Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of frustration, they can also be a serious security risk.
This Week In Security: XZ, ATT, And Letters Of Marque
The xz backdoor is naturally still the top story of the week. If you need a refresher, see our previous coverage. As expected, some very talented reverse engineers have gone to work on the code, an…
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks,
including Cross-Site Scripting (XSS) and data injection attacks.
These attacks are used for everything from data theft, to site defacement, to malware distribution.
When you click or press the Like button, you may be disclosing more about yourself than you imagine. You may also be contributing to the bank accounts of Internet scammers.
CITP is releasing a report today based on a two day in-person workshop on the security of the Web Public Key Infrastructure (Web PKI) we held last year.
foaf+ssl: creating a web of trust without key signing parties
The concept of a Web of Trust is most closely associated with Phil Zimmerman and PGP. The basic idea is that by signing each other's keys, usually at things like key signing parties, people could grow the network of keys they trusted to sign or encrypt documents such as email, sign legal documents, etc... The distributed system of trust feels right, but the idea never really took off, even though the keysigning parties must have been fun, probably because they still required physical presence. In foaf+ssl we are also using a Web of Trust mechanism, but as I will show here, this does not require key signing, and furthermore it uses PKI to do this (some may say it subverts PKI to do this). It should therefore be able to grow much faster, and hopefully give us the same benefits.
User Beware: The Fine Line Between Content And Code
Everyone loves themes. Doesn’t matter if it’s a text editor or a smart display in the kitchen, we want to be able to easily customize its look and feel to our liking. When setting up a …
A Comprehensive Guide to SOPS: Managing Your Secrets Like A Visionary, Not a Functionary
Have you heard about SOPS? If you have already been in a situation where you needed to share sensitive information with your teammates, this is for you.
Blog: Google's Threat model for Post-Quantum Cryptography
Read on to understand how Google currently evaluates the threat landscape related to post-quantum cryptography, and what implications this has for migrating from classical cryptographic algorithms to PQC.
When I first used passkeys, I felt they had too many issues to be used in production, but I’ve changed my mind. I recommend these steps for using them.
Authentication is central to securing applications and enabling personalised websites. This post discusses the different forms of authentication used in software.
Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries -- smart security systems vulnerable as tech becomes cheaper and easier to acquire
Police believe a string of nine robberies in Edina have used this tech.