The Dropped Washer Effect
kenivanov.com, April 2023
In this paper we discuss a class of production/manufacturing failures that are capable of creating subtle, hard-to-trace flaws in the product, that present a significant risk to the product users and can occur despite reasonable quality assurance efforts undertaken by the manufacturing team.
Antivirus 2017: Security with a hint of surveillance
(IN)SECURE Magazine, issue 53, March 2017
It appears that Kaspersky Antivirus uses controversial techniques to get access to information received and sent by the computer user over protected communication channels, such as HTTPS and TLS. The article aims to explain why this is bad even if there is no actual wiretapping involved. This article was published in March 2017, half a year before the NSA accused Kaspersky of using its antivirus for spying over its contractors.
Autonomous collision attack on OCSP services
arXiv.org, September 2016
OCSP, a protocol heavily relied upon by PKI trust environments, is subject to two important design flaws which significantly reduce its security capabilities and can be exploited by a malicious third party to produce forged certificate statuses or, in the worst-case scenario, forged certificates.
Share with the world: who reads my data in the cloud?
(IN)SECURE Magazine, issue 41, February 2014
The publication unveils the risks arising from storing data in the cloud and discusses technical measures that could help mitigating some of them. Encryption at rest through the use of client-side encryption is one of the options.