Security Leftovers
-
Sigstore announces the first stable release of code and certificate signing tool for Python [Ed: Centralisation of "trust" (for software in this case) brings a whole host of new issues]
Sigstore community today announced the first stable release of sigstore-python, improving software supply chain security and paving the way for other client implementations of Sigstore that are in earlier stages.
Sigstore is an open source project launched by Linux Foundation with the goal of providing free and stable services for all developers to easily sign, verify and protect their software projects. While code signing is a valuable tool to prevent hackers from co-opting patching systems and delivering malware, it is difficult to implement in open source projects given the complexity of key management.
-
Security researchers report Linux malware with cryptocurrency miner payload [Ed: The problem here is weak passwords, not "Linux" or "SSH"]
"It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system. This bot supports not only DDoS attacks such as TCP flood, UDP flood, and HTTP flood, but various other features including command execution, reverse shell, port scanning, and log deletion," researchers said.
-
New Linux Malware Downloader for Compromised Servers Spotted in the Wild [Ed: Slashdot helps Microsoft sites stagmatise "Linux" as not secure; but the problem here is weak passwords, not Linux; This headline is intentionally misleading, just like the Microsofters']
-
A Brief History of Cryptography
Cryptology is a young science.
Though it has been used for thousands of years to hide secret messages, systematic study of cryptology as a science (and perhaps an art) just started around one hundred years ago.
The first known evidence of the use of cryptography (in some form) was found in an inscription carved around 1900 BC, in the main chamber of the tomb of the nobleman Khnumhotep II, in Egypt. The scribe used some unusual hieroglyphic symbols here and there in place of more ordinary ones. The purpose was not to hide the message but perhaps to change its form in a way which would make it appear dignified. Though the inscription was not a form of secret writing, but incorporated some sort of transformation of the original text, and is the oldest known text to do so. Evidence of some use of cryptography has been seen in most major early civilizations. "Arthshashtra", a classic work on statecraft written by Kautalya, describes the espionage service in India and mentions giving assignments to spies in "secret writing" - sounds like an ancient version of James Bond?
Fast forwarding to around 100 BC, Julius Caesar was known to use a form of encryption to convey secret messages to his army generals posted in the war front. This substitution cipher, known as Caesar cipher, is perhaps the most mentioned historic cipher in academic literature. (A cipher is an algorithm used for encryption or decryption.) In a substitution cipher, each character of the plain text (plain text is the message which has to be encrypted) is substituted by another character to form the cipher text (cipher text is the encrypted message). The variant used by Caesar was a shift by 3 cipher. Each character was shifted by 3 places, so the character 'A' was replaced by 'D', 'B' was replaced by 'E', and so on. The characters would wrap around at the end, so 'X' would be replaced by 'A'.
Another older one:
-
This new Linux malware floods machines with cryptominers and DDoS bots [Ed: So weak passwords are the fault of Linux now?]