Open Security News week 3-2022

Good cyber security solutions are open solutions. Transparency builds trust. Simple solutions that can easily be understand and studied are more transparent than complex proprietary cyber security solutions. Stop reinventing the wheel: Use proven open solutions to fight your cyber security challenges.

1 What NPM Should Do Today To Stop A New Colors Attack Tomorrow

NPM is known for security misery. This blog addresses some needed improvements.


2 Should you use Let’s Encrypt for internal hostnames?

Every organisation hits the problem of enabling TLS on internal servers. Despite all advantages that Let’s Encrypts gives for the Internet facing servers you should solve this problem for your internal servers within your context. This blogs is a good reminder.


3 Open source isn’t the security problem – misusing it is

Security is a process, not a product. Repeat after me, “security is a process, not a product.” Linus’s law, as Eric S Raymond phrased it.


4 Attacks on Email Sender Authentication

Recently I noticed a great talk given at Blackhat 2020. This talk has a great paper, slides and a FOSS tool. Summarized: email is complex. Never trust an email by default. Trust requires more than technology.


5 The Rise of the Professional Security Hacker

The 1990s professionalization of the hacker has set the stage for the next period of struggle over the concept of security in the modern world. Great pdf report for download.


6 Measuring User Perceived Security of Mobile Banking Applications

Mobile banking applications have gained popularity and have significantly revolutionised the banking industry. Despite the convenience offered by M-Banking Apps, users are often distrustful of the security of the applications due to an increasing trend of cyber security compromises, cyber-attacks, and data breaches. Great report based on real research.
(arXiv Link)

7 AI for Beyond 5G Networks: A Cyber-Security Defense or Offense Enabler?

AI’s capabilities and vulnerabilities make it a double-edged sword that may jeopardize the security of future networks. T
(arXiv Link)

8 Software Freedom Doesn’t Kill People, Your Security Through Obscurity Kills People

At least one person has already been killed in a crash while using a proprietary software auto-control system. Most importantly, it ignores the fact that proprietary software in cars is at least equally, if not more, dangerous. Not a new story, but in the aftermath of Log4j again good to realize again!

Our partners:


The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.