Python is for one of the most used programming language to date. Especially in the AI/ML world ecosystem, most tools are based on Python programs. Large and small businesses use and trust Python to run their business. Python is from security perspective a safe choice. However even when using Python the risk on security issues is never zero.
When creating solutions practicing Security-By-Design to prevent security issues is still needed.
1 Rayhunter
Rayhunter is a project for detecting IMSI catchers, also known as cell-site simulators or stingrays.It’s designed to run on a cheap mobile hotspot called the Orbic RC400L, but thanks to community efforts can support some other devices as well. This is a FOSS Tool from EFF to Detect Cellular Spying. Which is happening at large!
(Link)
2 Google suffers data breach in ongoing Salesforce data theft attacks
Even Google is not immune for cyber breaches. It’s a story from Voice Phishing to Data Extortion. It can happen to anyone. I love this nice visual in this Google explanation.
(Link)
3 Introducing OSS Rebuild: Open Source, Rebuilt to Last
Great new promising project from Google. One difference with most projects that aim for bit-for-bit reproducibility, OSS Rebuild aims for a kind of “semantic” reproducibility:
(Link)
4 Fun with Gzip Bombs and Email Clients
Gzip/Zip bombs have been a security threat for decades. And most applications and code are still vulnerable for this simple attach pattern. So maybe not so fun at all. Glad to known to Python Code Audit checks on these code lines.
(Link)
5 Cross-Site Request Forgery
Reading blogs is not without danger. Not all blogs provide good trustworthy information, most do not!, and can learn something. Either way it takes energy, but continuous learning for cyber should be fun!
(Link)
6 Is Pydantic as safe as it Is popular?
A Quick Look Through a Security Lens. Pydantic is a widely used data validation library in the Python ecosystem. But is it secure?
(Link)
7 Privacy preserving age verification is bullshit
Great piece of writing by the famous privacy fighter Cory Doctorow. Import to keep in mind when reading this: There are possibilities to have an age verification system for sites that preserve your privacy. A good read is the EU age-verification blueprint. Anonymous age verification mechanism is a real thing. This discussion is currently poisoned by fake arguments, believers and non-believers. The paper referred to by Cory is a nice summary: There are limitations. Absolute anonymous age verification is not possible.
(Link)
8 Avoid Python SAST scanners based on AI
Why should you not use AI powered SAST scanners? Simple: Most are just far from good enough. In the best case scenario, you’ll only be disappointed. But the risk of a false sense of security is enormous.
(Link)
Our partners:
The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.