Cyber security is a key quality aspect that can not be integrated later in a product. You can not create a better security architecture when your product is finished. Security is a core product quality aspect that can not be added later. Security should be seen as a foundation quality aspect that is developed in parallel with your new product. You don’t have to be a genius to make cyber security simpler and better. Continuous learning is key!
1 Google’s policy change on fingerprinting
Google is not nice when it comes to privacy. The recent change in policy should again be another reason to search harder for alternatives. The UK Information Commissioners Office (ICO) is rather clear. Check their statement!
(Link)
2 The SON OF ROW HAMMER
The words “row hammer” should make you scared. This new technique on flipping bits in DRAM is definitely worrying!
(Link)
3 PostgreSQL Encryption: The Available Options
By default database encryption is still optional at installation. This is a choice. This short (old)blog summarizes again the trivial options. Encryption is a must. The ‘How’ is your choice!
(Link)
4 Security Analysis of WeChat’s MMTLS Encryption Protocol
For everyone who has an unhealthy interest in Cyber Security: This is a very good (technical)report to read. It has been discussed by many. So form your own opinion. Some conclusions can be no surprise ‘apps in the Chinese ecosystem fail to adopt cryptographic best practices, opting instead to invent their own, often problematic systems’. My advice is: Avoid apps at all if you can!
(Link)
5 CVE-2023-27997 Is Exploitable, and 69% of FortiGate Firewalls Are Vulnerable
There is a reason why I advocate to use simple FOSS solutions.This is another example. So replace or update your firewall, the CVE is just 2 years old and new CVEs will come in the near future.
(Link)
6 Reviewing the Cryptography Used by Signal
Very nice blog aka audit report. The outcome: ‘no vulnerabilities were found’. But mind, Signal is not perfect and risks are always present!
( link )
7 US government struggles to rehire nuclear safety staff it laid off days ago
Good Cyber Security is crucial for safety. So when people with the right knowledge are gone we all should be worried.
( link )
8 Key trends in global cybersecurity research: growth, leaders, dark horses
Continuous research on Cyber is vital to prevent future risks. This article gives a nice overview of current research trends. It will be of no surprise that ML/AI Security is currently a very attractive field of research.
( link )
9 Passkey technology is elegant, but it’s most definitely not usable security
Using the same password everywhere is easy, but in an age of mass data breaches and precision-orchestrated phishing attacks, it’s also a disaster in the making.
( link )
Our partners:
The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.