951

12 and 1 Ideas How to Enhance Backend Data Security

Previously in series Previously, we’ve talked about classic design patterns in backend data security, then about key management goals and techniques. It is important to understand that database security evolved with system administration techniques and programming demands, with cryptography and access controls being complementary features, rather than cornerstones. In classic designs, there are two important drawbacks: 1. Trust tokens: they rely on storing trust tokens somewhere inside the infrastructure.
908

Why we need novel authentication schemes?

Revealing security holes in 5 main methods of authentication Introduction: A Word To Pass Passwords are ultimate keepers of diversity and security. Since Ancient Roman times until now, they are used for one to prove being worthy to get some privilege others do not possess, however strongly desire to obtain. A “magic word”, which one knows and others don’t, opens the door for an opportunity and diversifies an individual selecting them from an enormous crowd.
993

Building secure end-to-end webchat with Themis

Intro While developing components of our products, we love to explore use cases and usability through creating real-world test stands. 0fc is a side-product of WebThemis research: while doing some protocol design for front-end clients with WebThemis services, we wanted to try it in a real-world situation. We’ve set ourselves a novel idea: end-to-end encrypted webchat, inclined towards client anonymity, giving zero trust to the server, built only with typical Themisprimitives.
1,094

Introducing Themis

What is Themis? Themis is a high-level cryptographic services library: a library providing easy to use, highly abstracted set of functions to solve real-world security problems. We would like you to focus on building your software with security taken care of by professionals, instead of scrupulously assembling building blocks into cryptosystems yourself, resolving implementations, platform availability, vulnerabilities and performance contstraints yourself. Themis is designed to provide complicated cryptosystems in an easy-to-use developer infrastructure, suitable for modern rapid development.
787

Releasing Themis into public: usability testing

Experiment: developers with no Themis experience building an application with use of it in 6 hours. Being ready to release Themis, we’ve gathered a few colleagues and decided to make a test run on unsuspecting developers, how would the library blend into their workflows? 1. Introduction While usability testing for user-centric applications has it’s own distinct techniques, standards and frameworks, this is not so typical for a relatively complex and technical library aimed at developers and spanning multiple languages and platforms.
1,811

The Role of WebRTC Technology In Online Security

WebRTC technology is rather new (spearheaded by Google in 2012 through the World Wide Web Consortium). It is a free project that provides browsers with Real-Time Communications. The technology is now widely used in live help customer support solutions, webinar platforms, chat rooms for dating, etc. But there are too little solutions for enhanced safety. It’s weird. Since this technology offers great opportunities in this field. WebRTC opens great opportunities in secure communications online
4,960

Top 5 Anonymous E-mail Providers

In the recent years we hear more and more about on-line security and privacy. People wonder how to be anonymous on the web, securely chat with friends (or business partners) with assurance there’s no third party reading their conversations or send e-mail/share a file which cannot be tapped/intercepted. Concerns are being aired frequently within on-line communities and reported by the mass media. There are a lot of services which only give you the ability to use temporary e-mail (when you do not want to register somewhere with your real e-mail) but do not provide any encryption or secure connection when it comes to anonymity and people would often confuse one with the other.
19,452

Tor: Illegal Weapons

A few years ago, when I was reading some popular weapons forum, I thought of how much a gun might cost at the black market. Actually, I wasn’t going to buy one, as I had an arsenal of legal weapons of my own. I was just curious about it. Let’s see what discoveries I made. One of the samples Disclaimer: Further description is not an instruction of how and where to buy or sell illegal weapons (therefore, i’ll will not provide any links).
53,199

Backdoor in a Public RSA Key

Hello, %username%! When I saw how it works, say that I was shocked is to say nothing. It’s a pretty simple trick, but after reading this article, you will never look at the RSA as before. This is not a way to hijack RSA, but something that will make your paranoia greatly swell. So, imagine that you have access to the generator of an RSA key and you want to give someone the opportunity to get the private key without any factorization and other quantum computers.
62,732

Hacked. A Short Story.

It all started when I was asked (as a freelancer) to configure exim4, so that newsletters would not fall into spam folders. They even sent me a link to a tutorial. I thought the work would take a couple of hours, including the DNS update, but I was wrong. After logging in as root, I started my favorite screen by running the screen -x command as usual, and watched a curious scene in the favorite for many of you /dev/shm folder.
Show me more