A mathematical way to disclose the vulnerabilities

Photo by Markus Spiske on Unsplash

Few relationships in cybersecurity more delicate than the one between a security researcher who discovers a vulnerability in commercial software or hardware and the company they notify.

The company may not care about the flaw or its impact on customers or downplay the severity to avoid media attention. The researcher on its potential for harm or believe that a timelier public disclosure will incentivise the business to develop a quick patch to protect end-users.

While the industry has addressed some of these problems through coordinated vulnerability disclosure policies, there’s still a fair amount of disagreement and mismatched incentives that can…

Google Chrome FLoC Trial: How to Identify You’re Being Tracked and Opt-Out of it

Cookies are out, and Google FLoC is in

Photo by Tobias Tullius on Unsplash

Google Chrome has a new way to track you, in a method that the company called Federated Learning of Cohorts, or FLoC. The company has claimed that it is a better way to give advertisers what they want and leave some semblance of privacy to users. However, privacy advocates have since spoken out against it, and especially its automated imposition of FLoC trials upon a randomised selection of users. What’s particularly surprising to note is how Google has begun its preparations without any clear disclosure of the same, and FLoC trials for 0.5% …

Stop using SMS (Short Messaging Service) for time-based one-time password (TOTP)

Licensed from Stock Photos

Text messaging (SMS) based authentication is the weakest link in securing anything online. However, using SMS for two-factor authentication is not considered safe anymore. The National Institute of Standards and Technology (NIST) published a guideline warning about SMS authentication as a strong authentication method. Also, Google and other leading online services are either moved or in the phase of moving to prompt-based authentication. So why is SMS not safe anymore? What should we use then?

Some Basics

Before we jump into why SMS authentication is not safe anymore, let’s go over what two-factor authentication is and why everyone should use it if…

Safeguard yourself from data breaches.

Licensed from Stock Photos

The recent Facebook data breach is all around the news, and 533 million users across 106 countries had personal data leaked online, including email accounts, phone numbers, birthdates, and the list goes on.

Everyone’s first question will be how to check whether you’re part of that breach. There are a couple of ways to identify, but I would recommend the two best resources.

  1. One well-known online resource will be, Have I Been Pwned. Just follow the link to the site and input your email address or phone number to identify your data is part of…

Vinoth Venkatesan

Cyber Security Professional by heart. Enabling enterprises to transform digitally with effective security practices in place.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store