Security or convenience, pick one. Background: there is a difference between IDENTIFICATION and AUTHENTICATION. Identification is the equivalent of a userid. Userids are not secret. Authentication is the equivalent of a password. Passwords are secret. Many systems use biometrics like a face scan to BOTH identify a user and authenticate that it is really that […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
DEF CON is Canceled, No Really It is a meme. Every year there are announcements that DEF CON is canceled, but this year it is real. Sort of. DEF CON is the world’s largest hacking convention and has, for years, been held at Caesars in Las Vegas. You may remember that Caesars had an unfortunate […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
The feds are pushing pretty hard to get software makers to create and manage Software Bills of Materials or SBoMs. What the heck is an an SBoM anyway and why is it important. A very non-technical comparison would be the list of ingredients in packaged food. Let’s say you are allergic to some food, say […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
While basically unenforceable, the agreement is a starting point. The US, UK and 23 domestic and international cybersecurity organizations, representing more than a dozen countries, signed on to the Guidelines for Secure AI Development. The Guidelines, complementing theĀ U.S. Voluntary Commitments on Ensuring Safe, Secure, and Trustworthy AI, provide essential recommendations for AI system development and […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Post Quantum Crypto Isn’t The Only Problem – Pre Stone Age Crypto is Also a Problem While some folks are worried about what is going to happen to encryption when quantum computing becomes real, other companies are still using antique crypto. Unfortunately, many of the companies who are using antiques are medical devices and higher […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
The title comes from a folk song written by Pete Seeger in the 1950s, but apparently, software developers are not into folk music. In this case, security researchers are warning that developers are leaving security credentials in public repositories. They found these creds in repositories run by IBM, Digital Ocean, AWS, Gitlab, and others. The […]
Continue reading →
[DISPLAY_ACURAX_ICONS]