IoT Security Anti-Patterns

Published on by Junade Ali.

From security cameras to traffic lights, an increasing amount of appliances we interact with on a daily basis are internet connected. A device can be considered IoT-enabled when the functionality offered by its Embedded System is exposed through an internet connected API. Internet-of-Things technologies inherit many attack vectors that appear

Introducing TLS with Client Authentication

Published on by Dani Grant.

In a traditional TLS handshake, the client authenticates the server, and the server doesn’t know too much about the client. However, starting now, Cloudflare is offering enterprise customers TLS with client authentication, meaning that the server additionally authenticates that the client connecting to it is authorized to connect. TLS

AES-CBC is going the way of the dodo

Published on by Vlad Krasnov.

A little over a year ago, Nick Sullivan talked about the beginning of the end for AES-CBC cipher suites, following a plethora of attacks on this cipher mode. Today we can safely confirm that this prediction is coming true, as for the first time ever the share of AES-CBC cipher