Sign Up Now!

Sign up and get personalized intelligence briefing delivered daily.


Sign Up

Articles related to "secure"


Security and Cryptography Mistakes You Are Probably Doing All The Time

  • It’s common for people to misuse cryptographic primitives, assume that something is secure by default or use outdated technology/algorithms.
  • It’s entropy, so if we don’t want to force users to include special characters in their passwords, then what is the alternative to keep the entropy high enough?
  • Creating these kinds of passwords satisfies both human and computer aspect of it, in other words, it’s easy to remember and reasonably hard to guess (high entropy, no way to brute force it).
  • Note: In an ideal world, everybody would use a password manager and generate their random super high entropy passwords, but that’s not something we can expect of the average, non-tech savvy user.
  • A lot of people think that Docker containers are secure by default, but that’s not the case.

save | comments | report | share on


Security and Cryptography Mistakes You Are Probably Doing All The Time

  • It’s common for people to misuse cryptographic primitives, assume that something is secure by default or use outdated technology/algorithms.
  • It’s entropy, so if we don’t want to force users to include special characters in their passwords, then what is the alternative to keep the entropy high enough?
  • Creating these kinds of passwords satisfies both human and computer aspect of it, in other words, it’s easy to remember and reasonably hard to guess (high entropy, no way to brute force it).
  • Note: In an ideal world, everybody would use a password manager and generate their random super high entropy passwords, but that’s not something we can expect of the average, non-tech savvy user.
  • A lot of people think that Docker containers are secure by default, but that’s not the case.

save | comments | report | share on


Offering software for snooping to governments is a booming business

  • Two months later Omar Abdulaziz, another Saudi dissident, filed a lawsuit in Israel against NSO Group, an Israeli software company.
  • Mr Abdulaziz alleges that the NSO Group had licensed Pegasus, a piece of spyware that snoops on smartphones, to the Saudi government, which used it to spy on him—and, through him, Khashoggi.
  • But some, including NSO Group, as well as Gamma Group (an Anglo-German firm) and Hacking Team (an Italian one which in April merged with another company to create Memento Labs), sell software to help governments access online data on persons of interest.
  • In a recent case in America “Mr Kidane”, a pseudonymous American with links to Ethiopia, alleged that the Ethiopian government had been spying on him and his family using FinSpy, one of the Gamma Group’s products.

save | comments | report | share on


Security and Cryptography Mistakes You Are Probably Doing All The Time

  • Which is another issue - you don't want your applications to wait for entropy and design logic around possibility of /dev/random blocking, especially considering that you don't need that much entropy...
  • Note: In ideal world everybody would use password manager and generate their random super high entropy passwords, but that's not something we can expect of average, non-tech savvy user.
  • As soon as you receive the password from user - hash it with slow hash function like bcrypt using work factor of at least 12 and erase the clear text password from memory.
  • If you're not gonna use bcrypt make sure to add salt to password to prevent precomputation attacks like rainbow table attack.
  • Therefore, I believe that all of us should take little bit of time to do the necessary research to make sure to avoid stupid mistakes and misconceptions like the ones above.

save | comments | report | share on


Security and Cryptography Mistakes You Are Probably Doing All The Time

  • It’s common for people to misuse cryptographic primitives, assume that something is secure by default or use outdated technology/algorithms.
  • It’s entropy, so if we don’t want to force users to include special characters in their passwords, then what is the alternative to keep the entropy high enough?
  • Creating these kinds of passwords satisfies both human and computer aspect of it, in other words, it’s easy to remember and reasonably hard to guess (high entropy, no way to brute force it).
  • Note: In an ideal world, everybody would use a password manager and generate their random super high entropy passwords, but that’s not something we can expect of the average, non-tech savvy user.
  • A lot of people think that Docker containers are secure by default, but that’s not the case.

save | comments | report | share on


Security and Cryptography Mistakes You Are Probably Doing All The Time

  • It’s common for people to misuse cryptographic primitives, assume that something is secure by default or use outdated technology/algorithms.
  • It’s entropy, so if we don’t want to force users to include special characters in their passwords, then what is the alternative to keep the entropy high enough?
  • Creating these kinds of passwords satisfies both human and computer aspect of it, in other words, it’s easy to remember and reasonably hard to guess (high entropy, no way to brute force it).
  • Note: In an ideal world, everybody would use a password manager and generate their random super high entropy passwords, but that’s not something we can expect of the average, non-tech savvy user.
  • A lot of people think that Docker containers are secure by default, but that’s not the case.

save | comments | report | share on


Security and Cryptography Mistakes You Are Probably Doing All The Time

  • It’s common for people to misuse cryptographic primitives, assume that something is secure by default or use outdated technology/algorithms.
  • It’s entropy, so if we don’t want to force users to include special characters in their passwords, then what is the alternative to keep the entropy high enough?
  • Creating these kinds of passwords satisfies both human and computer aspect of it, in other words, it’s easy to remember and reasonably hard to guess (high entropy, no way to brute force it).
  • Note: In an ideal world, everybody would use a password manager and generate their random super high entropy passwords, but that’s not something we can expect of the average, non-tech savvy user.
  • A lot of people think that Docker containers are secure by default, but that’s not the case.

save | comments | report | share on


Security and Cryptography Mistakes You Are Probably Doing All The Time

  • It’s common for people to misuse cryptographic primitives, assume that something is secure by default or use outdated technology/algorithms.
  • It’s entropy, so if we don’t want to force users to include special characters in their passwords, then what is the alternative to keep the entropy high enough?
  • Creating these kinds of passwords satisfies both human and computer aspect of it, in other words, it’s easy to remember and reasonably hard to guess (high entropy, no way to brute force it).
  • Note: In an ideal world, everybody would use a password manager and generate their random super high entropy passwords, but that’s not something we can expect of the average, non-tech savvy user.
  • A lot of people think that Docker containers are secure by default, but that’s not the case.

save | comments | report | share on


Explainer: Reducing User-Agent Granularity

  • We can ratchet this deprecation over time, beginning by freezing the version numbers in the header, then removing platform and model information as developers migrate to the alternative mechanisms proposed below.
  • User agents will attach the Sec-CH-UA header to every secure outgoing request by default, with a value that includes only the major version (e.g.
  • This proposal assumes that developers with access to JavaScript execution do not need the user agent string in order to determine which resources to load and how they ought to behave.
  • Developers who need this kind of information at request-time could probably migrate to alternative mechanisms like Client Hints.
  • Based on some discussion in w3ctag/design-reviews#320, it seems reasonable to forbid access to these headers from JavaScript, and demarcate them as browser-controlled client hints so they can be documented and included in requests without triggering CORS preflights.

save | comments | report | share on


Do Democrats think the government should be able to get around data encryption?

  • But in cases where encrypted messages are accessed over the course of a criminal or national security investigation by law enforcement, due process must be respected, and public policy should be updated to keep pace with changing technology.
  • Pete Buttigieg: My administration will move beyond the polarized debate and engage all the key stakeholders — including civil liberties groups, technology companies, academics, experts, law enforcement and other government officials, and the public more broadly — to find ways forward that protect the core privacy, security, and economic interests at stake, while ensuring that law enforcement has strong tools to do its job.
  • Andrew Yang: [I] believe in protecting the rights of individuals while allowing the government the ability to investigate crimes and national security threats.

save | comments | report | share on