credelius.com
Why I don’t Trust NIST P-256
12+ min · · Elliptic Curve Cryptography (ECC) looks like a good alternative and a replacement for a more common RSA dominated one, especially when it comes to devices with “weak” CPU’s, the ones that you can… · Shared by 5, including 瑞拿頭
secwale.com
The Cloud Conundrum: S3 Encryption
7 min · · AWS will now encrypt all new data in its Amazon S3 storage service by default. Huge announcement, secure default for the win, sure, but it gives a false sense of security. Here’s how. · Shared by 5, including 瑞拿頭
usenix.org
Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? A: Because Keynote Speakers Make Bad Life Decisions…
2 min · · Some people enter the technology industry to build newer, more exciting kinds of technology as quickly as possible. My keynote will savage these people and will burn important professional bridges,… · Shared by 29, including 瑞拿頭, Daniel Bentes
lspace.swyx.io
Reverse Prompt Engineering for Fun and (no) Profit
10 min · · Pwning the complete prompt source of Notion AI... and why everyone is wrong about prompt injection · Shared by 380, including Ben Tossell, 瑞拿頭, hiten.eth
matthewlinkous.com
Is it worth encrypting?
3 min · · Today, nearly all of our data is backed up to the cloud. Often times our only copy of our important information will live on some far away server outside of our control. This comes with clear privacy… · Shared by 5, including 瑞拿頭
palant.info
TouchEn nxKey: The keylogging anti-keylogger solution
20+ min · · TouchEn nxKey is supposed to combat keyloggers. Instead, this application made writing a keylogger extremely simple, allowed attacking banking websites and more. · Shared by 6, including 瑞拿頭
samcurry.net
Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
20+ min · · During the fall of 2022, a few friends and I took a road trip from Chicago, IL to Washington, DC to attend a cybersecurity conference and (try) to take a break from our usual computer work. While we… · Shared by 25, including Cory Doctorow @pluralistic@mamot.fr, William El Kaim, 瑞拿頭, Elena Neira
palant.info
South Korea’s online security dead end
7 min · · Websites in South Korea often require installation of “security applications.” Not only do these mandatory applications not help security, way too often they introduce issues. · Shared by 8, including 瑞拿頭
crypto.stackexchange.com
Why does my SSH private key still work after changing some bytes in the file?
1 min · · I (for a test) just randomly altered a private RSA key by opening it up in Vim and changing a few bytes. It is the private part of an SSH key pair used for logging in on a remote system. Puzzlingly... · Shared by 18, including 瑞拿頭
webroot.com
What is Social Engineering? Examples and
8 min · · Social engineering is the art of manipulating people so they give up confidential information, which includes · Shared by 5, including 瑞拿頭
franzoni.eu
Password requirements: myths and madness
7 min · · Password requirements are weird. It seems impossible to set a new password in many websites. Why? · Shared by 5, including 瑞拿頭
sgx.fail
SGX.Fail
15+ min · · Table 1 provides an overview of publicly known SGX attacks, what information can be leaked using them, as well as the mitigation strategies for each attack technique. Finally, we also identify whether… · Shared by 7, including 瑞拿頭
github.com
samyk/magspoof - Eagle
· magspoof - MagSpoof is a portable device that can spoof/emulate any magnetic stripe or credit card "wirelessly", even on standard magstripe readers. · Shared by 10, including 瑞拿頭
cronokirby.com
The Paper that Keeps Showing Up
17+ min · · Let’s talk about one of my favorite cryptography papers.This is the paper that keeps showing up. It’s almost comical at this point. It’s shown up 5 times in my last semester at EPFL, across 3… · Shared by 7, including 瑞拿頭