Collaborate Disseminate
Let vc be a W3C Verifiable Credential Standard compliant verifiable credential. If I print it out on paper and loose it on the subway, can an attacker pick up the paper, type in the information into a JSON file, upload it to his wallet and… Continue reading Can my name be revealed from a stolen Verifiable Credential?
As the world’s legal entities rush to digitize their processes and transactions, confidence in digital authenticity is in short supply. Thankfully, a single, open and universal protocol that will enable legal entities everywhere to verify the authentic… Continue reading Simplifying legal entity identification in the digital age
When I perform SNMPv3 polls, I still can see the username in plain text in Wireshark. I find that a slight security risk. I mean knowing the username is a little step further ahead compared to not knowing the username nor the password.
I m… Continue reading SNMPv3 polls with encrypted usernames
In October 2017, Yahoo! disclosed a data breach that had leaked sensitive information of over 3 billion user accounts, exposing them to identity theft. The company had to force all affected users to change passwords and re-encrypt their credentials. In… Continue reading Using the random motion of electrons to improve cybersecurity
When using OAuth2 in Azure, why Certificates are more secure than using Secrets?
The Secrets have expiration and are strong, and generated automatically.
The application needs to send a JWT containing a x5t header with the thumbprint of th… Continue reading OAuth2 – What is the advantage of using certificate over client secret credentials? (Azure)
Goal
I have a page which verifies the user’s email address, that has access to their user id. From this page they’re redirected to the login page. I want their username to be filled in already. In other words, passing the username (or emai… Continue reading Is storing a username in session storage a security risk?
I have a raspberry pi that consumes an api. For each device I must provide API keys that for each device is unique.
What want for the client to do is:
Receive from us the device
Plug to the router via ethernet
Leave it to do its job
The … Continue reading How I can provision keys to an IOT device that consumes an API?
Armorblox released a report which highlights the use of language-based attacks that bypass existing email security controls. The report uncovers how the continued increase in remote work has made critical business workflows even more vulnerable to new … Continue reading Language-based BEC attacks rising
Customers of automaker General Motors (GM) and wedding planning company Zola have had customer accounts compromised through credential stuffing, and the criminals have used the access to redeem gift cards. What is credential stuffing? Credential stuffi… Continue reading GM, Zola customer accounts compromised through credential stuffing
SpyCloud published an annual analysis of identity exposure among employees of Fortune 1000 companies in key sectors such as technology, finance, retail and telecommunications. Drawing on a database of over 200 billion recaptured assets, researchers ide… Continue reading Password reuse is rampant among Fortune 1000 employees