« earlier | later » Page 2 of 11
Certificate notary service -- the idea being both to detect forged (but valid) certificates, and to provide trust in self-signed certs.
to ca certificate notary security tls ... on 14 October 2016
Capsicum Implementation Status
I keep thinking "wouldn't it be nice if someone did capability-based security in Unix userspace" and then forgetting that this project already exists...
to capability capsicum security unix ... on 14 October 2016
Hacking Team: a zero-day market case study
"This article documents Hacking Team's third-party acquisition of zero-day (0day) vulnerabilities and exploits. The recent compromise of Hacking Team's email archive offers one of the first public case studies of the market for 0days."
"My research interests cover the design and analysis of security systems and security usability, including the application of concepts from cognitive psychology to understanding how users interact with security systems, and whatever else happens to catch my interest." Denizen of a variety of security/crypto mailing lists; lots of interesting stuff to read.
to crypto security systems usability usable-security ... on 15 September 2016
WireGuard: fast, modern, secure VPN tunnel
VPN protocol based on Noise and straightforward public/private key mappings -- I rather like this design.
to crypto networking noise security vpn ... on 15 September 2016
Checked C - Microsoft Research
C with bounds checking. Very C++-ish; I was hoping they'd done something smarter.
to bounds-checking c language-design safety security ... on 28 August 2016
Why Smart Contracts Fail: Undiscovered bugs and what we can do about them – Medium
Turns out that if you build a digital cash system where people can write code to specify behaviour, then that code has bugs in it. Who'd have thought it?
to blockchain bugs ethereum security static-analysis ... on 28 August 2016
Teaching cybersecurity to criminologists – Bentham's Gaze
Not unlike our DADA module.
Embedded in Academia : Multi-Version Execution Defeats a Compiler-Bug-Based Backdoor
Using varan, a tool that compares execution traces of programs built in different ways, to detect a compiler fault. Neat!
to compiler debugging security varan ... on 28 February 2016
Git as an Encrypted Distributed Version Control System
"This thesis develops and presents a secure Git implementation, Git Virtual Vault (GV2), for users of Git to work on sensitive projects with repositories located in unsecure distributed environments, such as in cloud computing. This scenario is common within the Department of Defense, as much work is of a sensitive nature."
to encryption git scm security ... on 28 February 2016
« earlier | later » Page 2 of 11
tasty by Adam Sampson.