Heading to Stockholm to be the moderator of another dinner debate with Swedish CISO's about GDPR tonight. Very interesting to discuss and learn from experiences gained by others. Also: all agree compliance is minimum, but you have to do more to stay competitive, and earn your customers trust.
Couldn't agree more!
Jeg har blitt intervjuet av Aftenposten i denne saken om ny forskning på sikkerhet ved bruk av fingeravtrykk på mobiltelefoner. Forskning utført av bl.a. Professor Nasir Memon ved New York University, som var en av mange foredragsholdere på min Passwordscon konferanse på Cambridge, desember 2015.
Totally unbelievable. 😡 Read. 😱 Read again. 🤢
Not offering or enforcing 2FA for the US Senate sounds bad. Did anyone say leaks happens, or that .gov gets hacked?
But having printed pictures of a security chip INSTEAD of a real security chip on PIV cards??? Like WTFSRSLY???
Go senator Wyden!
(And I am nowhere near being a US citizen, nor do I live or work there.)
New BIND 9 versions released (9.11.1, 9.10.5 and 9.9.10). Among other things, this versions contain the new DNSSEC KSK public key (that will be switched between June and October this year)
Forcing the password gropers through a smaller hole with OpenBSD's PF queues http://bsdly.blogspot.no/2017/04/forcing-password-gropers-through.html
I really like simple services that will check & score the security of various services.
https://dnsspy.io/ does exactly that for any domain - for free. Premium services are also available for those interested in monitoring their domain over time. Probably a service of interest to some as well I guess.
"it is time to stop kicking the #encryption football up and down the field... Encryption technologies should be strengthened, not weakened...The Internet Society calls for ubiquitous encryption for the Internet." - http://www.circleid.com/posts/20170407_encryption_and_securing_our_digital_economy/
- information on the server (including the DMs you send) are unencrypted.
- the person who runs your mastodon instance has access to the server and CAN access this unencrypted info. They may do this intentionally or by accident during maintenance.
- this is common across ALL messaging services, but since Mastodon servers can be small, it's easier to do than it would be on other services.
Be aware and toot safely, thanks for everyone who contributed! :sunglasses:
BlaBla: like ChaCha, but 64-bit instead of 32-bit thanks to BLAKE2b's permutation https://github.com/veorq/blabla
Yes, it's me.
As if that would be some awesome magic words you could or should trust in any way.
Founder of PasswordsCon. Infosec speaker, advisor & researcher. CISA, CISM, CISSP, ISSAP. I know your next password. https://password.consulting/
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!