Plugging leaks in Go memory management
Intro As many of you know, Go is an amazing modern programming language with automated memory management. We love Go: we've used it to build Acra, our database encryption suite, we further use it to build other products. Not being extremely fancy, Go is practical and efficient and is a way to get things done in a reasonable timeframe. Sometimes, even in the age of modern, garbage-collected languages, with their own great profiling tools and well-thought memory management style, you'll still have to dust off old good valgrind to understand what's going on.
2016 at Cossack Labs
Bright and full of new 2016 year insensibly came to an end. Writing good software is hard: absorbed in developing our main products, closed a testing round of Acra (all hail the braves who dedicated an immense amount of time giving us feedback), we’ve spent most of the year undercover. Now that we’ve shown first cues to the open public, revelatory moments are closer than ever. This year we’ve put a lot of effort into helping Themis users understand how to better use Themis and how to build stronger apps:
Themis database modules
Intro Themis provides several methods for encrypting data at rest - Secure Cell, Secure Message. Where do people store data? In files and in databases. Sometimes, you want to manipulate cryptographic data on the database side, this is where Themis plugins come handy. Even though generally it's a questionable practice, but sometimes you need to encrypt/decrypt data on the database side. Moreover, there are some security designs where you have to:
13 tips to enhance database and infrastructure security
Article updated in 2019. Previously in the series... Previously, we’ve talked about design patterns best practices in backend security, then about key management goals and techniques. It is important to understand that database security evolved with system administration techniques and programming demands, with cryptography and access controls being complementary features, rather than cornerstones. In classic designs, there are two important drawbacks: Trust tokens: they rely on storing trust tokens somewhere inside the infrastructure;
Themis 0.9.4 release
Why feel cold when happiness and laughter of your colleagues might make any evening warm and happy. Yesterday our team gathered to release Themis 0.9.4, and so did we. Take a look at the updates: BoringSSL support on Android and Linux Fixed some leaks and code styling problems (thanks to @bryongloden) Memory management updates for stability in languages, which rely on GC Fix Themis build errors under certain conditions Swift3 support + numerous enhancements from @valeriyvan
Why making Internet safe is everyone’s responsibility
Responsibility is yours, mine, and that developer's in the office nearby. Open any tech news aggregator and chances are, one-third of all news will be security-related. What we are seeing right now is insane raise of awareness to cyber security, dictated by security threats suddenly turning looming on the horizon to dangerously close to anybody on the Internet. It is not your typical buzzword market fad, where everyone suddenly gets interested in next exciting topic in the development of modern tech, looking for ‘wild opportunities’.
Key management in data security: fundamentals
Key management in security system Frequently overlooked, much less hyped than quantum computers breaking trapdoor functions, managing keys is actually the most important part of building a security system. Secret keys, public-private key pairs, passwords and other factors of authentication are the control vessels within security system. In this article, we will go through basic key management concepts, explain some important ideas for next articles and provide some practical advice you can start implementing within your application tomorrow.
Backend security: design patterns best practices
This article was revisited and updated in August 2018. In modern client-server applications, most of the sensitive data is stored (and consequently leaked) on the backend. At Cossack Labs, we’re working on novel techniques to protect the data within modern infrastructures. We talk to engineers across industries about these techniques quite a lot too. However, it is still not uncommon to see infrastructures without even the basic classic database defence patterns.
Zero Knowledge Protocols without magic
When we’ve first released Secure Comparator to use in our Themis crypto library and started talking about novel authentication concepts, we’ve encountered a few common misconceptions and plenty of magical thinking about Zero-Knowledge Proofs as a phenomenon. In this post, we’ll talk about some of them, tie ZKP authentication to traditional security models, and help you gain a better understanding of how authentication, in general, should work. Understanding authentication and Zero-Knowledge Proof Protocols What is authentication, anyway?
Perimeter security: avoiding disappointment, shame and despair
Perimeter security: looking back Over the years, the Internet has evolved, and complex systems facing the Internet have evolved too. Traditional security methodology to defend these systems was to build strong walls around your most valuable assets: build a castle and hope it stands against the external adversary. We’ve invested into firewalls, data leakage prevention systems, intrusion detection of all sorts. And what’s behind these walls? Whatever it is, it’s protected, we’ve thought for a long time.