Collaborate Disseminate
Today I read this blog entry by Yubico regarding Asynchronous Remote Key Generation. This proposal solves, in my view, the largest outstanding problem in the widescale adoption of challenge-response hardware authentication keys.
Some backg… Continue reading Status of Asynchronous Remote Key Generation in the developing WebAuthn standard?
Tripwire announced the results of a research report that evaluated actions taken by the federal government to improve cybersecurity in 2021. Conducted by Dimensional Research, the survey evaluated the opinions of 306 security professionals, including 1… Continue reading Security standards should be strengthened outside the federal government too
The American Petroleum Institute (API) published its 3rd Edition of Standard (Std) 1164, Pipeline Control Systems Cybersecurity, underscoring the natural gas and oil industry’s ongoing commitment to protecting the nation’s critical infrastructure from … Continue reading New standard enhances the cybersecurity of pipeline control systems
Background
I’ve recently joined a rapidly growing small business (from 4 to 20 people in last 12 months) with a very DIY IT setup. It’s fallen to me (I’m a developer so I just happen to be sitting nearest IT world…) to improve their secu… Continue reading Cyber Essentials at a small business (20 employees) that keeps all business data within SaaS
The ETSI committee on Methods for Testing and Specifications (TC MTS) has recently completed a first set of seven standards addressing the testing of the IoT MQTT and CoAP protocols, and the foundational security IoT-Profile. “These new standards fill … Continue reading ETSI completes set of IoT MQTT and CoAP testing standards
From a modular development standpoint, should a "firewall" do anything else than filtering ports?
This leads me to further ask, have there been attempts to reform the terminology from "firewall" to "port filterer&q… Continue reading From a modular development standpoint, should a "firewall" do anything else than filtering ports?
Obviously some manufacturers do not care too much about making their products secure and the vulnerabilities, if any, are only found by volunteer hackers, it at all – for example in IoT products.
Most end users cannot take (advanced) prote… Continue reading Why aren’t governments taking steps to make end-user products more secure in terms of IT security? [closed]
Is there any reason why an information security standard such as ISO 27001 is not getting updated as Information Security field is constantly changing and also the requirements but its latest version is for 2013?
This website claims that (emphasis added):
In PKCS#7 SignedData, attached and detached formats are supported… In detached format, data that is signed is not embedded inside the SignedData package instead it is placed at some external loca… Continue reading What is the PKCS#7 detached signature format?
RFC5958 defines a set of enhancements to the PKCS#8 key serialization format, bumping the version field up to 1 and additionally permitting serialization of public keys for arbitrary asymmetric cryptographic algorithms.
OneAsymmetricKey ::… Continue reading How to encode a public key in PKCS#8?