Data Safety and Information Security

Data Safety and Information Security

749 bookmarks
Custom sorting
*Privacy Not Included: A Buyer’s Guide for Connected Products
*Privacy Not Included: A Buyer’s Guide for Connected Products
All 25 car brands we researched earned our *Privacy Not Included warning label – making cars the worst category of products that we have ever reviewed
·foundation.mozilla.org·
*Privacy Not Included: A Buyer’s Guide for Connected Products
SBOMs, SBOMs Everywhere
SBOMs, SBOMs Everywhere
Security organizations like OWASP and the OpenSSF are working to make tooling more accessible and dev-friendly to drive adoption and wider usage.
·thenewstack.io·
SBOMs, SBOMs Everywhere
Why PayPal's global Passkey Rollout makes sense: September 2023 Update & Insights into Passkey-Readiness
Why PayPal's global Passkey Rollout makes sense: September 2023 Update & Insights into Passkey-Readiness
This article is about the analysis of passkey-readiness and how things have changed from 2022 to 2023. Detailed real-life data that has been gathered over the past 12 months is analyzed. Findings regarding the type of passkeys (synced vs. non-synced), specific operating system and browser combinations are discussed, as well as three sample projects.
·corbado.com·
Why PayPal's global Passkey Rollout makes sense: September 2023 Update & Insights into Passkey-Readiness
Introducing Proof-of-Work Defense for Onion Services | Tor Project
Introducing Proof-of-Work Defense for Onion Services | Tor Project
Today, we are officially introducing a proof-of-work (PoW) defense for onion services designed to prioritize verified network traffic as a deterrent against denial of service (DoS) attacks with the release of Tor 0.4.8.
·blog.torproject.org·
Introducing Proof-of-Work Defense for Onion Services | Tor Project
AI generated porn: A dark side of AI -
AI generated porn: A dark side of AI -
AI generated porn is one of the worst sides of the technological advancements. Just like every coin has two sides, just like everything has good as well as
·unravelfuture.com·
AI generated porn: A dark side of AI -
Why is .US Being Used to Phish So Many of Us?
Why is .US Being Used to Phish So Many of Us?
Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the…
·krebsonsecurity.com·
Why is .US Being Used to Phish So Many of Us?
What is Relationship-Based Access Control (ReBAC)? | Permit
What is Relationship-Based Access Control (ReBAC)? | Permit
What is Relationship Based Access Control, when should it be used, how can you implement it in your application, and how can you provide a UI for managing it?
·permit.io·
What is Relationship-Based Access Control (ReBAC)? | Permit
We're Living in a Passwordless World
We're Living in a Passwordless World
From passwords to passwordless — learn about how to elevate your authentication security.
·developer.okta.com·
We're Living in a Passwordless World
What Are You Securing? - DevOps.com
What Are You Securing? - DevOps.com
In the case of information security, we need to ask, “What, exactly, are we trying to protect?” Don MacVittie explains.
·devops.com·
What Are You Securing? - DevOps.com
Invisible QR codes embed object data into infrared tags
Invisible QR codes embed object data into infrared tags
Barcodes and QR codes feel like they’re everywhere nowadays, but they don’t have to be. Scientists at MIT have developed an invisible tagging system called BrightMarker, which embeds fluorescent tags into objects that can be viewed and tracked through an infrared camera.
·newatlas.com·
Invisible QR codes embed object data into infrared tags
Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.
Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.
In large metropolitan areas, tourists are often easy to spot because they're far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions…
·krebsonsecurity.com·
Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.
Hardening repositories against credential theft
Hardening repositories against credential theft
Some best practices and important defenses to prevent common attacks against GitHub Actions that are enabled by stolen personal access tokens, compromised accounts, or compromised GitHub sessions.
·github.blog·
Hardening repositories against credential theft
AI decodes Darknet slang | Deeplab.com
AI decodes Darknet slang | Deeplab.com
Scientists successfully taught advanced neural network sophisticated Darknet slang recognition capabilities
·deeplab.com·
AI decodes Darknet slang | Deeplab.com
Teach a Man to Phish and He’s Set for Life
Teach a Man to Phish and He’s Set for Life
One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects…
·krebsonsecurity.com·
Teach a Man to Phish and He’s Set for Life
Who and What is Behind the Malware Proxy Service SocksEscort?
Who and What is Behind the Malware Proxy Service SocksEscort?
Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service…
·krebsonsecurity.com·
Who and What is Behind the Malware Proxy Service SocksEscort?
FBI Seizure of Mastodon Server is a Wakeup Call to Fediverse Users and Hosts to Protect their Users
FBI Seizure of Mastodon Server is a Wakeup Call to Fediverse Users and Hosts to Protect their Users
We’re in an exciting time for users who want to take back control from major platforms like Twitter and Facebook. However, this new environment comes with challenges and risks for user privacy, so we need to get it right and make sure networks like the Fediverse and Bluesky are mindful of past...
·eff.org·
FBI Seizure of Mastodon Server is a Wakeup Call to Fediverse Users and Hosts to Protect their Users
A Modern Approach to Securing APIs
A Modern Approach to Securing APIs
Developers and security teams should work together toward a scalable, flexible, multilayered approach for any type of workload in any environment.
·thenewstack.io·
A Modern Approach to Securing APIs
RFC 9446: Reflections on Ten Years Past the Snowden Revelations
RFC 9446: Reflections on Ten Years Past the Snowden Revelations
This memo contains the thoughts and recountings of events that transpired during and after the release of information about the United States National Security Agency (NSA) by Edward Snowden in 2013. There are four perspectives: that of someone who was involved with sifting through the information to responsibly inform the public, that of a security area director of the IETF, that of a human rights expert, and that of a computer science and affiliate law professor. The purpose of this memo is to provide some historical perspective, while at the same time offering a view as to what security and privacy challenges the technical community should consider. These essays do not represent a consensus view, but that of the individual authors.
·rfc-editor.org·
RFC 9446: Reflections on Ten Years Past the Snowden Revelations