Real world
Who controls the internet? And should they?
It's not just governments who want to control the internet. But who? Get the answer in a post by Bert Hubert. Explore the most controlled parts of the internet in the world and try not to be upset with conclusions by the end of the article.
Secure Architecture
How do one-time passwords work?
One-time passwords, or one-time pins (OTP) are often used as a second factor when the multi-factor authorisation is enabled. They are calculated using HMAC and simply truncating extra symbols.
RFC4226 was published in December 2005, but if you are not in a mood to read it, check this short article that explains how HOTPs work.
Cryptography
One-Time Programs
And now, what about mailing “encrypted, secure, and unhackable” software to someone who can run it only once on any untrusted computer, using input that the executing party provides?
Literally, these are One-Time Programs. They were first proposed by Goldwasser, Kalai, and Rothblum (GKR) back in CRYPTO 2008. To learn the current state of OTP and maybe build your own one, dig into the paper by Matthew Green from Johns Hopkins University and his colleagues researchers.
SSDLC
How to build software like an SRE
Highly recommended to read. These earned-by-experience tips can expand your understanding of how less/smart “reliability” effort can enable developers to go faster with building software.
Vulnerabilities
Inserting a backdoor into a Machine-Learning system
Inspecting the training data, the model, and the integrity of the training procedure can protect from backdoors in ML systems. But detecting backdoors at the stage where they are inserted and removing them anywhere else is still challenging. Have a look at several examples.
P.S.
Reminds me of a recent Uber incident :)
Building a threat model, remember that sensitive data should also be protected from developers, DBAs and BI teams.
If you are looking for a tool to protect data, do not hesitate to use Acra 😇
Have a nice weekend and see you in two weeks!