Article: How Safe is ‘Smart’ Technology

Tozny CEO, Isaac Potoczny-Jones was quoted today in an article by Wayne Havrelly at KGW about the Internet of Things. “Any system, as it gets more complex, the likelihood of a weak link in the chain grows,” said Isaac Potoczny-Jones, computer security expert with Galois. “So as cars get these integrated …

Talk: User Identity and Authentication in WordPress

The other day I gave a talk at the Portland WordPress Developers Meetup about authentication in enterprise and web environments and how WordPress fits into the Identity Management alphabet soup. At the end, I showed off our WordPress Plugin, which can be used for easy and secure login to WordPress …

Video: Common Crypto Mistakes in Android

Watch Isaac’s talk about common mistakes that developers make in Android cryptography based on our article about the same topic. About: If you do a web search for “encrypting Strings in Android”, you’ll find a lot of example code, and they all look pretty similar. They definitely input a String …

Encrypting strings in Android: Let’s make better mistakes

Update: Here’s the video of Isaac’s talk on this topic and the Github repo for the AES library. You can also check out TozStore, Tozny’s multi-language end-to-end encryption platform. Our technology is designed to make integration of encryption quick and easy. You can sign up for free and try it out! …

Blaming users for security incidents is counterproductive

The Associated Press has done some important research into the cause of cybersecurity incidents in the federal government. Unfortunately, they come to the wrong conclusion. They document the huge rise in security incidents, and then add: And [federal] employees are to blame for at least half of the problems. Specifically, not …

Tozny demo video: Login and out of band transaction verification

Take a look at the primary features of the Tozny login and out of band transaction verification system. Key points: Tozny is both easier to use and more secure than passwords. Tozny defeats advanced malware like man in the browser attacks. Tozny adds an extra layer of defense against CSRF.

Shellshock: Making sense of the question, “Am I vulnerable?”

It seems like such a simple question, “Am I vulnerable to Shellshock,” but it’s surprisingly complicated. Lots of Internet forums suggest pasting some magic code into your command line. If the code outputs “Vulnerable” then you need to upgrade. Unfortunately, it’s not that easy.

Man in the Browser: Attack and Defense

A successful man in the browser attack is devastating: The attacker gets full control over your account and you have no idea it is happening. In this post, we discuss the attack, its impact, and why typical mitigations fall short. Finally, we toot our own horn a bit and show …

A Guide To Insider Threats

Insider attacks are particularly difficult to defend against. Insiders have internal knowledge of the network, and often know a system’s vulnerabilities. Even if they don’t violate security policies, they can perform authorized actions in a malicious way. I like Common Sense Guide to Mitigating Insider Threats. It’s light reading, if …