12 Matching Annotations
  1. Jan 2024
    1. 99% of businesses that fall below the enterprise poverty line.

      This SME focused cybersecurity company called Huntress in their position offer mention an 'enterprise poverty line' for cybersecurity. In the Mastodon message announcing it they call it 'the cybersecurity poverty line'. Meaning a Coasean floor [[Vloer en plafond van organiseren 20080307115436]] I assume?

  2. Mar 2023
  3. Jun 2021
  4. May 2021
  5. Mar 2021
    1. On the other hand, you might notice that this is a pretty goddamn low standard. In other words, in 2016 Android is still struggling to deploy encryption that achieves (lock screen) security that Apple figured out six years ago. And they’re not even getting it right. That doesn’t bode well for the long term security of Android users.

      Compare Android (full-disk) vs Apple (file-based) encryption strategies.

  6. Apr 2020
    1. Without same-origin policy, that hacker website could make authenticated malicious AJAX calls to https://examplebank.com/api to POST /withdraw even though the hacker website doesn’t have direct access to the bank’s cookies.

      Cross-domain vulnerability

  7. Oct 2016
    1. Google revealed Wednesday it had been released from an FBI gag order that came with a secret demand for its customers’ personal information.
    2. Cryptography experts overwhelmingly agree that backdoors inevitably undermine the security of strong encryption, making the two essentially incompatible.
  8. Aug 2016
    1. for people to live in a a society that is free and fair, they need both access to information and the ability to communicate freely
  9. Nov 2014
    1. This criterion requires an independent security review has been performed within the 12 months prior to evaluation. This review must cover both the design and the implementation of the app and must be performed by a named auditing party that is independent of the tool's main development team. Audits by an independent security team within a large organization are sufficient. Recognizing that unpublished audits can be valuable, we do not require that the results of the audit have been made public, only that a named party is willing to verify that the audit took place.