Is Digital Signature really necessary for an open system considered by FDA’s 21 CFR Part 11?

21 CFR Part 11’s Subpart B for Electronic Records has a section on ‘Controls for Open Systems" stating that:

Persons who use open systems to create, modify, maintain, or transmit
electronic records shall employ procedures and control… Continue reading Is Digital Signature really necessary for an open system considered by FDA’s 21 CFR Part 11?

multiple machines sync without single point of failure

I use various Linux machines where I like to sync some config and other important files. This is a security risk, as an intruder on one machine could easily modify some script that would be propagated to the other machines automatically.
T… Continue reading multiple machines sync without single point of failure

Is hashing a digital signature for quick (but incomplete) validation a known and/or acceptable practice?

Let’s say that there’s a known digital signature issued by a trusted CA.
Normally, digital signatures need to be evaluated: checked if they are expired, revoked, if there’s a problem in the chain of trust. However, if these aspects are a g… Continue reading Is hashing a digital signature for quick (but incomplete) validation a known and/or acceptable practice?

Mails invalid signature because of encoding of periods in quoted printable [migrated]

I‘m sending a mail encoded with quoted printable encoding that contains some dots .. There is a problem with a specific mailserver/customer. For some reason, they receive the mail in such a form that each dot is encoded as =2E ultimately b… Continue reading Mails invalid signature because of encoding of periods in quoted printable [migrated]

What is the rationale for signing apk with all schemes under MASTG-TEST-38? [closed]

Under OWASP MASTG-TEST-38, what is the rationale for

Make sure that the release build has been signed via … all the
three schemes for Android 9 (API level 28) and above, and that the
code-signing certificate in the APK belongs to the de… Continue reading What is the rationale for signing apk with all schemes under MASTG-TEST-38? [closed]