Security Boulevard

Carelessness versus craftsmanship in cryptography

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of ...
GitHub

Mock OpenID Connect provider

A mock OpenID Connect provider which can be used for testing. This provider is based on the OpenID Connect Core 1.0 specification, and inspired by OpenID Provider Mock and oauth2-mock-server. JWT and ...
Sky

Epstein files: The key findings so far

More than three million pages related to Jeffrey Epstein have been made public in the latest release by the US Department of Justice. Email exchanges, as well as more than 2,000 videos and 180,000 ...