API security from REDHAT

Use tokens. Establish trusted identities and then control access to services and resources by using tokens assigned to those identities. Use encryption and signatures. Encrypt your data using a method like TLS(see above). Require signatures to ensure that the right users are decrypting and modifying your data, and no one else.Identify vulnerabilities. Keep up with […]

Snowden & Metadata + “”””””

Here are some random key quotes from Snowden’s new book that are of particular interest. On metadata : metadata is data about data ….. …communication(s) is rarely as revealing as its other elements—the unwritten, unspoken information that can expose the broader context and patterns of behaviour. He means to say the real evil of the […]

RISK

this weeks musings….. Risk is a factor in absolutely every decision we make. Ultimately, in a business scenario,I feel its the company ethos, the company culture, that has a bigger impact than a mandate from management when considering IT risk. The majority of companies now absolutely depend on their systems. A large fractured struggling company […]

Attack Ideas

As part of our Information Security week we were asked to create a potential social engineering attack plan. Here’s mine based upon a researched template. What do you think?? ………………………. “WORDPRESS ECOSYSTEM HACK” The WordPress ecosystem is known to have security vunerabilities, (Link: https://www.freecodecamp.org/news/wordpress-vulnerabilities-you-need-to-know-about-and-how-to-fix-them-497a2d8b2c3e/), mainly due to users not updating to the latest version of […]

*panopticon

https://twitter.com/naval/status/1174909057720668160 Naval coincidentally tweeted about the very topic that has now taken over my focus as we began researching and writing about information security at uni this week. I’ve been diving deep on Snowden lately (blog link), all with the angle of – is he paranoid or simply not naiive? https://twitter.com/smussenden/status/1174840444028706816 So are the security […]