Data Safety and Information Security

Demonstration of the WebAuthn specification.

Hello passkeys, goodbye passwords! passkeys.dev is a collection of resources and insights to help you deploy passkeys, including practical user experiences, device ecosystem support, frequently asked questions, and more.

Microsoft, Mozilla, and Google are all implementing the new standard.

This document describes a mechanism for creating, encoding, and verifying digital signatures or message authentication codes over components of an HTTP message. This mechanism supports use cases where the full HTTP message may not be known to the signer and where the message may be transformed (e.g., by intermediaries) before reaching the verifier. This document also describes a means for requesting that a signature be applied to a subsequent HTTP message in an ongoing HTTP exchange.

Disclaimer: Thoughts expressed here are my own, and not of my employers.

You can try the new system out right now.

This tech tests your browser to see if you’re a bot.

The internet infrastructure company has an alternative tool to check whether you’re human—and it doesn’t force you to pick out buses in tiny boxes.

Private Access Tokens are powerful tools that prove when HTTP requests are coming from legitimate devices without disclosing someone's identity. They are simple to set up and test — and so, on Thursday, we're inviting you to try out Private Access Tokens on your own server.

Update 2014-01-17 I'm updating this post to include a slightly revised version of the Pyramid.  The only real change I made was that I adde...

Utilize JA3 with JA3S as a method to fingerprint the TLS negotiation between client and server

What are browser fingerprints? How accurate are they at tracking us? Do they work on smartphones at all?

A Winnipeg man says a little-known program allowed his credit card company to share his credit card number with a merchant before he even had the card himself.

Try Appdome's Unified Mobile App Defense platform, continuous mobile app security, anti-fraud, anti-malware, anti-bot, geo compliance, more in Android & iOS apps in CI/CD.

This blog post introduces an analysis of Digital Identities and their various architectural models. The paper focuses on the impact of identities on the Web and users, particularly on privacy, security, and human rights, the role that Web standardization may play in managing that impact and how collaboration among various stakeholders can mitigate these threats.

An app for scaring away malware

Your work laptop should be for work only, experts warn

Decoupling the authorization module can bring about a host of benefits. But what are the complexities of this approach? And how can they be addressed? In this guide, you can familiarize yourself with the important technical aspects of decoupling authorization.

A guide to the most common access control terms. Learn how to integrate MAC and DAC and RBAC, and how the rise of FGA can help your application access control.

The volume of critical coverage of China's proposed digital ID system in Western media stands in stark contrast to the near-total absence of coverage, critical or otherwise, of digital ID systems being developed by Western governments.

Neatnik Notes

Internet users leave many traces on websites and online services. Measures such as firewalls, VPN connections and browser privacy modes are in place to ensure a certain level of data protection. However, a newly discovered security loophole allows bypassing all of these protective measures.

Our latest research has found that clickable links on websites can often be redirected to malicious destinations. We call these "hijackable hyperlinks" and have found them by the millions across the whole of the web, including on trusted websites.

Protect your photos and videos with Ente - a secure, cross-platform, open source, encrypted photo storage app. Automatic backups, end-to-end encryption, collaborative albums, family plans, free trial, library-sync, 1-click import, human support, locked photos, live photos, descriptions, private sharing, search and more.

Learn the differences between Mandatory Access Control (MAC) and Discretionary Access Control (DAC) and how to leverage both for application authorization.

Tomas Gutierrez L. personal website (0x00)

[Lesley Carhart, Public Universal Cyber-Pal]

Let's generate a secure, totally in-browser XKCD password.