Tasty » Adam Sampson's security bookmarks

Hacking Team: a zero-day market case study

"This article documents Hacking Team's third-party acquisition of zero-day (0day) vulnerabilities and exploits. The recent compromise of Hacking Team's email archive offers one of the first public case studies of the market for 0days."

to economics exploit security ... on 15 September 2016

Peter Gutmann's Home Page

"My research interests cover the design and analysis of security systems and security usability, including the application of concepts from cognitive psychology to understanding how users interact with security systems, and whatever else happens to catch my interest." Denizen of a variety of security/crypto mailing lists; lots of interesting stuff to read.

to crypto security systems usability usable-security ... on 15 September 2016

WireGuard: fast, modern, secure VPN tunnel

VPN protocol based on Noise and straightforward public/private key mappings -- I rather like this design.

to crypto networking noise security vpn ... on 15 September 2016

Checked C - Microsoft Research

C with bounds checking. Very C++-ish; I was hoping they'd done something smarter.

to bounds-checking c language-design safety security ... on 28 August 2016

Why Smart Contracts Fail: Undiscovered bugs and what we can do about them – Medium

Turns out that if you build a digital cash system where people can write code to specify behaviour, then that code has bugs in it. Who'd have thought it?

to blockchain bugs ethereum security static-analysis ... on 28 August 2016

Teaching cybersecurity to criminologists – Bentham's Gaze

Not unlike our DADA module.

to elective security teaching ... on 21 June 2016

Embedded in Academia : Multi-Version Execution Defeats a Compiler-Bug-Based Backdoor

Using varan, a tool that compares execution traces of programs built in different ways, to detect a compiler fault. Neat!

to compiler debugging security varan ... on 28 February 2016

Git as an Encrypted Distributed Version Control System

"This thesis develops and presents a secure Git implementation, Git Virtual Vault (GV2), for users of Git to work on sensitive projects with repositories located in unsecure distributed environments, such as in cloud computing. This scenario is common within the Department of Defense, as much work is of a sensitive nature."

to encryption git scm security ... on 28 February 2016

What's worked in computer science

Looking back at Lampson's conclusions.

to cs history research risc security strategy ... on 28 February 2016

Open Rights Group - Responding to "Nothing to hide, Nothing to fear"

A fairly short article with a number of excellent examples.

to el0805 org privacy security ... on 28 February 2016