Security Leftovers

posted by Roy Schestowitz on Oct 03, 2022,
updated Oct 03, 2022

• iTWire - Even Barnaby Joyce knows Optus attack was anything but sophisticated!

  When even National Party MP Barnaby Joyce, not a politician known for his technological nous, seems to know the Optus attack was not in any way sophisticated, then the telco really does have a big problem.

  Surprisingly, Optus chief executive Kelly Bayer Rosmarin does not seem to be aware of this basic fact and needs a so-called independent review to find out what world+dog now knows.

  The Australian quoted Joyce as saying (when and where the man made this pronouncement wasn't specified, but then it rarely is): “It wasn’t a very sophisticated way to get into the Optus information and therefore, they have absolutely compromised their capacity to do their job, their duty of stewardship to their customers in protecting their privacy.

• Software Supply Chain Attacks Are A Growing Threat [Ed: IBM-sponsored propaganda/marketing site propels the false narrative of "supply chain" to demonise stuff while totally overlooking CISA/NSA back doors -- the real issue along with outsourced manufacturing of hardware]

  There’s a lot going on in the world right now, so you probably don’t need something more to worry about. But the cat-and-mouse world of cybersecurity never sleeps, and one of the threats keeping the good guys up at night right now is the growing risk of software supply chain attacks. Unfortunately, security through obscurity won’t provide as much protection for the IBM i server this time around.

• Episode 343 - Stop trying to fix the open source software supply chain - Open Source Security

  Josh and Kurt talk about a blog post that explains there isn’t really an open source software supply chain. The whole idea of open source being one thing is incorrect, open source is really a lot of little things put together. A lot of companies and organizations get this wrong.