colossus

joined 1 year ago

Why can't we fix email? in c/cybersecurity@infosec.pub

[–] colossus@infosec.pub 3 points 8 months ago* (last edited 8 months ago)

As someone who leads a major MDR and IR service, phishing was the root cause of about 7.5% of incidents last year. Exploits are #1 around 47% of incidents, followed by compromised credentials around 30% of incidents.

This only represents SME and Enterprise. Phishing likely could be #1 for individuals.

permalink
fedilink
source
context

Can RSA be used for web API authentication? in c/crypto@infosec.pub

[–] colossus@infosec.pub 2 points 1 year ago

Sounds like you’re proposing WebAuthn which already exists. Keep in mind that there are attacks against RSA with PKCS1 padding. I’d use a more secure cryptographic primitive than RSA (I.e. elliptic curves) - there’s a reason cryptographic experts don’t look towards RSA these days.

permalink
fedilink
source