Blog archive

Blog archive

2018

27 Nov 2018

Hiring External Security Team: What You Need to Know

Contrary to popular opinion, security consulting is not limited to pentests and compliance audits. In this article, we’ve outlined the 4 main security-related business risks and charted out the way to help you choose the consulting type that best suits your business.

consulting DGAP GDPR

Read more...


22 Nov 2018

How to Implement Tracing in a Modern Distributed Application

A battle-tested explanation of why tracing is a very useful technique you can benefit from in your projects. A story from the trenches of implementing distributed tracing in our Acra data security suite.

howto development tracing Acra DevOps

Read more...


15 Nov 2018

What Do We Really Need to Encrypt. Cheatsheet

What data is sensitive and needs to be encrypted according to the modern data privacy regulations like GDPR, HIPAA, FFIEC, etc.? This is a cheat sheet and an explanation of how we approach answering these questions.

applied security howto database security GDPR

Read more...


9 Nov 2018

ACRA 0.84.0 NEW HORIZONS

The release of Acra version 0.84.0 marks the new frontier for the data security suite.

products releases Acra documentation

Read more...


28 Sep 2018

ACRA 0.83.0 RELEASE

Key rotation made easy — if client application is compromised, the new AcraRotate utility lets you update storage keys and re-encrypt the data. SQL filtering got more flexible with new 6 patterns (including SUBQUERY and LIST_OF_VALUES), allowing you to set up accepted queries very carefully and block malicious requests. Read the full post for more details on how Acra 0.83.0 helps protecting your databases.

products releases Acra documentation

Read more...


20 Sep 2018

GDPR for Engineers: Implementing Rights and Security Demands

Mapping data privacy regulation to changes in database structure, updates in DevOps practices, backups, and restricted processing. A methodical developer’s perspective.

applied security database security GDPR

Read more...


16 Aug 2018

Poison Records in Acra – Database Honeypots for Intrusion Detection

How we detect massive data leaks and firewall exfiltration in Acra.

applied security database security Acra intrusion detection

Read more...


14 Aug 2018

ACRA 0.82.0 IS OUT!

Introducing AcraTranslator — store AcraStructs wherever it is convenient now. Plus we've added pattern matching for SQL filtering in AcraCensor and number of other improvements.

products releases Acra documentation

Read more...


13 Jul 2018

Social Events of Spring-Summer 2018 for Cossack Labs

An overview of the conferences and meetups in which the Cossack Labs team particiated recently. Also, the first-ever post on our blog containing emoji.

social events

Read more...


6 Jul 2018

MEET ACRA 0.81.0

This release brings better prevention of SQL injections with the new AcraCensor, better handling of real-life SQL queries (including prepared statements and complex JOINs), and a lot of improvements in other key areas of Acra.

products releases Acra

Read more...


31 May 2018

ACRA 0.80.0 IS HERE

We couldn’t wait till summer so the new slick version of Acra is here. Better, cooler, with improved usability and all renamed.

products postgresql Acra releases

Read more...


29 May 2018

Reducing Docker Image Size for Acra

We tried out and described a few approaches to reducing the size of Docker images for the components of our database encryption suite Acra. As a result, we found a way to reduce the container size by roughly 62 times.

howto Docker development Acra

Read more...


13 Apr 2018

ACRA 0.77.0 RELEASE

Acra 0.77.0 is here! We’ve added integration with MySQL databases and made Acra even more useful adding a firewall for SQL requests, a web configuration utility, and a huge selection of Docker compose files you can easily try Acra with.

products postgresql Acra releases

Read more...


9 Apr 2018

Moving to OpenSSL 1.1.0 — How We Did It

Going through breaking changes and avoiding pitfalls in the process of moving from OpenSSL 1.0.2 to OpenSSL 1.1.0.

Themis cryptography OpenSSL

Read more...


12 Mar 2018

ACRA 0.76 IS OUT NOW!

After a year in testing by early adopters, we’re starting to push new features into the open-source version of Acra.

products postgresql Acra releases

Read more...


6 Feb 2018

Releasing Themis 0.10.0

Meet the perfect ten! A sleek update with breaking changes and major improvements.

Themis products releases

Read more...

2017

29 Dec 2017

2017 at Cossack Labs

Looking back at the accomplishments of the year.

holidays social events

Read more...


25 Dec 2017

Happy Holidays from Cossack Labs!

holidays social events

Read more...


14 Dec 2017

Themis 0.9.6 release

Rolling out the brand new shiny Themis 0.9.6! OpenSSL 1.1 is now supported.

Themis products Python iOS Ruby Android releases PHP Go

Read more...


13 Dec 2017

Introducing Hermes

Today is the release day for a proof of concept version of Hermes — a framework for cryptographically assured access control and data security Hermes-core 0.5.1.

Hermes end-to-end encryption products cryptography releases

Read more...


23 Nov 2017

Auditable Macros in C Code

Turning macros into auditable C code in a highly parameterised cross-platform cryptographic library Themis with a help of preprocessor customization.

Themis development cryptography

Read more...


21 Sep 2017

Replacing OpenSSL with Libsodium

The second article in a series of three that covers our experiments with different sources of crypto primitives for Themis. This time we tested its multi-platform capabilities with Libsodium.

cryptography OpenSSL Libsodium

Read more...


15 Sep 2017

Themis 0.9.5 release

Themis 0.9.5 is here! Improved compatibility, small fixes, nice extras, and pre-built binaries from package server for your convenience.

Themis products Python iOS Ruby Android releases PHP Go

Read more...


11 Jul 2017

Replacing OpenSSL with BoringSSL in a Complex Multi-Platform Layout

To provide better multi-platform support in Themis, we've built multi-donor support abstraction layer for cryptographic primitives, called Soter. This is the first article in a series of three that will cover our experiments with different sources of crypto primitives, this time - BoringSSL.

Android cryptography LibreSSL OpenSSL BoringSSL

Read more...


8 Mar 2017

Presenting Acra

Today we're revealing Acra: a database security suite, built to provide selective encryption and intrusion prevention for modern microservice-rich products and web apps.

products releases Acra

Read more...


6 Mar 2017

Importing with ctypes in Python: fighting overflows

Best cases of boring technical debt are understood when reflected properly. This post addresses a simple one: inelegant flags in core C library ended up breaking Python tests. This is no small case to us: tests breaking sometimes might end up in things seeming to work, but not really working. Not something you can afford yourself when you're doing cryptography, do you?

Themis development Python

Read more...


28 Feb 2017

Plugging leaks in Go memory management

Investigating memory leaks can be fun, sometimes. Sometimes it might even teach you a few lessons in how the language you know and like actually works.

development Go Acra

Read more...

2016

30 Dec 2016

This year at Cossack Labs

Bright and full of new 2016 year insensibly came to an end. Sharing the summary of our work!

Read more...


21 Dec 2016

Themis database modules

In an ongoing effort to make Themis functions available anywhere we (and potential users) might need them, we're starting to release Themis wrappers for popular databases. This post outlines the first two - for Redis and PostgreSQL databases.

Themis redis postgresql database security releases

Read more...


13 Dec 2016

12 and 1 ideas on how to enhance backend data security

Previously, we’ve talked about classic design patterns in backend data security, then about key management goals and techniques. In the last article, we will discuss how modern approaches differ and shed light on our solutions.

applied security backend security series database security

Read more...


23 Nov 2016

Themis 0.9.4 release

Glad to announce Themis 0.9.4! Minor changes for stable new version.

Themis products Python iOS Ruby Android releases PHP Go

Read more...


26 Oct 2016

Why making Internet safe is everyone’s responsibility

... not the security vendors, nor government or big corporations can solely fix the current state of things. It's everybody's duty and the earlier we understand it - the better.

applied security Web

Read more...


21 Sep 2016

Backend data security: Key management 101

Second article in series, Key Management 101 will talk about basic key management concepts, goals and methods to achieve them. 

backend security series applied security howto cryptography database security

Read more...


15 Aug 2016

Classic backend security design patterns

In the upcoming series of articles, we'll ascend from classic database security techniques to the modern technologies, including some cutting edge research data and our own experiments.

applied security howto backend security series database security

Read more...


27 Jul 2016

Zero Knowledge Protocols without magic

In this post, we talk about Zero-Knowledge Proofs, tie ZKP authentication to traditional security models and help you understand better how authentication, in general, should work. 

Themis cryptography Secure Comparator zkp

Read more...


20 Jul 2016

Perimeter security: avoiding disappointment, shame and despair

Lighter reading: general thoughts on how the familiar mindset of 'protect the perimeter' changed over time.

applied security database security

Read more...


26 May 2016

Introducing Themis 0.9.3

Themis 0.9.3 released: new wrappers for Go, NodeJS, C++, Google Chrome and much more.

Themis products Python iOS Ruby Android releases Go

Read more...


23 May 2016

Choose your Android crypto (Infographic)

This blog post features infographic on how to choose cryptographic frameworks when developing Android apps and adds a few notes about Native/Java crypto.
 

Themis cryptography infographic applied security howto Android development

Read more...


21 Apr 2016

Building Sesto, in-browser password manager

Sesto is one of PoC tools we've developed while working on WebThemis - the cryptographically sane front-end framework for Google Chrome. Sesto enables web users to store any secrets (for example, login credentials) on the server and use them from any computer that has Google Chrome installed. 

Themis PNaCl cryptography Python Web

Read more...


7 Apr 2016

Benchmarking Secure Comparator

This post summarizes our experiences of testing Secure Comparator as an authentication mechanism for HTTP.

While we were planning, designing and implementing Comparator, real infrastructure in which it has to function (letting Toughbase instances without shared trust to be able to exchange records and request personal data safely) was very far from being ready, but we wanted to understand how good it was for some practical applications. So we chose the obvious - seeing how SC could work as HTTP authentication mechanism.

Themis development cryptography Secure Comparator

Read more...


30 Mar 2016

Crypto in iOS: Choose your destiny (Infographic)

This blog post features infographic on how to choose crypto when developing iOS apps. It's always useful to put tool choice in context of causes (goals) and effects. This is what we've tried to do in this post. 

Themis cryptography infographic iOS applied security howto development

Read more...


17 Mar 2016

Building secure end-to-end webchat with Themis

While doing some protocol design for front-end clients with WebThemis services, we wanted to try it in real-world situations first: how easily could we deploy complicated cryptographic behavior into web apps? Turns out, quite easily. This post describes one of such web apps, designed to illustrate some zero-server-trust design patterns we're using in other developments. 

Themis cryptography Python howto end-to-end encryption development PNaCl Web

Read more...


14 Mar 2016

Building LibreSSL for PNaCl

As we are still using LibreSSL as a donor for some of the cryptographic primitives, with every new architecture we have to make sure that LibreSSL compiles well. This post describes our challenges with PNaCl.

Themis PNaCl cryptography LibreSSL OpenSSL howto

Read more...


9 Mar 2016

Introducing Themis Server

Themis Server is interactive debugging environment for Themis: an easy way to try what Themis can do, debug your working code, get easy-to-test examples (specifically cooked to talk to Themis Server). 

Themis products releases

Read more...


8 Mar 2016

Building and Using Themis in PNaCl

This post outlines our experience of porting typical C/C++ library (which is obviously Themis, in our case) to PNaCl module. A few challenges, a number of interesting riddles and Themis suddenly has a new home!

Themis howto cryptography PNaCl Web

Read more...


3 Mar 2016

What's wrong with Web Cryptography

Threats you may face when implementing cryptography within your web application JS way.

applied security Themis PNaCl cryptography Web

Read more...


1 Mar 2016

WebThemis: proper crypto for modern Web

Introducing WebThemis: a Google Chrome library to develop secure web applications.

Themis products cryptography releases Web

Read more...


11 Feb 2016

Fixing Secure Comparator

After publishing Secure Comparator paper, we've received a number of concerns from the cryptographic community about possible security breach, in case, where one of the parties is intentionally falsifying the protocol. We've adressed these concerns, and, in this blog post and paper update would like to elaborate how and why. 

Themis cryptography Secure Comparator zkp

Read more...

2015

9 Dec 2015

Introducing Secure Comparator

Secure Comparator is a novel authentication technique we're proposing the cryptographic community to evaluate. It can be used as any id/secret pair authenticator in environments, where no trust relationships exist between two parties.

Themis cryptography Secure Comparator zkp

Read more...


26 Nov 2015

Why we need novel authentication schemes?

Current technological advancements in authenticating users seems to be sufficient for most cases. However, taking a more detailed look reveals weaknesses and tradeoffs in all existing authentication schemes. Before explaining the methodology and cryptography behind Secure Comparator, our authentication protocol, we wanted to outline reasons for developing it in a brief review of existing authentication methods.

applied security cryptography Web Secure Comparator zkp

Read more...


20 Nov 2015

WeakDH/LogJam vs Secure Session

Being asked several times 'Is Secure Session prone to attacks similar to WeakDH/LogJam', we've decided to outline some principal differences, which render Secure Session really secure from these attacks.

Themis cryptography Web

Read more...


18 Nov 2015

Armoring ed25519 to meet extended security challenges

When developing new, advanced features of Themis library, we had to extend some of the ECC cryptography available in open source with our own implementation to provide simple point multiplication with random (unknown in advance) point. To achieve that, we've extended Daniel J. Bernstein's implementation of ed25519 with our own math and code. This blog post outlines our direction of thinking.

Themis cryptography Secure Comparator zkp

Read more...


4 Nov 2015

Introducing Themis 0.9.2

Introducing updated and polished Themis, release 0.9.2.

Themis products Python iOS Ruby Android releases PHP Go

Read more...


28 Oct 2015

Why you should avoid SSL for your next application

TL;DR: SSL is huge, inefficient, complex and may present plenty of security threats. For most platforms, it's the best we've got. For some, where it can be configured properly - it's lifesaver. For many - it's the illusion of security. Let's see what applies to your application.

applied security cryptography Web

Read more...


1 Oct 2015

Building encrypted chat service with Themis and mobile websocket example

This tutorial shows simple ways of integrating cryptographic services presented by Themis cryptographic library into your already existing multi-platform application.

Themis products iOS Ruby howto Android development Web

Read more...


22 Sep 2015

Notes on adding cutting edge features

Some important notes on intruducing experimental, bleeding edge features to Themis, changes in Themis build system in the regard of these features, and a tease of new things to come.

Themis cryptography Secure Comparator zkp

Read more...


3 Jun 2015

Releasing Themis into public: usability testing

How we did usability testing for Themis when releasing the open source library into public.

Being ready to release Themis, we've gathered a few colleagues and decided to make a test run on unsuspecting developers - how would the library blend into their workflows?

Themis products Python iOS

Read more...


18 May 2015

Introducing Themis

We are proud to present Themis, a novel cryptographic services library.

Every good work of software starts by scratching a developer's personal itch. (The Cathedral and the Bazaar)

Themis products cryptography releases

Read more...

Copyright © 2014-2018 Cossack Labs Limited
Cossack Labs is a privately-held British company with a team of data security experts based in Kyiv, Ukraine.