Open Security News week 27-2023

Good cyber security is still a cost factor for companies. For too long we refuse to create simple systems for simple problems that can be easily adjusted and are resilient for common cyber security threads. We, security experts, are trained and brainwashed by commercial vendors to advocate for complex, expensive cyber security solutions that are costly to implement and lack transparency. Most cyber security improvements programs end with more paperwork and more new fancy software tools, without increased security resilience. We need to break out of this cycle.

1 Simplify Cyber Security: A Practical Manifesto

Cyber security is a vital concern for individuals, organizations, and societies at large. Most cyber security improvements programs end with more paperwork, more new fancy software tools without increased security resilience. We need to break out of this cycle.


2 The Avast case

Never fully trust antivirus software. The companies do not act completely in your interest. Avast is known for its antivirus and security software and services. When checking for malware, Avast software collected all kinds of data. In the Netherlands, a lawsuit against AVAS starts. Valuable data has been commercially resold by Avast. So join the fight.


3 Barracuda Email Security Gateway Appliance (ESG) Vulnerability

Strong rumors suggest that the vulnerability CVE-2023-2868 was already known and used since October 2022. Unfortunate examples of commercials security companies with debatable moral and ethical principles are not uncommon.


4 Cyber Threat Report: UK Legal Sector

A good example of a threat report to help companies. Since legal companies in other companies face equal threat, just use and reuse this report! More awareness never hurts. This sector is known for dealing with real sensitive information that really should be kept secure at any time.


5 The privacy loophole in your doorbell

Most non tech people in my country do not see the danger of smart doorbells. More awareness is needed. Smart doorbells are insecure and most companies behind these devices sell your data. With advanced AI software for visual recognition becoming mainstream, a disaster is looming.


6 What is memory safety and why does it matter?

Memory safety is a property of some programming languages that prevents programmers from introducing certain types of bugs related to how memory is used. Memory safety bugs are often security issues, memory safe languages are more secure than languages that are not memory safe.


7 An Open-source LTE Downlink/Uplink Eavesdropper

LTE sniffers are important for security and performance analysis because they can passively capture the wireless traffic of users in LTE network. Due to the nature of LTE traffic being transferred over the air interface, anyone with the appropriate hardware can sniff LTE signals.


8 Microsoft denies data breach, theft of 30 million customer accounts

A disturbing read. Imho again a warning that ‘Cloud’ != ‘Secure by default’…


9 Gmail client-side encryption: A deep dive

Reading about client-side encryption in Gmail on the security Blog of Google is fun. Unfortunately, the real details are missing but the concepts are nicely visualized.


Our partners:


The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.