What is Zero-Trust?
The acute lockdown caused by Covid-19 has caused extraordinary changes in companies and for employees and, to put it mildly, significantly increased the importance ...
Read MoreSearch
The Importance of Trust Validation: Microsoft’s Dangerous Mistake
Vulnerability in VSIX signature validation Last year we discovered a vulnerability in the Visual Studio Extension (VSIX) installer, which comes with ...
Read MoreUnfulfilled Expectations: Revoked Certificates in JAR Signing
Oracle JarSigner does not check CRLs In April 2020 we became aware of a conceptual security issue in the Java JarSigner. The JarSigner does not check ...
Read MoreAnalysis of Crypto used by AppVeyor Secure Variables
We recently investigated AppVeyor’s “secure variables” (aka “Encrypt YAML”) feature. We wanted to understand the crypto and algorithms it uses (which is not documen ...
Read More