Why doesn’t file/folder encryption work the way I imagine it should? Can I have the UX I want? Tell me what’s wrong with this idea

I have been looking around at various encryption schemes, and I haven’t found anything exactly like what I want in terms of user experience.
If what I want isn’t a thing, I assume it’s been thought of, but other approaches won out. So can … Continue reading Why doesn’t file/folder encryption work the way I imagine it should? Can I have the UX I want? Tell me what’s wrong with this idea

Apple’s Lockdown Mode

I haven’t written about Apple’s Lockdown Mode yet, mostly because I haven’t delved into the details. This is how Apple describes it:

Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware…

Continue reading Apple’s Lockdown Mode

Hiding Vulnerabilities in Source Code

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. It’s really clever, and not the sort of attack one would normally think about.

From Ross Anderson’s blog:

We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic. One particularly pernicious method uses Unicode directionality override characters to display code as an anagram of its true logic. We’ve verified that this attack works against C, C++, C#, JavaScript, Java, Rust, Go, and Python, and suspect that it will work against most other modern languages…

Continue reading Hiding Vulnerabilities in Source Code

On Risk-Based Authentication

Interesting usability study: “More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication“:

Abstract: Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well…

Continue reading On Risk-Based Authentication

Zoom UX teardown: 5 fails and how to fix them

Valued at over $60 billion and used by millions each day for work and staying in touch with friends and family, the COVID-19 pandemic has helped make Zoom one of the most popular and relevant enterprise applications. On one level, its surge to the top can be summed up in three words: “It just works.” […] Continue reading Zoom UX teardown: 5 fails and how to fix them