Open Security News week 18-2023

There have been more than 900 publicly reported automotive security incidents since 2010. Security anchored in hardware needs the highest level of protection. Hardware security certifications are a minimum requirement but are never enough. Risks remain. Especially within human transportation systems like cars, trains, elevators and buses safety needs better cybersecurity.

1 The beginning of the end of the password

Passwords. You should hate it. Too often insecure. But the pain is: It’s simple and often good enough. When Google announces the end of passwords you should pay attention. Google now moves to passkeys. A more secure way to sign in to apps and websites. This could be a start of a passwordless future. But since the standard is created by large tech companies so without many open (FOSS) implementations that are simple to use and reuse this future means passwords will still be used at large. Background information on passkeys is available here and here. Also mind the use of bio metric information and risks involved.


2 Why is OAuth still hard in 2023?

I’ll like this summary: “We implemented OAuth for the 50 most popular APIs. TL;DR: It is still a mess.” Hands-on developers will recognize this. Using OAuth is still not simple! Personally, I doubt if their solution is simpler and qualifies as an open solution…


3 The DOJ Detected the SolarWinds Hack 6 Months Earlier Than First Disclosed

The SolarWinds Hack was a real nasty hack. But this story is rather shocking. It proves again that openness is really needed! This story underscores the importance of information-sharing among agencies and industry in the open.


4 Security researchers uncover NSO Group iPhone attacks in Europe

The noxious NSO Group continues to spy on people’s iPhones. Security is a human right. When using an iPhone or any other commercial smartphone your privacy is not respected since security is often weakened on purpose.


5 Cryptography Implementation using ChatGPT

ChatGPT is a gold mine for hackers. This paper demonstrated the feasibility of implementing encryption algorithms through ChatGPT, enabling individuals to develop encryption solely by conversing with ChatGPT without writing any source codes themselves. Amazing experiment. My anxious feeling towards ChatGPT has not decreased, on the contrary!


6 Hack In The Box Security Conference 2023 @ Amsterdam

It’s impossible to visit all interesting security conferences. So I always become very happy when someone writes a summery and published his/her impression. Full conference site with slides and more can be found here.


7 Data security foundations in five steps

From LastPass to SolarWinds, “data security” seems to be the phrase on the lips of every CTO these days. This blogs outlines some cyber jargon for non tech people. It also presents some good simple steps to raise cyber awareness.

8 Automotive Security: Growing Challenges With Certified Hardware Security Module IP

There have been more than 900 publicly reported automotive security incidents since 2010, and this number is growing year over year. Safety improvement demands better security.

9 Cybersecurity and Artificial Intelligence: Threats and Opportunities

Nice report on rapidly changing AI-driven cybersecurity landscape. This reports (56 pages) helps you with understanding the impact of AI on the security landscape. And of course the emerging threats posed by advanced AI-powered cyberattacks now possible.


Our partners:


The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.