicious actors. ISP - service provide (ex: Chat) - ISP - Bob -- You may think that you have nothing to hide, so it doesn’t matter.