Is cloud security all about emotional marketing?

I still find it interesting that when I mention “hardware security” to someone, my “pitch” is over, done, finished. Like if no-one realized that every cloud needs physical servers to run on. Everything cloud is marketed as “secure”, but are we really in control of our data?

Continue reading Is cloud security all about emotional marketing?

KeyChest – FREE plan and track for 100% HTTPS uptime

We have been using Letsencrypt certificates for a year now. As it is free, we have been constantly increasing the number of services using it. I personally like the three months validity as it makes renewals a “business as usual” task, rather than incidents. But it doesn’t happen through magic.

Continue reading KeyChest – FREE plan and track for 100% HTTPS uptime

DEFCON web certificate expires – what’s going on?

I just wanted to check whether the Agenda has been updated … well, I guess it wasn’t. defcon.org uses HSTS so it’s pretty tricky to access the web even with a “red bar”.

Continue reading DEFCON web certificate expires – what’s going on?

Black Hat 2017 USA – OpenCrypto: Unchaining the JavaCard Ecosystem

We have been working with University College London (UCL) for a while and one of the results is an easy to use implementation of cryptographic functions for JavaCards. We will be briefing on this at Black Hat 2017 USA.

Continue reading Black Hat 2017 USA – OpenCrypto: Unchaining the JavaCard Ecosystem

WannaCry – A Stop of A Never-Ending Journey

Ok, everyone seems to be writing about it so here’s my take so far. A professional code of malware extended in a pretty silly way that somehow got into computers of companies. And hackers collected well below $100,000.

Continue reading WannaCry – A Stop of A Never-Ending Journey

Do you have screenshots of your crypto platform?

We basically gave up on going to startup events for now. I know It’s not good for marketing or when you look for equity investment. We just got tired of trying to explain what a “platform” is good for. Everyone expects a flashy demo or screenshot of your app.

Continue reading Do you have screenshots of your crypto platform?

Does Amazon Want To Control All Encryption Keys?

Public cloud providers have absolute control over our data, applications, everything we do on their cloud platform. Independent key management lowers users’ risk exposure and as such is in the interest of cloud providers. Well, Amazon AWS has different thoughts.

Continue reading Does Amazon Want To Control All Encryption Keys?

VPN for Companies – “Bring Your Own Device” Made Easy

We pushed hard to extend our Private Spaces and make them a great choice for companies to connect roaming users (and their own devices, while providing a high-level of security for BYOD policies).

Continue reading VPN for Companies – “Bring Your Own Device” Made Easy

Unbreakable Encryption with Secure Hardware and Geopolitics

From supercomputers to IoT – processors (or chips) are everywhere. Computer chips protecting our privacy and security would first travel the world to get designed, fabricated, and personalized. Even if we had an unbreakable encryption algorithm, it may be defeated by its manufacturing. Let’s exploit superpowers and their influence to create a practical unbreakable encryption.

Continue reading Unbreakable Encryption with Secure Hardware and Geopolitics

Think OpenVPN is easy? Think again as it’s worth it

We decided for OpenVPN to build secure connections to our Private Spaces. We braced for difficulties, but that was only the beginning. The point of this post is that integration testing does make a difference. And that OpenVPN is a very nice tool!

Continue reading Think OpenVPN is easy? Think again as it’s worth it