Cryptographic failures in RF encryption allow stealing robotic devices
Stunned by losing their robotic devices, [REDACTED] learnt that they were hijacked by attackers even with communication being encrypted. Having researched its firmware and found numerous cryptographic failures, we've crafted a few demos on how cryptography goes wrong in real life.
RepoMetaScore: evaluating supply chain risks of open-source repositories
Releasing RepoMetaScore (repository metadata scoring): a dependency checking tool that analyzes metadata of open-source project, including commit history and contributors’ background. RepoMetaScore calculates risk rating, makes supply chain risks visible and prevents weaponizing OSS.
Cossack Labs stands on guard for security of Ukrainian companies
Cossack Labs stands with Ukraine and offers free security assessment and engineering services for Ukrainian companies to improve country protection and resilience.
React Native libraries: Security considerations
How to select a secure React Native library for your app. Sort out improper platform usage, easy to misuse API, deprecated and abandoned libraries – check our research of the React Native ecosystem security.
TLS certificate validation in Golang: CRL & OCSP examples
All developers need to know about using OCSP and CRL for validating TLS certificates in Go apps. Things we’ve learnt while building our own OCSP/CRL validation tooling: design, implementation and security tips, example code and popular mistakes.
Crypto wallets security as seen by security engineers
Read about building secure crypto wallets and issues we found when doing crypto wallet security audits. Hot non-custodial wallets store private keys, sign crypto transactions, and claim to be secure. But are they?
Acra 0.90.0: application level encryption and searchable encryption for any SQL and NoSQL databases
We are pleased to announce the Acra Community Edition 0.90.0 release, which makes a broad set of security features, including database encryption, searchable encryption, and encryption-as-a-service API available for any developer.
React Native app security: Things to keep in mind
React Native security: What developers and team leads need to know. Handle risks and threats, prevent typical security mistakes, follow best engineering practices — learn from our experience.
Audit logs security: cryptographically signed tamper-proof logs
Logs, audit logs, and security events are must-have components of a secure system, which help to monitor ongoing behaviour and provide forensic evidence in case of an incident. Let’s cut through complexity. In this article, we cover cryptographically signed audit logging, aka “secure logging”, when logs are generated in a certain way which prevents tampering messages, removing, adding or changing the order of log entries. We explain why signed logs are essential for security software, how we’ve built-in secure audit logging in Acra, and how to use it together with other defense in-depth layers in your systems.