Weekend Reads 112020

The Internet is the quintessential example of collaboration across stakeholders and geographic boundaries resulting in both economic gain and seismic innovations. Yet as the Internet evolves it is increasingly regulated by nation states as they claim sovereignty over one issue or another, and dominated by a few large players.

The pandemic ushered in a golden age of remote test proctoring – but students say the technology can be invasive and biased

For those that have been in the industry for more than a couple of years, you will remember when Microsoft retired the very powerful and well-documented security bulletins back in 2017. At the time, we felt that it was a severe reduction in the availability of information; Microsoft was suddenly communicating much less information.

If you’re an IT security professional, mastering mystifying terminology and arcane acronyms is a rite of passage — maybe even a badge of honor. But there’s one unusually blunt cybersecurity term anyone can understand — the “kill chain.” A successful attack (the “kill”) doesn’t just happen.

Upgrading a security protocol in an ecosystem as complex as the Internet is difficult. You need to update clients and servers and make sure everything in between continues to work correctly.

Apple on Thursday advised developers they need to clarify the privacy practices of apps distributed through its App Store, a requirement previewed earlier this year.

A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies.

If you choose to manage your own email infrastructure, it’s vital to put email filtering in place. A considerable amount of unwanted email can be dealt with at the Simple Mail Transfer Protocol (SMTP) handshake, followed up with content filtering. At both of these points, you can use Domain Name System Blocklists (DNSBLs).

You’ve possibly just found out you’re in a data breach. The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. But you should change it anyway. Huh? Isn’t the whole point of encryption that it protects data when exposed to unintended parties?

As a bit of a thought experiment, I asked myself, “What if I had to develop an application security program with a budget of zero dollars? How would I do it?” People often talk about unlimited security budgets. Some of the largest companies in the world have gone on record to say that there is no limit to what they’ll spend on cybersecurity.

The latest exploit in the series of issues with cloud infrastructure software is called “ContainerDrip” (CVE-2020-15157)and in some cases it can cause you to leak your registry secrets to an attacker. The attack is actually a kind of secret or password leak using request forgery.

Ransomware victims that pay threat actors to keep them from releasing data that might have been stolen during an attack often end up getting doxxed and hit with additional demands for money for the same dataset anyway.

So how can outsourcing email be tailored to fit the exact needs of each organization? The answer is it can’t. Not entirely. Once you start to outsource email, you need to remember that you become one of many. For instance, in the case of Google Workspace, you become one of six million customers.

For those already familiar with Kubernetes and its components, the conversation is usually around maximizing Kubernetes’ power. But when you’re just learning Kubernetes, it’s wise to begin with some general knowledge about Kubernetes and its components (including the Kubernetes scheduler), as shown in this high-level view, before trying to use it in production.

If you think HPC architectures have changed rapidly in recent years, brace yourself for the future when things will be moving at light speed.