Data Safety and Information Security

Data Safety and Information Security

749 bookmarks
Custom sorting
Kobold letters – Lutra Security
Kobold letters – Lutra Security
Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of frustration, they can also be a serious security risk.
·lutrasecurity.com·
Kobold letters – Lutra Security
This Week In Security: XZ, ATT, And Letters Of Marque
This Week In Security: XZ, ATT, And Letters Of Marque
The xz backdoor is naturally still the top story of the week. If you need a refresher, see our previous coverage. As expected, some very talented reverse engineers have gone to work on the code, an…
·hackaday.com·
This Week In Security: XZ, ATT, And Letters Of Marque
Content Security Policy (CSP) - HTTP | MDN
Content Security Policy (CSP) - HTTP | MDN
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.
·developer.mozilla.org·
Content Security Policy (CSP) - HTTP | MDN
How to spot and avoid Facebook 'Like' scams
How to spot and avoid Facebook 'Like' scams
When you click or press the Like button, you may be disclosing more about yourself than you imagine. You may also be contributing to the bank accounts of Internet scammers.
·cnet.com·
How to spot and avoid Facebook 'Like' scams
Securing the Web PKI
Securing the Web PKI
CITP is releasing a report today based on a two day in-person workshop on the security of the Web Public Key Infrastructure (Web PKI) we held last year.
·freedom-to-tinker.com·
Securing the Web PKI
foaf+ssl: creating a web of trust without key signing parties
foaf+ssl: creating a web of trust without key signing parties
The concept of a Web of Trust is most closely associated with Phil Zimmerman and PGP. The basic idea is that by signing each other's keys, usually at things like key signing parties, people could grow the network of keys they trusted to sign or encrypt documents such as email, sign legal documents, etc... The distributed system of trust feels right, but the idea never really took off, even though the keysigning parties must have been fun, probably because they still required physical presence. In foaf+ssl we are also using a Web of Trust mechanism, but as I will show here, this does not require key signing, and furthermore it uses PKI to do this (some may say it subverts PKI to do this). It should therefore be able to grow much faster, and hopefully give us the same benefits.
·web.archive.org·
foaf+ssl: creating a web of trust without key signing parties
Product Security Plans: What They Are and Why They Matter
Product Security Plans: What They Are and Why They Matter
Product security plans and automating security with security as code offer a new — and better — approach to achieving app and cloud security goals.
·thenewstack.io·
Product Security Plans: What They Are and Why They Matter
User Beware: The Fine Line Between Content And Code
User Beware: The Fine Line Between Content And Code
Everyone loves themes. Doesn’t matter if it’s a text editor or a smart display in the kitchen, we want to be able to easily customize its look and feel to our liking. When setting up a …
·hackaday.com·
User Beware: The Fine Line Between Content And Code
HTTP Sig Demo
HTTP Sig Demo
How to secure BigData or microservices efficiently on the Web
·medium.com·
HTTP Sig Demo
Keyoxide
Keyoxide
Modern and secure platform to manage a decentralized identity based on cryptographic keys
·keyoxide.org·
Keyoxide
Blog: Google's Threat model for Post-Quantum Cryptography
Blog: Google's Threat model for Post-Quantum Cryptography
Read on to understand how Google currently evaluates the threat landscape related to post-quantum cryptography, and what implications this has for migrating from classical cryptographic algorithms to PQC.
·bughunters.google.com·
Blog: Google's Threat model for Post-Quantum Cryptography
3 Steps to Make Logins with Passkeys Reliable
3 Steps to Make Logins with Passkeys Reliable
When I first used passkeys, I felt they had too many issues to be used in production, but I’ve changed my mind. I recommend these steps for using them.
·thenewstack.io·
3 Steps to Make Logins with Passkeys Reliable
Musings on Auth: How do we authenticate?
Musings on Auth: How do we authenticate?
Authentication is central to securing applications and enabling personalised websites. This post discusses the different forms of authentication used in software.
·nicholashairs.com·
Musings on Auth: How do we authenticate?
🔐 The Best Memorable Password Generator ever!
🔐 The Best Memorable Password Generator ever!
The Best Memorable Password Generator ever that is completely free. Easily create secure, unique and strong passwords in no time.
·memorablepasswordgenerator.com·
🔐 The Best Memorable Password Generator ever!