Collaborate Disseminate
Suppose a packet is encrypted and sent via an insecure channel so that it is intercepted by a malicious third party as well as the intended recipient. As long as a suitable encryption scheme is used, the message should be (practically) unc… Continue reading Can message length be useful information?
Chipmaker investigates a leak of intellectual property from its partner and customer resource center. Continue reading Hackers Dump 20GB of Intel’s Confidential Data Online
A family of N people (where N >= 3) are members of a cult. A suggestion is floated anonymously among them to leave the cult. If, in fact, every single person secretly harbors the desire to leave, it would be best if the family knew abou… Continue reading How could I make the results of a yes/no vote inaccessible unless it’s unanimous in the affirmative, without a trusted third party?
Say I had a centralized OAuth 2 authentication server, a Single Page Application (SPA) in an electron app, and a third-party server. The user launches this SPA, goes through the PKCE flow to obtain an access & refresh token, and is now… Continue reading Using OAuth SPA app to provide third party with access token
I am designing a 3PRM (Third-Party Risk Management) process in a FS company, and I’m curious about how other companies validate their supplier questionnaires.
The system I’m anticipating is (after I’ve issued supplier questionnaires, and … Continue reading Third Party Risk Management: Validating responses from vendors?
The move follows Google’s announcement last May that it would do the same in Chrome by 2022. Continue reading Apple Safari Blocks Ad-Targeting Cookie Support
The only technology “news” I ever hear about go on about “performance this” and “performance that”. I haven’t felt that my computer was “slow” since the 1990s. 20 years ago. Yet this is the only thing I ever hear anyone talk about.
In episode 106 for February 3rd 2020: What you need to know about Facebook’s new off-Facebook activity tool, details about the Ring Android app sending user data to third party trackers, and new developments in the Wawa credit card breach. ** Sho… Continue reading Off-Facebook Activity Tool, Ring App Third-Party Trackers, Wawa Credit Card Breach
The new year has only just begun, and many CISOs and compliance professionals are making third-party risk management a priority. Similar to how those who never received flu shots may suddenly decide to vaccinate during a particularly bad flu seaso… Continue reading Why Third-Party Security is Critically Important in 2020
Consider this scenario. I have a file hosted on AWS with private access. I want the file to be accessible to several authorized users of a web applicaton that I have built. As I am the one authenticating these users, how do I tell AWS to d… Continue reading Inverse of Third Party Authentication