Collaborate Disseminate
As cybercrime threatens businesses of all sizes, industries and locations, organizations have realized that the status quo is no longer tenable and that implementing zero trust is necessary. Zero trust is a security model that can be summed up as “Neve… Continue reading Four key tenets of zero trust security
My tech support company now has access to my computer 24/7… instead of our old system where I would email them, set an appointment, and then I would grant them permission to access my computer. A pop-up does appear when they are on scre… Continue reading Remote access at the will of my tech support service
In a new project, we try to clarify how authorization should look like. I’ve been reading up on this for days, but it’s not really clear to me which solution would be the right one to use. Some solutions are not recommended anymore, some s… Continue reading Refresh token rotation or Authorization Code Flow with PKCE
What is the simplest or most common method to read a value, for example a text, from the RAM of a personal computer?
What access requirements are necessary for this? Is a search in a hex dump always required or are there shorter ways?
Too often, we assume that new technology replaces the old, but technology often builds off past generations, ideas, and success, rather than abandoning it altogether. Some people may not realize that past technologies are foundational to new technology… Continue reading Digital key builds on past practices to create a more secure future
In the advent of a “work anywhere, anytime” environment, enterprises face a rapid expansion of diverse users alongside an influx of applications, devices, APIs and microservices. Additionally, the amount of data created and consumed by these users, dev… Continue reading Evolving beyond RBAC: Why ABAC is the future
Gihub removed password authentication:
remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.
fatal: unable to access ‘https://github.com/…/…..git/’: The requested … Continue reading Github.com token authorisation since 13th August, impractical?
X-Forwarded-For header can capture the IP of the client and use this IP to implement access control.
However, the X-Forwarded-For header can be easily spoofed or manipulated.
How to prevent this or is there a better alternative to capture … Continue reading How to prevent spoofing of X-Forwarded-For header?
Earlier this year, Gartner named identity-first security as one of the top security and risk management trends for 2021. Companies have been moving away from traditional LAN edge approaches, and now identity lies at the center of security strategies. M… Continue reading The evolution of identity-first security
We are currently working on an IoT product & having a hard time coming up with a strategy to create a unique password for each device/unit.
I do understand that password based on a function of { serial number, CPU id, MAC address or ti… Continue reading Creating a unique password for each device/unit of the same product