When using FOSS software you have the advantage to inspect the source code on malicious flaws. However almost all software is distributed to end users as pre-compiled binaries. This creates a problem: How do you know if the software is not injected with malicious code?
Compiling the software yourself is not enough to be sure that no flaws have been introduced. So check if your software has a reproducible build. A reproducible build is, an approach to determine whether generated binaries correspond with their original source code.
1 New Zealand Company’s ‘Impossible-to-Hack’ Security Turns Out to Be No Security at All
Never ever claim that your system is 100% secure. This is impossible. So read this story and enjoy.
(Link)
2 Writing Secure Go Code
keeping security in mind when writing Go code. From a security-by-design perspective a must! But answering this question in a short article is impossible. But this is a nice try!
(Link)
3 Microsoft Chooses Profit Over Security
Unfortunately, this could be no surprise for you. If you are following Microsoft business model over the last decades. But stories like are still worth reading!
(Link)
4 EU Tries To Intercept Encrypted Web Traffic Without Anyone Noticing
Democracy within the EU is lacks transparency. We like to point to other countries, but we don’t see our own mistakes. And we get angry when an American points this out to us. New and dangerous elements of the EU regulation eIDAS were added in closed-door meetings without any public consultation of experts. It’s a blatant power-grab by the EU. eIDAS is a huge technical failure and the millions spend are wasted money.
(Link)
5 It’s Like Flossing Your Teeth
We advocate for using Reproducible builds for a long time. This research paper again proves we are not wrong. Nice read with good arguments in this paper to end security discussions in your team.
(Link)
6 How Hype Will Turn Your Security Key Into Junk
I have posted news articles on PassKey before. Knowledge on the disadvantages should be regularly posted, until we all have a shared view on this technology. Spoiler: It is not a Holy Grail!
(Link)
7 The $1.5B Bybit Hack
Every security professional should read this story. It is a great story on how banks and crypto wallets are hacks. Never trust financial companies with your money that do not have a legal obligation to indemnify you in the event of a hack. And make sure you do not need special lawyers in a foreign country if you are not a billionaire. Check also this story ‘$1.4 Billion in Crypto Stolen‘ to the most recent story in this area.
(Link)
8 LLMs are the reason that most AI security companies won’t last
LLMs are substantially easier to use, most companies and developers will use LLMs rather than going out to build and train their own models. The question left is of course: What kind of expensive huma expert knowledge is required in the coming years to avoid large security risks?
(Link)
9 The UK will neither confirm nor deny that it’s killing encryption
The UK may have set a precedent for other governments to follow when it reportedly ordered Apple to give it backdoor access to iCloud data. We already know that many so called democratic countries in the EU like to ban encryption. From a security and privacy perspective this is disastrous. It will end our democracies that are already under heavy pressure. Full transparency and control on the digital agendas that our governments create behind closed doors is a minimum first step towards improvement.
(Link)
Our partners:
The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.