Weekend Reads 042922

Our current encryption standards protect our bank accounts, financial markets, and most of our infrastructure, not to mention the logistics/supply-chain management system in the US Defense Department. But what happens when quantum computers can decipher the current asymmetric encryption that protects our vital systems?

Local governments all over the country are choosing ISP partners and making grants from ARPA funds to help bring better broadband. Today’s blog is a warning to handle the awards of such monies in a way as to be safe from challenges from ISPs you don’t choose to fund.

In a resounding victory for companies whose business model depends on web scraping, the U.S. Ninth Circuit Court of Appeals held this week that such activity does not violate the U.S. Computer Fraud and Abuse Act.

OpenTelemetry is considered by many the future of instrumentation, and it’s not hard to understand why. In a world where successful companies are software companies, the need to collect observations from running code is almost universal. Through metrics, logs, and traces, observability data gives us the information we need to inspect how our applications run—and thanks to projects like OpenTelemetry, observability is becoming accessible to everyone.

Organizations using newer versions of Oracle’s Java framework woke up on Wednesday to a disquieting advisory: A critical vulnerability can make it easy for adversaries to forge TLS certificates and signatures, two-factor authentication messages, and authorization credentials generated by a range of widely used open standards.

Recent ransomware attacks against internet-facing systems have served as a wake-up call. Now that Zero Trust has become the gold standard for enterprise security, it’s critical that organizations gain a complete picture of their attack surface—both external and internal.

The reason I put it this way is that DevOps has infamously become a sinkhole for all the efforts of COTS (Commercial Off the Shelf) applications. These apps may come in a few different forms, from full VM workloads to containerized applications.

APT36 or Earth Karkaddan is an advanced persistent threat (APT) actor group targeting various government entities, most especially those based in India.

Attackers who want to exploit the critical remote code execution vulnerability disclosed in the Apache Log4j logging tool over four months ago still have a vast array of targets to go after.

On the web, network communications are almost exclusively protected via HTTPS/TLS. The protocol is designed to provide guarantees of data confidentiality, authenticity, and integrity, and its use is typically indicated through a lock icon in the browser.

Driven by the popularity of agile development, the usage of Web application programming interfaces (APIs) has increased dramatically, leaving software-focused companies with larger, and more vulnerable, attack surfaces that can be exploited by threat actors.

To be clear, most employees weren’t choosing to quit working. Rather, they were taking steps to secure better, more meaningful employment. How does one ensure that a job or career change isn’t just a reshuffle with the end result being more of the same?

As always, Linux comes with a great set of tools to work with certificates in the form of OpenSSL. In this post, I will show how to download a certificate and discuss some of the fields that are present in the certificate.

As a result, the need to fight cyber-crime has become even more important in an increasingly digital and interconnected world. This is resulting in record levels of investment in cybersecurity as it becomes a top priority for company leaders, boards, and investors, particularly as governments warn of an increased threat of cyber intrusions following Russia’s invasion of Ukraine.

However, the sophistication and rapid development of modern cyber threats have SOCs struggling. The hybrid working model and the lack of adequate endpoint security have weakened most organizations’ cybersecurity posture.

If you were triggered over word that Dell is pushing a proprietary memory standard, take a chill pill. Dell’s new memory design isn’t really proprietary and may actually lead to benefits for performance laptops.

Starting today, you’ll start seeing a new section within Play Store listings that show information on how apps collect, store and share data.

Facebook is reportedly unable to account for much of the personal user data under its ownership, including what it is being used for and where it’s located, according to an internal report leaked to Motherboard.