177 results for tags
security x
-
https://csrc.nist.gov/csrc/media/presentations/2024/crclub-2024-10-16/images-media/crypto-club-20241016--hugo--OPAQUE.pdf
The OPAQUE Password ProtocolTue May 13 13:00:56 2025 - permalink -
Authentication, Secret Retrieval, End-to-end security
Hugo Krawczyk, AWS
NIST Seminar – 10.16.2024
Found after re-reading https://datatracker.ietf.org/doc/html/draft-haase-aucpace-02 where OPAQUE was mentioned as winner of the CFRG password protocol competition.
See https://cfrg.github.io/draft-irtf-cfrg-opaque/draft-irtf-cfrg-opaque.html- https://csrc.nist.gov/csrc/media/presentations/2024/crclub-2024-10-16/images-media/crypto-club-20241016--hugo--OPAQUE.pdf
-
FSF announces JShelter browser add-on to combat threats from nonfree JavaScript — Free Software Foundation — Working together for free software
he Free Software Foundation (FSF) today announced the JShelter project, an anti-malware Web browser extension to mitigate potential threats from JavaScript, including fingerprinting, tracking, and data collection.Tue May 13 12:13:26 2025 - permalink -
The project's website is at https://jshelter.org/.- https://www.fsf.org/news/fsf-announces-jshelter-browser-add-on-to-combat-threats-from-nonfree-javascript
-
Ben's Book of the Month: Review of "A Vulnerable System: The History of Information Security in the Computer Age" | RSA Conference
Found on https://www.rsaconference.com/library/Blog/bens-book-of-the-month-review-of-computer-security-and-the-internet, a review of Paul C. van Oorschot's "Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin".Mon May 5 12:45:00 2025 - permalink -
https://www.amazon.com/Vulnerable-System-Information-Security-Computer/dp/1501758942/ref=monarch_sidesheet_title- https://www.rsaconference.com/Library/blog/bens-book-of-the-month-review-of-a-vulnerable-system
-
Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin
Interesting book by Paul C. van Oorschot, recommended by Rik Farrow on the TUHS mailing list https://www.tuhs.org/pipermail/tuhs/2025-May/031832.htmlMon May 5 07:17:33 2025 - permalink -- https://people.scs.carleton.ca/~paulv/toolsjewels.html
-
GitHub repositories of A-Trust
Tools to inspect certificates, test APIs of A-Trust, the provider of signature services such as "Handysignatur" and "ID Austria".Wed Feb 12 08:02:28 2025 - permalink -- https://github.com/A-Trust
-
An exposed apt signing key and how to improve apt security
Fri Dec 13 13:00:16 2024 - permalink -- https://blog.cloudflare.com/dont-use-apt-key/
-
Playing with Oberon in 2019
Blog, mostly about the Plan 9 operating system. Found https://seh.dev/p9sk1/ when searching for information about the dp9ik authentication protocol introduced by 9front.Thu May 23 13:50:16 2024 - permalink -
Other pages I found are
- https://echoline.org/webterm.pdf, explaining Webterm, an HTML5 remote desktop for use with Plan 9[1] which re-
imagines drawterm inside of a browser. The source code is available at https://github.com/echoline/webterm
- https://man.9front.org/6/authsrv- https://seh.dev/oberon/
-
The Language-theoretic approach (LangSec)
The Language-theoretic approach (LangSec) regards the Internet insecurity epidemic as a consequence of ‘ad hoc’ programming of input handling at all layers of network stacks, and in other kinds of software stacks. LangSec posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language, and the respective input-handling routines as a ‘recognizer’ for that language.Mon May 20 16:26:16 2024 - permalink -
The recognition must be feasible, and the recognizer must match the language in required computation power.
Found on the TUHS mailing list https://www.tuhs.org/pipermail/tuhs/2024-May/029846.html- https://langsec.org/
-
Getting the maximum of your C compiler, for security
Found on Sandra Snan's notice https://idiomdrottning.org/notice/AgXNxNMyxT1ZMgpLPMThu May 16 23:09:13 2024 - permalink -- https://airbus-seclab.github.io/c-compiler-security/
-
What is the Small Web? – Aral Balkan
Ideas about reducing the dependence on big companies. See also the author's blog, which contains interesting articles such asFri Feb 23 11:15:43 2024 - permalink -
https://ar.al/2021/11/23/how-to-apply-a-chroma-key-using-imagemagick/
https://ar.al/2018/10/26/version-display-linux-version-information
https://ar.al/2021/08/16/key-mapper-a-visual-tool-for-remapping-keys-and-more-on-linux/
https://ar.al/2019/03/12/reclaiming-your-tilde-and-backtick-with-mac-uk-layout-on-an-ansi-us-keyboard/
https://ar.al/2019/03/11/setting-multiple-key-bindings-for-the-same-action-in-gnome/
https://ar.al/2018/07/18/typographical-typing-habits-for-linux- https://ar.al/2020/08/07/what-is-the-small-web/#fnref:4
-
Using FIDO2 Auth Keys (Yubikey, Solokeys) with MacOS and FreeBSD // hackacad.net
Just what it says in the title.Tue Feb 20 13:43:01 2024 - permalink -- https://hackacad.net/freebsd/2020/03/27/using-fido2-auth-keys-yubikey-solokey-with-macos-and-freebsd.html
-
GPSJAM - daily GPS/GNSS Interference Map
Daily maps of navigation accuracy as reported by aircraft using ADS-B.Mon Feb 12 15:34:10 2024 - permalink -
Provided by John Wiseman- https://gpsjam.org/
-
GPG in Emacs - First Step Towards Data Security
Found on Sacha Chua's blog https://sachachua.com/blog/2024/01/2024-01-01-emacs-news/Thu Jan 4 00:02:04 2024 - permalink -- http://yitang.uk/2023/12/28/gpg-in-emacs-first-step-towards-data-security/
-
DROPSAFE Security, Privacy, Digital Rights, and Nerdy Parenthood
Found via a link on the TUHS mailing list to https://alecmuffett.com/article/108789Tue Jan 2 12:59:19 2024 - permalink -
See https://alecmuffett.com/article/108139 "Hot on the heels of #ChatControl and in the name of “identity” and “consumer choice” the EU seeks the ability to undetectably spy on HTTPS communication; 300+ experts say “no” to #Article45 of #eIDAS #QWAC"- https://alecmuffett.com
-
A demo of the WebAuthn specification
Found in c't 2023-10 (TBC).Fri Nov 17 15:59:56 2023 - permalink -
See also https://passkey.org/ which was mentioned in the same article.- https://webauthn.io/
-
Getting started with Google OpenSK
OpenSK https://github.com/google/OpenSK released by Google is a fully open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.Tue Nov 14 07:41:40 2023 - permalink -
OpenSK is based on the FIDO2 specifications, which combine the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).
The nRF52840 MDK USB Dongle works well with OpenSK. Taking advantage of the UF2 Bootloader, you can easily program the OpenSK by just copying the .uf2-format image to the flash drive.- https://blog.makerdiary.com/getting-started-with-google-opensk/
-
Keyoxide
Verifying online identity with cryptography.Tue May 2 14:31:37 2023 - permalink -
Found via Nicolas Martyanoff's page https://www.n16f.net/about/- https://keyoxide.org/
-
SC4: Secure Communications in a Very Small Code Base
SC4 is a secure communications system specifically designed for (relatively) easy auditability by way of a ruthless commitment to simplicity. SC4 provides the functional equivalent of PGP from the end-user's point of view, but implements it in two order of magnitude less code. The cryptographic core of SC4 is Daniel J. Bernstein's TweetNaCl library (<800 LOC). On top of this we have a variety of UI implementations ranging from 1000 to 5000 LOC. One of these has completed a formal audit to date.Fri Apr 21 17:16:05 2023 - permalink -- https://sc4.us/doc/sc4wp.html
-
Signs of Triviality - Opinions, mostly my own, on the importance of being and other things.
Blog, mostly about network-related things. Found via https://www.tuhs.org/pipermail/tuhs/2023-March/028267.htmlWed Mar 22 11:45:04 2023 - permalink -
Time is an illusion, Unix time doubly so... https://www.netmeister.org/blog/epoch.html
Sharing Secrets https://www.netmeister.org/blog/sharing-secrets.html- https://www.netmeister.org/blog/