The Pentester’s Guide to Finding CBC Bit Flipping Vulnerabilities
If you spend enough time poking at web applications, you’ll eventually run into a target that handles session management poorly. You’ll intercept a re…
Testing & QA
⚑ Report a ProblemLatest Testing & QA news from Tech News
All topics
agents
ai
api
architecture
automation
aws
beginners
career
claude
cybersecurity
database
devchallenge
devops
discuss
javascript
llm
machinelearning
mcp
opensource
performance
productivity
programming
python
security
showdev
softwareengineering
testing
tutorial
typescript
webdev
Signing your random numbers is theater. Here's what actually makes randomness trustworthy.
Three of my autonomous agents needed to pick a leader. Each one called random.random() , highest number wins. All three reported they won. Obviously. …
UVS: a draw's fairness as a fact you can recompute — not a certificate you trust
I've built casino slot machines and gaming systems for 15 years. I mostly stayed away from compliance, but once I had to write the official algorithm …
Encrypted Spaces
Fun stuff from Signal devs + edu+MS researchers: E2EE collaborative/social apps using zero-knowledge proofs and other crypto goodness. Servers provide…
rscrypto v0.4.0: Verifying Constant-Time Behavior Instead of Assuming It
Every cryptography library says it's secure and performant. Very few can explain how that security is validated and how that performance is proven aft…
Announcing the Trust Identity Protocol (TIP): HTTPS for the AI Era
Announcing the Trust Identity Protocol (TIP): HTTPS for the AI Era TL;DR. The Trust Identity Protocol (TIP) is a free, open, post-quantum-secure, pate…
Post-quantum cryptography for embedded and IoT: secure boot, TLS and OTA
Post-quantum cryptography is no longer just a research topic. It is starting to affect the way embedded teams design TLS, secure boot, OTA, firmware s…
Digital Signatures: The “Trust Me Bro” Detector for Junior Cybersecurity Engineers
Digital Signatures: The “Trust Me Bro” Detector for Junior Cybersecurity Engineers Subtitle: How digital signatures help prove who signed something, w…
EU Chat Control: What Client-Side Scanning Actually Means for Encryption
The EU's proposed Chat Control regulation would require messaging providers to scan your messages for illegal content before encryption, on your devic…
Why Strict "Zero Trust" Breaks Secret Management (And How We Built a Zero-Persistence Vault Instead)
This is a technical deep dive into the cryptography behind Ennote's enterprise architecture. You can read the original full-length post on our enginee…
Matrix: The Open Protocol for Federated Encrypted Messaging
Signal works well when everyone involved trusts the same company. Matrix is built for the case where they don't — where organizations want to run thei…
Building an Experimental TypeScript Cipher Inspired by 8 Dimensions
Over the last few days, I started an experimental study on cryptography with the goal of better understanding concepts such as symmetric encryption , …
Supply Chain Attacks: When Your Privacy Tool Gets Compromised
On March 29, 2024, Andres Freund — a Microsoft engineer and PostgreSQL contributor — noticed something odd while investigating unexplained CPU usage i…