Data Safety and Information Security

Data Safety and Information Security

746 bookmarks
Custom sorting
Digital Threat Modeling Under Authoritarianism - Schneier on Security
Digital Threat Modeling Under Authoritarianism - Schneier on Security
Today’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and make judgments accordingly. Arriving at any conclusion is an exercise in threat modeling. In security, threat modeling is the process of determining what security measures make sense in your particular situation. It’s a way to think about potential risks, possible defenses, and the costs of both. It’s how experts avoid being distracted by irrelevant risks or overburdened by undue costs...
·schneier.com·
Digital Threat Modeling Under Authoritarianism - Schneier on Security
Early Access to Dynamic Authorization
Early Access to Dynamic Authorization
The first six chapters of my new book, Dynamic Authorization: Adaptive Access Control, are now available in Manning’s Early Access Program. The book explores why authorization is still misunderstood, and how new tools like Cedar enable secure, flexible systems that also improve employee and customer experience.
·windley.com·
Early Access to Dynamic Authorization
The DNSSEC Illusion: 16 TLDs revealed the hidden fragility in DNSSEC ops
The DNSSEC Illusion: 16 TLDs revealed the hidden fragility in DNSSEC ops
For years, a European TLD ran their DNSSEC toolchain without incident. Everything “just worked.” Updates were rare, and no one touched the setup. Then their only DNSSEC expert left. What looked like stability turned out to be fragility. The system wasn’t resilient — it was dependent on one person’s
·blog.nlnetlabs.nl·
The DNSSEC Illusion: 16 TLDs revealed the hidden fragility in DNSSEC ops
Privacy Is Like Broccoli
Privacy Is Like Broccoli
Improving privacy can get overwhelming at first. It's important to move one step at a time, but remain persistent. Good privacy is like good health habits.
·privacyguides.org·
Privacy Is Like Broccoli
It's Time to Evolve Authentication Security
It's Time to Evolve Authentication Security
Keep applications secure with strong authentication security. Apply actionable steps and learn key takeaways to securing and building apps that elevate identity assurances.
·developer.okta.com·
It's Time to Evolve Authentication Security
Ambient age verification
Ambient age verification
Newgrounds, a gaming forum, has some clever ways for non-intrusively complying with the shambling disaster that is the "UK Online Safety Act". For years, I've been doing something similar to this when generating internal reports on DNA Lounge demographics: e.g., if someone bought a ticket for an 18+ event 5 years ago, they must be at least 23 years old now. Newgrounds: Here is our current ...
·jwz.org·
Ambient age verification
Whimsical elliptic curves in Zcash zero knowledge proofs
Whimsical elliptic curves in Zcash zero knowledge proofs
Several elliptic curves which Zcash uses in zero knowledge proofs are named after characters from Lewis Carroll: Jubjub, Bandersnatch, Tweddledee, Tweedledum
·johndcook.com·
Whimsical elliptic curves in Zcash zero knowledge proofs
Identity and behaviour
Identity and behaviour
In Object Oriented programming, identity and behaviour are often conflated. But it can be usefuk to think of them as different concepts.
·ismaelcelis.com·
Identity and behaviour
Encrypting Files with Passkeys and age
Encrypting Files with Passkeys and age
Encrypting files with passkeys, using the WebAuthn prf extension and the TypeScript age implementation.
·words.filippo.io·
Encrypting Files with Passkeys and age
Zero Knowledge Proofs Alone Are Not a Digital ID Solution to
Zero Knowledge Proofs Alone Are Not a Digital ID Solution to
In the past few years, governments across the world have rolled out digital identification options, and now there are efforts encouraging online companies to implement identity and age verification
·eff.org·
Zero Knowledge Proofs Alone Are Not a Digital ID Solution to
The “Bubble” of Risk: Improving Assessments for Offensive Cybersecurity Agents - CITP Blog
The “Bubble” of Risk: Improving Assessments for Offensive Cybersecurity Agents - CITP Blog
Authored by Boyi Wei Most frontier models today undergo some form of safety testing, including whether they can help adversaries launch costly cyberattacks. But many of these assessments overlook a critical factor: adversaries can adapt and modify models in ways that expand the risk far beyond the perceived safety profile that static evaluations capture.  At […]
·blog.citp.princeton.edu·
The “Bubble” of Risk: Improving Assessments for Offensive Cybersecurity Agents - CITP Blog
Magic Links Have Rough Edges, but Passkeys Can Smooth Them Over
Magic Links Have Rough Edges, but Passkeys Can Smooth Them Over
Magic links, those emailed one-time login links, are annoying and inconvenient for folks who use a password manager, but they radically accept some fundamental truths about signing in for everyone else. By layering passkeys on top of magic links, websites can provide a seamless authentication experience for all users.
·rmondello.com·
Magic Links Have Rough Edges, but Passkeys Can Smooth Them Over
What We Wish We Knew About Container Security
What We Wish We Knew About Container Security
What we’ve learned the hard way: Isolation might be the most important primitive in distributed computing that we still haven’t gotten right.
·thenewstack.io·
What We Wish We Knew About Container Security
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report…
·krebsonsecurity.com·
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
Crowdsourcing SIGINT: Ham Radio At War
Crowdsourcing SIGINT: Ham Radio At War
I often ask people: What’s the most important thing you need to have a successful fishing trip? I get a lot of different answers about bait, equipment, and boats. Some people tell me beer. Bu…
·hackaday.com·
Crowdsourcing SIGINT: Ham Radio At War
5 common authentication methods for NHIs | Cerbos
5 common authentication methods for NHIs | Cerbos
Understand the common authentication methods used for NHIs, each method's architecture, typical use cases, and real-world security posture.
·cerbos.dev·
5 common authentication methods for NHIs | Cerbos
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to have been…
·krebsonsecurity.com·
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS
Trust Math, Not People
Trust Math, Not People
The Dangerous Illusion of Trustless Systems
·notesfromthecircus.com·
Trust Math, Not People