ROI

Open Security News week 17-2022

Cyber offences, such as hacking, malware creation and distribution, and online fraud, present a substantial threat to organizations attempting to safeguard their data and information. Open and simple cyber security solutions always help.

1 The seL4 Microkernel

seL4’s formal verification sets it apart from any other operating system. It provides the highest assurance of isolation between applications running in the system, meaning that a compromise in one part of the system can be contained and prevented from harming other, potentially more critical parts of the system.

(Link )

2 Government workers say Microsoft tech makes them less secure

Great article, despite the source. Covering the problem with IT ‘monoculture’ and shadow IT always present at every organization. And I do think Google Workspace for Government is not a smart solution for governments to use..

(Link)

3 How we secure Monzo’s banking platform

Articles on how security is managed should be shared (cc-by) so we can all constantly learn and find better and smarter ways to reduce cyber risks. Reading about banking and thread modeling is always educative.

(Link)

4 Seriously, stop using RSA

Strong opinion based articles forces you to think yourself. This articles presents RSA as an intrinsically fragile cryptosystem containing countless foot-guns which the average software engineer cannot be expected to avoid. The article raises some good points to take in consideration when using RSA.

(Link)

5 Getting started with security keys

Nice read on how to stay safe online and prevent phishing with FIDO2, WebAuthn and security keys.
(Link)

6 Security Analytics: Tracking Proxy Bypass

A simple question: “What might a security operations center (SOC) analyst want to know at the start of each shift regarding the network? This post describes how to track the amount of network traffic that is evading security proxies for services that such proxies are expected to cover.
(Link)

7 Access Control Models for Conversational User Interfaces

Access-control is a key element to manage security in any user interface. This is a great attempt to extend conversational user interfaces with access-control capabilities.
(Link)

8 Adobe Acrobat hollowing out same-origin policy

The same-origin policy is the most fundamental security concept of the web. It mandates that example.com cannot simply access your data on other websites like google.com or amazon.com, at least not without the other websites explicitly allowing it by means of CORS for example. Companies don’t usually like security reports pointing out that something bad could happen. Read this article to find out more on the risk you take when installing an Adobe Acrobat browser extension.


(Link)

9 A Golden Age of Systems Security Research: NDSS Symposium 2022

Every year, the Internet Society hosts one of the top conferences for computer and network security research, the Network and Distributed Systems Security (NDSS) Symposium. All papers presented are Open Access and real top security research. My attention was grabbed by the paper on Automated Certificates for User Authentication.
(Link)

Our Partners:

nocomplexity

The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.