Jan Wildeboer’s thread on setting up a cooperative CA inspired me to finally write down (and then forget about them again for over a week) my thoughts on a related topic: Email encryption.
With PGP and S/MIME, we already have two mature solutions for sending encrypted emails that have been around for decades. And while there are a few issues here and there, we can essentially consider the problem solved. If it wasn’t for the UX…
Read moreWith the rise of LLMs and their need for vast amounts of training data, there is also a need for a way to indicate whether data may be used to train such models. This article proposes two ways for websites to opt-out from being crawled for training purposes.
This is done while being fully aware of the limitations of relying on the developers of AI models to respect this convention. Server-side blocks could archive this goal more effectively, but they also rely on the convention of bots identifying themselves by a user-agent, and it is increasingly difficult to maintain a comprehensive list of user-agents used to crawl training data. Establishing a voluntary self-commitment can at least provide a convenient way of dealing with good-faith actors, while at the same time providing a way of identifying bad-faith actors.
Read more
If you remember kobold letters, you already know not to blindly trust emails. But it’s not just HTML emails that can be deceiving. In this article, we’ll take a look at S/MIME and how we can use the concept of invisible salamanders to craft messages that tell each recipient a different story. Let’s talk about Salamander/MIME.
Read more on lutrasecurity.com
Anyone who has had to deal with HTML emails on a technical level has probably reached the point where they wanted to quit their job or just set fire to all the mail clients due to their inconsistent implementations. But HTML emails are not just a source of frustration, they can also be a serious security risk.
Read more on lutrasecurity.com
Since NIST updated its password recommendations in 2017, a lot has changed. Although there are still plenty of applications that rely on the old-fashioned complexity-based rules (lower case, upper case, numbers, special characters… you know the drill), a lot has improved.
Read more on lutrasecurity.comWhen I got rid of my previous Django-based website and switched to Hugo, the idea was to have a low-maintenance website. I didn’t have much time and all the content was quite old. However, I always had the idea of bringing back some of the old content and even adding new articles at some point.
In the last few months I’ve been writing articles for Lutra Security and perhaps it’s time to revive this site as well. But before I really get to it, this site needs a few more features. Articles are not an end in themselves. Ideally a good article should make you think and maybe even start a discussion. For this, we need an option to comment on articles.
Read more
If we reinvent the wheel, it’s safe to say that initially it probably won’t run as smoothly as the one that’s been around for more than 6,000 years. So if all you need is a wheel and you’re not trying to sell a new wheel, it’s a good idea to stick with the existing design. The same goes for software. If you just need a functionality, the best solution is usually to use something that already exists, a library that has already implemented it.
Read more on lutrasecurity.com