Open Security News week 23-2023

There are many myths about security, and how difficult it is. Cyber security is a complex domain. There is no perfect solution. Never. However there are simple solutions that do work. Often the best cyber security solutions are open well known solutions which everyone can use. Good solutions are not subject to a hype. Open solutions are transparent, so everyone can use and improve these solutions. 

1 Wireshark Labs

“Tell me and I forget. Show me and I remember. Involve me and I understand.” One’s understanding of network protocols can often be greatly deepened by “seeing protocols in action”. Recently I was at a great WireShark meetup in the Netherlands hosted by Rabobank. I was thrilled to hear the enthusiasm of one of the core developers on the next improvements. Imho every serious security consultant should once in a while make her/his hands dirty by playing around with Wireshark.


2 The Shadowserver Foundation

The Shadowserver Foundation has become one of the world’s leading resources for Internet security reporting and malicious activity investigation. The daily reports of scan provided are truly valuable. For researchers and to keep aware.

(Open Security Foundations or direct link )

3 Fun with learning TLS

Completely understanding TLS is not simple. This page helps! See how this page fetch itself, byte by byte, over TLS.


4 Turning Public Opinion Against Encryption

Recent media reports state that senior government officials in the US and EU agreed to cooperate on measures to shape public opinion with the goal of legitimising the demands of law enforcement agencies to access encrypted communications. Again an attack on security and privacy. There is no effective way to weaken encryption for some use cases such as law enforcement while keeping it strong for others.


5 Hardening Drupal with WebAssembly

Drupal is of course not the popular FOSS CMS. That is still WordPress which results in an endless continuous attack on all possible vulnerabilities. WebAssembly can be a very lightweight way to play with new software without introducing security vulnerabilities into your development environment. Using a WebAssembly created software container opens ways for testing complex system software using only your browser.


6 I Know What You Trained Last Summer: A Survey on Stealing Machine Learning Models and Defences

Machine Learning-as-a-Service (MLaaS) has become a widespread paradigm. This paper is a great read to learn more on cyber security and protecting trained Machine Learning models.

(arXiv Link)

7 The Strange Story of the Teens Behind the Mirai Botnet

Their DDoS malware threatened the entire Internet. A great read that gives you a deeper understanding on how this DDoS malware started and how it worked.


Our partners:


The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.