TLS is the fundamental protocol facilitating secure web browsing. Simply speaking it identifies the server identity and establishes an encrypted connection. That’s how we may securely use banking, do shopping, and do other things we take for granted. Establishing such a connection comes with a performance footprint because computation Read More
This April, cryptography and security community have been stirred by a new research from Yilei Chen. If the claimed result held it could potentially impact the security of applied cryptography, especially in the era of quantum computing. This work was very difficult to immediately understand due to its complexity. But Read More
A Russian zero-day exploit purchase site is interested in tools for hacking of Electric Vehicle Charging Stations. This raises a number of questions. Why would anybody want to hack such targets? Also, why would Russian entities (in particular) be interested in such targets? The best answer to these is “good Read More
As privacy engineering is getting more and more mature as a field in some settings experts are creating a "privacy checklist" of things to have. It's useful in design, development, and deployment, but also audits. Many useful things could be added to such a list. Of Read More
The Council of the European Union is a group of representatives of 27 EU governments. The institution continues to investigate the challenges caused by encryption technology. Someone in there recently coined a new policy term “security through encryption and security despite encryption” (in this document). What does it mean? The Read More
Unsecured ways of web browsing are fading away at accelerating pace. Technically this is done thanks to the increased deployment of HTTPS on the of web. Data indicates that above 70% of websites are now accessed via this secured protocol, those numbers quickly increasing. This is an important milestone in Read More
Websites routinely include third-party hosted resources - images, scripts, stylesheets and so on. It's now a standard practice. One thing to keep in mind is that if your website includes a JavaScript script from another site (example.org): <script src=“https://example.org/CoolLib.js"> Read More
Do you know when Apple Messages send end-to-end encrypted messages? This note might look unusual but it was sparked by continuous questions I receive about communication confidentiality. If you’re well-versed in security and privacy technology - feel free to skip, most likely you won’t find much things of Read More
NIST has published new guidelines relating to security and privacy (I noted recent NIST’s involvement in privacy engineering here). As many of their documents, new guidelines will be influential for security and privacy engineering. Though they’re focused on Digital Identity, the reach will be much broader. I paid Read More
Update (April 2019) It was brought to my attention that Brennan center has used some of the research described in the article to fill an amicus curiae (legal opinion to the appeal court) in a case touching election protection from disinformation operations and political advertisement transparency. The rest of the Read More
It was never my intention to have a "blog". Then, as I have found myself increasingly interested in, and doing more and more things, I indentified a need to have a place for writing. It is not a good idea to put my thoughts on my site; I Read More