Websites routinely include third-party hosted resources - images, scripts, stylesheets and so on. It's now a standard practice. One thing to keep in mind is that if your website includes a JavaScript script from another site (example.org):
technically speaking you’re relying on the security level of the script provider’s server example.org. In case example.org would start serving malicious content, your site including this content might …
Read more
Do you know when Apple Messages send end-to-end encrypted messages?
This note might look unusual but it was sparked by continuous questions I receive about communication confidentiality. If you’re well-versed in security and privacy technology - feel free to skip, most likely you won’t find much things of…
Read more
NIST has published new guidelines relating to security and privacy (I noted recent NIST’s involvement in privacy engineering here). As many of their documents, new guidelines will be influential for security and privacy engineering. Though they’re focused on Digital Identity, the reach will be much broader.
I paid…
Read more
It was never my intention to have a "blog".
Then, as I have found myself increasingly interested in, and doing more and more things, I indentified a need to have a place for writing. It is not a good idea to put my thoughts on my site; I prefer to…
Read more