Cloud Security – FEDRAMP Standards

The US Federal Risk and Authorization Management Program ( FedRAMP )is a "government-wide program that provides a standardized approach to security assessment authorization" for cloud service provider (CSP) solutions. As a Canadian, that standard provides us guidelines on how to build our own cloud solutions on native soil, but it also lets us take advantage of a lawful standard that commonly used providers, like Amazon, Google, Microsoft, already adhere to.

Fingerprinting Apple Device Types by Sensors

The dark truth about fingerprinting hardware is that it can be used to specifically target particular weaknesses of mobile devices. Using embedded magnetometer, gyroscope, and accelerometer, any web page can determine your device type by serving up some script. What this also means is that a mobile web site tab can pretty much follow you around town all day, even without GPS.

A New Apple Supply Chain Compromise #gatekeeper

Hackers are leaving no stone unturned when it comes to scouring systems and software for an attack vector. Usually, an adversary is looking for one-off anomolies at the low-end of computer programming, the 1's and 0's. A buffer overflow, a protocol fuzzing, some kind of byte-level trickery. Nothing so brazen as a supply chain attack. These attacks are swift, trusted, often skipped during antivirus and malware scanning. Last week I read about a terrible new Apple supply chain compromise.

Two Easy and Effective Ways for Web Developers or Regular Folk to Secure Against Bot Probing.

I've found two easy ways to stop bots from signing up and infiltrating a freshly pressed web site. If you've got no advanced IP (Geo/blacklist) filtering or email address spam checking built into your web-app, you should at least be throttling or hindering bot efforts using the tooling you've got at hand - your web … Continue reading Two Easy and Effective Ways for Web Developers or Regular Folk to Secure Against Bot Probing.