Collaborate Disseminate
Background: My expertise is in machine learning/AI, not cryptography, so I apologize if I’m missing fundamental security concepts. I’m trying to build a privacy-preserving AI agent system and want to understand potential vulnerabilities.
U… Continue reading Does revealing semantic similarity scores between AES-encrypted data create an exploitable side channel?
When thinking of retrocomputing, many of us will imagine machines such as the Commodore 64 or Apple II. These computers were very popular and have plenty of parts and documentation …read more Continue reading Retro Computer Goes Back to the 1950s
I’m designing a web-based screen sharing tool for customer support, where support agents need to view customers’ screens without requiring any software installation.
The flow I’m considering is:
Support agent generates/receives a session … Continue reading Secure session management for browser-based screen sharing support tool
I’m trying to figure out the best approach for handling external requests. I am working on a system where the application is currently sitting outside (DMZ) and the DB is inside. The specific port required for DB access has been opened fro… Continue reading Ideal system architecture for sensitive data access through DMZ
Next month, Peter Mackenzie and I are co-hosting the first Wireless Tech Summit, a Wi-Fi training and certification mini-event. The best part? It will be in-person here in North Carolina! Okay, maybe that’s not actually the best part. The best pa… Continue reading The First Wi-Fi Training and Certification Mini-Event
In our organization, we use a GCP setup with Kubernetes. We generate tons of firewall logs as we provide a digital service that generates a high volume of requests from our users. Storing all these logs is quite costly, especially when you… Continue reading Logging Strategy (high costs for storing all logs)
I am working on a non-internet facing and internal/air-gapped system. The vendor providing the solution has architected their system with the application client and database on the same server.
I am wondering if AIA or multi-tiered archite… Continue reading Is AIA or multi-tier architecture relevant?
Although Moore’s Law has slowed at bit as chip makers reach the physical limits of transistor size, researchers are having to look to other things other than cramming more transistors …read more Continue reading Startup Claims it Can Boost CPU Performance by 2-100X
The InfoSec team of the client I work with has mandated that any customer-facing application’s backend should not directly access the database for that application. They require we create another internal API that is not public and call th… Continue reading Is creating an internal API within a VPN a recommended practice for securing database access for customer-facing applications?
At my organization we have a lot of servers. We have many common manual maintenance tasks that we’d like to automate. There’s currently three approaches we’re fighting over internally:
Ops engineers with access to most if not all servers … Continue reading Are centralized credentials an antipattern?