For Starters Happy New Year 2023! So recently I remembered that there was this pretty rad but kinda expensive password management device called the Mooltipass, after having read about their original and mini models, I was wondering if they are still around and damn are they around... with a new model.
So there is already stapling options for OCSP Responses and Certificate Transparency data (although I expect CT to be embedded in most certs by now rather than being stapled to the TLS response), so couldnt it be possible to also staple the entire TLSA path to a TLS response in order to maybe get an alternative to the absolutely crazy CA System?
Today is the end of "claims" but rather a full on as-is review. So as already announced on Twitter, I got hand on a few things and the first one that will get a more or less in-depth review is the Solokeys Solo V2. For Transparency I should say though that I got my Solo V2 for free for testing and stuff, which doesnt change the fact that I am backing it on KS.
Webauthn is a beauty. A relatively easy to implement way to allow users a secure 2-Factor experience. (easy enough that I could re-create my Webauthn Sandbox after losing it in my migration, FUN! Well, sarcasm aside, there are a few things I dont like with it, and one of them is the default state of the userVerification Flag. For anyone who isnt all-aware in Webauthn and stuff: more modern Fido2 devices are generally capable of a feature called userVerification, in ...
I have loved Hardware based security for a Fucking eternity, and so I accumulated quite a few different Devices (for the rest of this article, "key" generally refers to the cryptographic keys to avoid confusion) over the years.so now I am going to compare them.
Hi everyone, it's me again (not as if there would be many other options) I rather often have some pretty crazy Ideas and I kinda want to preserve them and also hear what the people think about them and maybe someone picks them up if they are good. so let's start with the first Idea of my set. Many people probably have heard of middleboxes or company-proxies and other similar things which attempt to "legitimately" play a Man in the ...
Hi it's me again. PHP7.2 Released today and I went around to do a quick check of some webhosters to see who can offer it, and well it is abysmal as always. We start off with the big German Hoster Strato which offers PHP 7.1, so far so normal, but they have a "newest version" label right next to it. Their excuse? well testing of course, but the even worse thing was the anser regarding the "newest version label". PHP ...
Hi again. Remember when I wrote about Primeauth the pretty promising and intresting authentication service? Well, to be honest, my trust in them dropped a bit. What happened? Well, let's start from the beginning.
