Mexico will require new cell phone users to provide biometric data to the government

Mexico will require new cell phone users to provide biometric data to the government

In addition, it will contain the biometric data of the user, or, where appropriate, of the legal representative of the business registering the cell phone; the user’s address; the data of the telecommunications company, or where appropriate, of the authorized ones; and the contact information for the mobile phone line, either postpaid or prepaid.

I2PChat - Instant Messenger

I2PChat - Instant Messenger

July, 2020 Set ECIES and ED25519 as default sigtype/encryption Add support for optional web page to display user profile at .b32 address Remove insecure DSA_SHA1 from Signature Types Add ECIES (Ratchet) encryption type to new profiles (UI option coming soon!)

Faking an email sender makes a scam email appear legitimate. Since the corona pandemic scammers increasingly fake emails from the WHO.

Faking an email sender makes a scam email appear legitimate. Since the corona pandemic scammers increasingly fake emails from the WHO.

Strict DKIM/DMARC policies in federated organizations might also lead to legitimate emails failing DKIM/DMARC checks and ending up in spam folders.To protect our users from faked emails coming from outside: We have just revamped our DMARC and DKIM checking to be more secure against forgery.

How we built a GDPR compliant website analytics platform without using cookies

How we built a GDPR compliant website analytics platform without using cookies

Remember, the user signature is completely anonymous, and no there’s only ever 1 page view tied to it The hashes we generate are impossible for us to “de-hash” (we’ll explain later in this post).

The Pentagon has a laser that can identify people from a distance—by their heartbeat

The Pentagon has a laser that can identify people from a distance—by their heartbeat

A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser.

Untochat

Untochat

NOTE: If you do not have PGP/GPG software, you can verify the Untochat installation ISO-image by comparing SHA1 and SHA256 hashes, but be warned: DOING SO COULD BE LESS SECURE!

IOS App Trackers Are Collecting Your Personal Data

IOS App Trackers Are Collecting Your Personal Data

New revelations show that iOS apps gather massive amounts of personal data from unsuspecting users, highlighting the need for blockchain solutions to data privacy. Even without saving an entire file on the blockchain, the iOS/Android user can rest assured that the information has not been tampered with.

Remote Code Execution on most Dell computers

Remote Code Execution on most Dell computers

To bypass the Referer/Origin check, we have a few options: Find a Cross Site Scripting vulnerability in any of Dell’s websites (I should only have to find one on the sites designated for SupportAssist) Find a Subdomain Takeover vulnerability Make the request from a local program Generate a random subdomain name and use an external machine to DNS Hijack the victim.

NIST Round 2 and Post-Quantum Cryptography – The New Digital Signature Algorithms

NIST Round 2 and Post-Quantum Cryptography – The New Digital Signature Algorithms

While this algorithm is efficient and fast, there have been recent improvements in attacks (PDF Warning) against the signature scheme GeMSS is based on that suggest that there may be problems that could surface with more research.

Verifying Software Signatures

Verifying Software Signatures

[3] In this instance, "other authentication systems" refers to: [4] Checking Digital Fingerprints of Signed Software [ edit ] Once a user has carefully: Then the file(s) signatures must be verified against the signing key.

Minisign by Frank Denis

Minisign by Frank Denis

Combined with -G, overwrite a previous key pair -v display version number Trusted comments Signature files include an untrusted comment line that can be freely modified, even after signature creation.

Trust Models for Secure Network Connections

Trust Models for Secure Network Connections

by Andrii Fedotov · by Security Zone · Like (1) Comment ( ) Save Tweet {{ articles[0].views | formatCount}} Views Join the DZone community and get the full member experience.

Dropbox buys HelloSign – a lucrative and strategic move

Dropbox buys HelloSign – a lucrative and strategic move

Perhaps DocuSign will survive as a provider to the enterprise market, serving organizations that want to wrap an e-signature service into their own custom workflow automation. Therefore the second element of value for Dropbox coming out of this acquisition is the workflow automation platform that HelloSign brings with it.

How to Sign and Verify a Document or File using PGP

How to Sign and Verify a Document or File using PGP

To verify a document that has been signed with PGP, run this in the command line: gpg --output document.pdf --decrypt document.sig This will output the decrypted “document.pdf” into C:\Users\YourPCName if you have the person who signed the document’s public key.

The Case For Blind Key Rotation

The Case For Blind Key Rotation

The fediverse has settled on using not one but two types of cryptographic signature: Signatures and Deniability When we refer to deniability, what we're talking about is forensic deniability, or put simply the ability to plausibly argue in a court or tribunal that you did not sign a given object.