HackerTrans
TopNewTrendsCommentsPastAskShowJobs

pwlb

no profile record

comments

pwlb
·hace 3 meses·discuss
Many neurodivergent people are simply overwhelmed by the sound on the streets
pwlb
·hace 3 meses·discuss
The documentation actually reveals why this will most likely not work, given you are on expert on mobile security
pwlb
·hace 3 meses·discuss
The documentation clearly outlines that there are multiple signals being analysed. Relying on play integrity alone is definitely not sufficient as you state.
pwlb
·hace 3 meses·discuss
EIDAS 2 motivation is implicitly that eID failed in eIDAS 1. It simply either didn't take off or didn't work at all
pwlb
·hace 3 meses·discuss
This is necessary because the wallets contain an identity proofing functionality called PID(Person Identification Data). Showing these credentials basically approves you are you. There are high requirements for identity proofing that even pre-date wallets and that makes sense, because the potentially blast radius of identity theft is huge. Historically, these have been secured in smartcards, like eID cards or passports and are not shifting to the smartphone. Verifying the security posture of your device and app is therefore crucial.
pwlb
·hace 3 meses·discuss
Banks actually have high fraud rates today because of weak security mechanisms. If attackers steal your money, the bank will reimburse you. If attackers steal your identity, you are really screwed. Security requirements for banking and identity are simply different.
pwlb
·hace 3 meses·discuss
Preventing credential duplication is a requirement to achieve high level of assurance. One of its purpose is to limit the potential damage that can be done by attacks. If credentials are bound to hardware-bound keys, attackers will always need access to this key store to make any miss-use. If you don't prevent duplication, attackers may extract credentials and miss-use them at a 1000 places simultaneously.
pwlb
·hace 11 meses·discuss
This is due to many parts of the system being spread across multiple IETF RFCs, which happens as OAuth was improved and made more secure over time. Efforts are underway by combining all important parts into OAuth 2.1, otherwise have a look at FAPI 2.0 security profile for high assuance use cases.
pwlb
·el año pasado·discuss
You may have a look at this (still a Draft): https://datatracker.ietf.org/doc/draft-ietf-oauth-status-lis...