secure-links.org
FAQ - s-links
http://www.secure-links.org/faq
Is this an attempt to replace the CA system? No S-links are intended to make the web more secure within the current CA system. They would also remain useful (likely requiring support for new directives) even if CAs were eventually phased out in favor of some alternative system. How will introducers know what to include in s-links? This is up to introducers and not a part of the s-link specification, but introducers can learn pins through explicit signals like HPKP or TACK headers,. The current proposal c...
halkrisk.blogspot.com
Halkrisk: Säkerhet snubblande nära verkligheten: maj 2012
https://halkrisk.blogspot.com/2012_05_01_archive.html
Halkrisk: Säkerhet snubblande nära verkligheten. Torsdag 31 maj 2012. Säkerhetsråd till "vanliga användare". Det senaste dygnet har jag sett två social engineering attacker som båda använder sig av ett en webbadress faktiskt står på det stället man väntar sig, men att innehållet som sedan levereras kommer från angriparen. Det första, lite mindre nytt, är ett exempel på. Den andra är det Michal Zalewski som visar hur en användare. Allt det här går in i min kampanj Stop hogging the end user! Användare ska ...
cipherpal.com
About Cipherpal | cipherpal
https://cipherpal.com/blog/about-cipherpal
Cryptography and privacy in the modern world. 8220;It’s a real pleasure to see scientists, hackers, entrepreneurs, and activists all working hard on crypto, again. Like the good old days.” — @zooko. September 10, 2013. Who am I, and what is this blog about? If this works out well and I have the time, I may expand the scope to include more commentary, try to recruit other contributors for the site, and maybe even add a podcast. Why “Cipherpal”? In the 1990′s, the Cypherpunk movement. Sought to promote the...
alvarofe.github.io
Álvaro · Álvaro Felipe Melchor
http://alvarofe.github.io/page2
Today I am going to write up about how I resolved this crackme. The level of this crackme is easy so it should not be difficult for those with the minimum of knowledge about reversing. This crackme like the majority of them ask for a password that we have to extract it, to bypass the check and win the flag. The first task when we face against these challenges is to know the maximum about the binary. Basically the gather information phase. Statically linked, for. GNU/Linux 2.4.1, stripped. To 0 and then c...
moxie.org
Moxie Marlinspike >> Other Projects
https://www.moxie.org/projects.html
Stories of maniac sailors, anarchist castaways, and the voyage of the S/V Pestilence: a video zine three friends and I made about finding a derelict sailboat, fixing it up, and sailing from Florida to Haiti. Resources for the lowbagger sailor. A project for transcribing anarchist literature into audio format. Mobile security and privacy projects.
blog.rlove.org
Everything you Need to Know about HTTP Public Key Pinning (HPKP)
http://blog.rlove.org/2015/01/public-key-pinning-hpkp.html
Robert Love · Blog. Like it is 2006. Everything you Need to Know about HTTP Public Key Pinning (HPKP). January 20, 2015. Key pinning comprises the most practical hope for TLS security over the next few years, making targeted Certificate Authority-based attacks much riskier. While we wait for new systems built on top of key pinning. HTTP Public Key Pinning (HPKP). Allows website operators to perform opportunistic key pinning, today. Represented by a series of X.509 public key certificates. Website. In...
lorddoig.svbtle.com
Should we make a working group to kill X.509?
https://lorddoig.svbtle.com/should-we-make-a-working-group-to-kill-x509
Sean Doig is writing on the Svbtle. April 10, 2014. Should we make a working group to kill X.509? Tl;dr banter on HN isn’t enough, sign up here. To actually do something. So yesterday I wrote an article about the flawed security of X.509 which you can read here. When it was about 2/3 complete I showed it to my best mate and said. I hope it gets traction. An hour later it’s all over Hacker News. Something like 50,000 uniques, I’ve got strangers lurking in my LinkedIn. Do at this point to solve the issues ...