Attackers are searching for online store backups in public folders. Can they find yours?

Too many online store administrators are storing private backups in public folders and exposing database passwords, secret API keys, administrator URLs and customer data to attackers who know where to look. “Exposed secrets have been used to gain… Continue reading Attackers are searching for online store backups in public folders. Can they find yours?

If a locked filing cabinet is stolen along with its key, can you still say it’s locked? GoTo thinks you can

GoTo says that hackers stole its customers’ “encrypted backups.” But they also say the hackers stole the decryption keys.

To say the backups were encrypted is a bit like trying to argue that a locked box is locked, if the key to the locked box is st… Continue reading If a locked filing cabinet is stolen along with its key, can you still say it’s locked? GoTo thinks you can

GoTo now says customers’ backups have also been stolen

GoTo (formerly LogMeIn) has confirmed on Monday that attackers have stolen customers’ encrypted backups from a third-party cloud storage service related to its Central, Pro, join.me, Hamachi, and RemotelyAnywhere offerings. However, the attackers… Continue reading GoTo now says customers’ backups have also been stolen

How data protection is evolving in a digital world

Companies are challenged with more complex hybrid IT environments. They are raising budgets to fend off cyberattacks and keep up as production environments continue to diversify across various clouds, according to Veeam Software. The result is that IT … Continue reading How data protection is evolving in a digital world

How to create, use and backup android signing keys without trusting the computer?

I did a lot of research on how to securely create, use and backup android signing keys (when using Google Play Signing is not an option). The best option seams to be a Yubikey or a Nitrokey HSM 2 and use their pkcs11 capability [0].
Backin… Continue reading How to create, use and backup android signing keys without trusting the computer?