ROI

Open Security News week 1-2022

Cyber attacks are likely to remain a significant risk. Using simple proven cyber security solutions to prevent and protect against cyber attacks should be your highest priority. Good simple solutions are open and transparent. Stop reinventing the wheel: Use existing solutions or build upon a solid foundation of open security  tools and knowledge.

1 The Google log4j vulnerability scanner

The end of 2021 reminded us of the simple rules to always check and verify FOSS software on vulnerabilities. Never forget: The simple security rules to prevent risks always apply. People at Google created this scan tool and everyone can benefit and make it better.

(Link)

2 Authentication and Authorization

This article describes the fundamentals of authentication and authorization. Great article with nice visuals. Created by two Microsoft employees.

(Link)

3 Open Source Security Process Wishlist

There are a few methods and practices that can help a software project better manage security incidents and vulnerabilities. This article is a short list of such processes.

(Link)

4 Firmware attack can drop persistent malware in hidden SSD area

Researchers developed a set of attacks against some solid-state drives (SSDs) that could allow planting malware in a location that’s beyond the reach of current security solutions.

(Link)

5 Fun browser extensions can have vulnerabilities too!

What’s the worst possible vulnerability a browser extension could possibly have? Remote extension configuration Meow is not primarily a browser extension. But if it’s only the sandboxed browser extension, then granting attackers access to each and every website is probably as bad as it goes.
(Link)

6 Electromagnetic Side-Channel Attack Resilience against present Lightweight Block Cipher

Lightweight cryptography is a novel diversion from conventional cryptography that targets internet-of-things (IoT) platforms.
(arXiv Link)

7 Improving the Quality of Publicly Trusted Intermediate CA Certificates

improvement in automation is important because intermediate certificates play a critical part in the web PKI (Public-Key Infrastructure). Since security is never finished: Read all about the new Mozilla improvements.

(link)

Our Partners:

nocomplexity

The Open Security newsletter is a bi-weekly overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project.