DevOps, Security, Whatever
Modern key management in a large organization is primarily described by bureaucratic procedures and compliance requirements due to financial liability. No one personnel hold all the keys required for a task. To minimize the need for trust in a day to day operations, the problem is partially solved with the three basic principles - separation of duties, dual control and split knowledge.
Posted
#Articles
With the current state of technology and the massive “boom” of the implementation of the encryption libraries, decentralized, trustless infrastructure services and the cryptocurrencies, we can expect slow movement toward more resilience in the field of malware development
Posted
#Articles
The Pond is asynchronous, encrypted, forward-secure messaging application written by in Go programming language. The Pond’s graphic interface looks like an email client from the early 90s, but under the surface it’s doing a good job protecting end-to-end communication using common hipster state of the art encryption protocol. To be honest, I had some hard time make its source code running so I have created a guide for you. Let’s analyze it a little bit more.
Posted
#Articles
Inspired by EFF’s, I have decided to analyze some not so well-known secure messaging applications. I am going to analyze only open-source solutions and the first application is Bitmessage. Bitmessage is a decentralized, encrypted, peer-to-peer, trustless communication protocol written in Python with Qt GUI.
Posted
#Articles
Dear friends, I have been publishing weekly mailing list for more than two years, starting in December 2016 and as of today, the few hundreds people signed. As I have only one life and it's moving way too fast, I have decided to stop working on the weekly news and focus more on building things and writing meaningful articles about them.
Posted
#Weekly-News
Dutch security researcher Victor Gevers found misconfigured MongoDB database containing facial recognition and other sensitive information about the Uyghur Muslim minority in China. Looks like the company behind the database is Chinese surveillance company SenseNets.
Posted
#Weekly-News
Ubiquiti network devices are being remotely exploited, via port 10001 discovery service. Results in loss of device management, also being used as a weak UDP DDoS amplification attack: 56 bytes in, 206 bytes out.
Posted
#Weekly-News
Insurance Company says to the Mondelez customer that the NotPetya ransomware attack was an act of cyber war and therefore not covered by the policy.
Posted
#Weekly-News
According to a Reuters investigation, United Arab Emirates used former U.S. intelligence operatives to hack into the iPhones of activists, diplomats and foreign politicians using so-called Karma spyware.
Posted
#Weekly-News
Microsoft's mobile Edge browser begins issuing fake news warnings. It is powered by news rating company NewsGuard. It gives you fake news warning for Wikileaks, so decide for yourself.
Posted
#Weekly-News
35-year-old vulnerability has been discovered in the SCP file transfer utility. According to the advisory impact section, 'Malicious scp server can write arbitrary files to scp target directory, change the target directory permissions and to spoof the client output.'
Posted
#Weekly-News
Personal information of many German politicans were published online. Since then, Police arrested 20 years old suspect.
Posted
#Weekly-News