Snce 2016, NIST has been assessing light-weight encryption methods, and, in 2022, NIST published the final 10: ASCON, Elephant, GIFT-COFB, Grain128-AEAD, ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak (Table 1). …

Why can’t data in the public cloud be even more secure than an on-premise solution? — Keeping Your Secrets To Yourself — Introduction Increasingly we see an encryption tick-box for data storage in the Cloud. S3 buckets, RDS, DynamoDB and EBS are just four storage services that can be enabled for encryption. With this, we either use the AWS-generated key or the customer-generated in the KMS (Key Management Store). The KMS stores the…

There’s a feeling that on-premise Cloud based systems are always more secure. This is just not the case, and where a data infrastructure running in a public cloud environment can be even more secure. Why? Well, few companies properly run data encryption and strong access control on their on-premise systems…

A vulnerability - tracked as CVE-2021–21974 — on the OpenSLP service is being used to attack unpatched VMWare ESXi servers. At the current time there are hundreds of servers affect, and where France seems to be particularly badly affected. If you use Shodan, then try ‘html:”We hacked your company successfully”…

Well, that was a strange three years. The last major hands-on demonstration I gave at a live event was at 9 Nov 2019 [here]:

Wouldn’t it be annoying if you did a calculation on your calculator and got a certain answer, and then someone with a different calculator go a different answer? Well, that’s what has happened with OpenSSL. So with OpenSSL, you can’t live with it, and you can’t live without it. For…

This week NIST published a new update to its FIPS 186 standard with Version 5, and officially adopted the EdDSA signature in the world of DSS (Digital Sigure Standard) [here]:

In you are into cybersecurity, what standards should you be audited to? Well, the US government defines a number of standards that many companies comply with, and one of the strongest is FIPS (Federal Information Processing Standard) 140. This standard defines a number of levels that define the security level…

In 2022, Foudil and Shafranovich published [here]: