-
Signatures, Key Management, and Trust in Software Supply Chains – Part 2: Exploiting Signatures
In Part 1 of the series Signatures, Key Management, and Trust in Software Supply Chains, I wrote about the basic concepts of identities, signatures, and attestation. In this one, I will expand on the house buying scenario, that I hinted about in Part 1, and will describe a few ways to exploit it in the […]
-
Signatures, Key Management, and Trust in Software Supply Chains – Part 1: Identities, Signatures and Attestation
For the past few months, I’ve been working on a project for a secure software supply chain, and one topic that seems to always start passionate discussions is the software signatures. The President’s Executive Order on Improving the Nation’s Cybersecurity (EO) is a pivotal point for the industry. One of the requirements is for vendors […]
-
Why Multi-Factor Authentication (2FA/MFA) Usage Numbers Will Not Improve Any Time Soon?
If you have missed the news lately, cybersecurity is one of the most discussed topics nowadays. From supply chain exploits to data leaks to business email compromise (BEC) there is no break – especially during the pandemic. Many (if not all) start with an account compromise. And if you ask any cybersecurity expert, they will […]
-
To 404 or Not to 404 – Using HTTP Response Codes to Provide User-Friendly Error Messages in Microservices Implementation
How often the following happens to you? You write your client code, you call an API, and receive a 404 Not found response. You start investigating the issue in your code; change a line here or there; spend hours troubleshooting just to find out that the issue is on the server-side, and you can’t do […]
-
What do you need to know about Helm 2, Helm 3, and ACR?
In the last few months, I started seeing more and more customers using Azure Container Registry (or ACR) for storing their Helm charts. However, many of them are confused about how to properly push and use the charts stored in ACR. So, in this post, I will document a few things that need the most […]
Hi, I am Toddy and I have dealt with technology since 1993. I've worked for startups and big enterprises in Europe and US, and have delivered software to millions if not billions of devices.
May
22
ToddySM
