What Is Web Metadata Encryption and Why Is It Important?
Your data may be encrypted when you use https, but what about your metadata? I wrote about metadata and eavesdropping earlier this year – it is, among other things, the URLs of the websites you visit. If attackers can access this information, they can learn some potentially confidential information about you, and you are unlikely […]
WebAuthn: Toward the End of Passwords On the Web
Frequent readers of this blog will know that I am constantly looking for alternatives to passwords. Some reasons are: they can be shared so a system cannot tell who the real user is, they can be forgotten, when stored improperly they can be leaked. Passwords fall into the single-factor category of “something you know” (the […]
How Are Fiber Optic Cables Used For (Physical) Intrusion Detection?
Many of us have fiber optic cable that delivers Internet access to our homes or offices. But optical fiber cable can be used for more than high-speed data transfer. I’m not talking about artwork or illumination, but rather an important security application: physical intrusion detection. Optical fiber types In order to understand how this works, […]
URL Homograph Attacks Can Deceive Anyone
“If it looks like a duck, and it quacks like a duck, it must be a duck!” Or so the famous saying goes. But that isn’t always true on the web or in print. Two symbols can look visually identical and be something completely different. By “different” I mean “be represented by different encodings”. That […]
Fraudsters Use Padlocks, Too: More on Certificate Use and Abuse
A couple of months I wrote here about HTTPS and website security from a user standpoint. I need to add to that because bad guys can also use the digital certificates that make browsers show green padlocks or avoid notices about unencrypted sites. The issue here is that the certificate that lets a site use […]