Collaborate Disseminate
Computers blue-screen-of-death around the world! The Paris Olympics is at risk of attack! And the FBI pull off the biggest sting operation in history by running a secret end-to-end encrypted messaging app! All this and much much more is discussed in th… Continue reading Smashing Security podcast #382: CrowdStrike, Dark Wire, and the Paris Olympics
I’m building a PHP website using MySQL as a database for an event managing system. I want to store user data so when they sign up for an event they can just verify information and submit, rather than re-inputting the information over and o… Continue reading How do I encrypt and store user data?
SSL, nowadays TLS, encrypts traffic between the server and client. However, the certificate is only valid for a certain period of time until its expiration.
What I don’t understand is, why does TLS even expire in the first place? Its purpo… Continue reading ELI5: If SSL encrypts traffic, why does it expire?
I’m developing a multi-platform application using Flutter, which involves sensitive user data and requires both online and offline accessibility. To enhance security and usability, I am considering implementing a local password recovery me… Continue reading Is local password recovery for each device a viable security approach?
Ah, generic unbranded IP cameras. Safe, secure? Probably not. [Alex] has been hacking around with one of his very own, and he’s recently busted the thing wide open. Determining that …read more Continue reading Hacking an IP Camera To Run Your Own Software
In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Gupta rec… Continue reading Overlooked essentials: API security best practices
This is a follow-up of these two questions about using the TPM to store application’s keys. While both have great answers, there is a specific aspect I am missing:
How safe are the keys inside the TPM against another (malicious) app trying… Continue reading How safe are my app’s keys inside the TPM against other apps trying to impersonate mine?
I have a table in Postgres that stores phone numbers. Since phone
numbers are considered PII, I cannot store them as plaintext.
For other PII fields, I use AES-256-CBC. However, the requirements are that phone numbers are
part of a unique… Continue reading Searchable encryption for phone numbers
We have a service running on AWS. This service uses secrets such as API keys of third party services (in other words: secrets which do not rotate automatically). These secrets are stored in AWS secretsmanager. Let’s call this the "tra… Continue reading can non-rotatable secrets be stored in ciphertext form in a DB/file/etc.?
Organizations are ramping up their use of encrypted traffic to lock down data. Could they be making it easier to hide threats in the process? On one hand, encryption means enhanced privacy, but it can also make the job of security analysts much harder…. Continue reading Encrypted traffic: A double-edged sword for network defenders