Security

Making macOS safer

This is a guide about security, not privacy.

Audit of smart contract security in TON: key mistakes and tips

Hello everyone! Sergey Sobolev is here, a specialist in distributed systems security at Positive Technologies, our team is engaged in auditing smart contracts. Today…

Magic links now in Spring Security

The concept of magic links is not new, but for a long time developers did not have a reliable solution with a full-fledged community that would allow them to quickly…

Spring Cloud Gateway + Keycloak: a complete example

Hello everyone! Today we will look at how to make a full integration of the Spring Cloud Gateway API gateway and Keycloak, as it seemed to me that the topic was not sufficiently…

ONCE AGAIN ABOUT THE GREAT BORDER between matter and consciousness

According to an ancient tradition, the roots of which even old-timers with advanced amnesia do not remember, before the New Year, one wants to say something significant…

The complexity of biometric identification of monozygotic twins

Imagine a courtroom. The prosecutor proudly presents what he believes to be irrefutable evidence: a fingerprint, a surveillance camera recording, a DNA test. Everything…

Top cybersecurity news for December 2024

Hello everyone! We are closing the year with our traditional news digest. December was rich in spyware news: Pegasus was highlighted due to the won Whatsapp case, its…

Incident response XXII века: как PAM-система помогла выявить атаку в прямом эфире

• 17:35
• 18.11.5260

In the article "Reign of king: tactics and tools of the Obstinate Mogwai group" from the Solar 4Rays Cyber Threat Research Center, there is an interesting case of an…

Cryptography of the Middle Ages: from alchemical ciphers to magic squares

Among the bright symbols of the Middle Ages are sorcerers, witches, and alchemists who "enchant and turn mercury into gold." Cryptography at this time also went hand…

Safe Digest New Year Edition: "bot" among "friends", bushido against fraud, TB of leaked "snowflakes"

Throughout 2024, we have witnessed a lot of high-profile hacks, leaks, failures, and just funny news from the world of information security. For the New Year, we traditionally…

Secrets in Java services on Spring: where to get and how to update

Hello, tekkix! My name is Andrey Chernov, I am a Java architect at SberTech, where I develop the architecture of microservices. Now I will talk about the nuances of working…

Mix, but do not shake. How we added Sec between Dev and Ops

Hello, tekkix! My name is Natali Dubotolkova, I am a senior secure software development engineer at Basis. I want to talk about how we thought about integrating the work…

How OSINT reunited two long-lost soldiers

Faces and names mentioned in this blog are real and used with their permission. Some details have been edited or hidden to protect the privacy of others.

Basic SAST and DAST setup for django in gitlab cicd: how to quickly implement security solutions

Hello, my name is Egor and I am a Tech Lead at IdaProject :) I am engaged in strategy, processes, and teams in the direction of backend development.

Development of Security Proxy. Dynamic Rights

Hello everyone! The classic approach to authorization is when its control is placed inside a specific service in the form of static rules. That is, the role and rights…

Worse than a flood, scarier than a fire: how to prepare your backups for a ransomware virus visit

For decades, backups have primarily protected us from physical equipment failure and accidental data corruption. A good backup system should survive a fire, a flood,…

Evolution of NGFW in Russia on the example of UserGate. Interview with UserGate NGFW Development Manager Kirill Pryamov

There was already an interview on tekkix about Next Generation Firewall from Solar, which touched on the technical aspects of developing such solutions. There was also…

OSINT. Now what is the buzz about?

We at IDX, a company engaged in legal personal data verification, are naturally interested in everything related to PD, even if it goes beyond our operational activities.…