Tools of Tradecraft: The CIA's Historic Spy Kit
Password manager using age for encryption
Quickly discover and collect indicators of compromise from millions of sources
Leo recognizes IoCs mentioned in articles, and can gather them for you
Smuggling hidden backdoors into JavaScript with homoglyphs and invisible Unicode characters
Researchers urge developers to secure code by disallowing non-ASCII characters
Securing your digital life, part two: The bigger picture—and special circumstances
We did the basics—now let's look at some more detailed steps to protect yourself.
Securing your digital life, part one: The basics
In this first of two parts, we go over some security steps everyone should be taking.
Fides Open Source
Data privacy software for businesses. Fides is a suite of open-source devtools and data tools for developers and privacy teams.
Get a Handle on Software Supply Chain Security with LFX - The New Stack
The Linux Foundation has introduced LFX Security, a new tool to help secure software supply chains. It scans for vulnerabilities using Synk's open source security platform and looks for secrets-in-code and non-inclusive language using BluBracket's automatic scanning functionality.
The Booming Underground Market for Bots That Steal Your 2FA Codes
The bots convincingly and effortlessly help hackers break into Coinbase, Amazon, PayPal, and bank accounts.
Signatures: The secret behind modern end-to-end encryption
Now that most of our communications are digital, a problem arises: How to keep our messages private despite all the intermediaries? Internet Service Providers (ISPs) and Service providers (Facebook, Telegram, Line, WeChat…) are all in a position of Man-In-The-Middle (MITM) and are able to inspect, record, and even modify our communications without our consent or knowledge.
And this is before talking about malicious actors.
ISP - service provide (ex: Chat) - ISP - Bob -- You may think that you have nothing to hide, so it doesn’t matter.
Imperceptible Perturbations
EBCDIC is incompatible with GDPR
Welcome to acronym city! The Court of Appeal of Brussels has made an interesting ruling. A customer complained that their bank was spelling the customer’s name incorrectly. The bank didn̵…
Sequoia-PGP
Sequoia is a modular OpenPGP implementation in Rust.
Top 16 open source intelligence tools (OSINT) to find anyone online
What are the top 16 open source intelligence tools (OSINT) ever made? find anyone online and offline with these tools, hints and tips.
Which browsers are best for privacy?
An open-source privacy audit of popular web browsers.
ThreatMapper: Open source platform for scanning runtime environments - Help Net Security
ThreatMapper is an open source platform for scanning runtime environments for supply chain vulnerabilities and contextualizing threats.
Container security best practices: Ultimate guide - Sysdig
Container security best practices include the full component stack used for building, distributing, and specifically executing the container.
Google distributing 10,000 security keys to journalists, elected officials, human rights activists
Global initiative ‘will definitely prevent some cyber-attacks’, says expert
NFTs, Verifiable Credential, and Picos
The hype over NFTs and collectibles is blinding us to their true usefulness as trustworthy persistent data objects. How do they sit in the landscape with verifiable credentials and picos?
Delivering 10,000 security keys to high risk users
Google’s Advanced Protection Program (APP) improves account security for highly visible at-risk groups, such as elected officials, political campaigns, human rights activists and journalists.
4 Container Orchestration Security Concerns
If you’re looking to use container-based applications, you may want to keep in mind the security risks that come with this technology.
The Rise of One-Time Password Interception Bots – Krebs on Security
6 Kubernetes Security Best Practices - The New Stack
Regardless of where you deploy, this post will help you get a clearer understanding of your role and your options for securing Kubernetes.
Is Network Security Relevant in the Cloud? - The New Stack
network security has to become cloud native.
Cyber security in the public cloud
A brief guide to the network, infrastructure, data, and application security capabilities AWS, Microsoft Azure, and Google Cloud provide to prevent cyber attacks and protect your cloud-based resources and workloads.
How to verify checksum on Mac
Verifying SHA-512, SHA-256, SHA-1 and MD5 checksum on Mac using Terminal
RSA sign and verify using Openssl : Behind the scene
IPython notebook version of this page: openssl_sign_verify
Verification for computer networking: Is it possible?
What tools are available? What are the benefits? Let's find out
Gift cards, serial numbers and hard technology
I bought someone a digital gift card the other day. That’s generally a bad idea, since there’s so much waste and breakage, but it was the right answer to the problem in the moment. The …
How Do Authentication and Authorization Differ? - The New Stack
While related, authentication and authorization are two different concepts that need to be separate steps in an access policy and may well be managed by different teams using different tools.