Security Leftovers
-
Matthew Palmer: Database Encryption: If It's So Good, Why Isn't Everyone Doing It?
Sometimes, people’s most intimate information gets dumped for the world to see. Other times it’s “just” used for identity theft, extortion, and other crimes. In the least worst case, the attacker gets cold feet, but people suffer stress and inconvenience from having to replace identity documents.
A great way to protect information from being leaked is to encrypt it. We encrypt data while it’s being sent over the Internet (with TLS), and we encrypt it when it’s “at rest” (with disk or volume encryption). Yet, everyone’s data seems to still get stolen on a regular basis. Why?
Because the data is kept online in an unencrypted form, sitting in the database while its being used. This means that attackers can just connect to the database, or trick the application into dumping the database, and all the data is just lying there, waiting to be misused.
-
Reproducible Builds: Reproducible Builds in March 2023
Welcome to the March 2023 report from the Reproducible Builds project.
In these reports we outline the most important things that we have been up to over the past month. As a quick recap, the motivation behind the reproducible builds effort is to ensure no malicious flaws have been introduced during compilation and distributing processes. It does this by ensuring identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.
-
Ways to Protect Your Open-Source Software from Vulnerabilities During Development
Open-source software is gaining a lot of traction in the tech world. Developers, organizations, and even government entities are leveraging their collective power to innovate faster and to create better solutions at a lower cost. But while open source has its advantages, it also has its vulnerabilities.
-
Secret US Documents on Ukraine War Plan Spill Onto Internet: Report
Secret documents that reportedly provide details of US and NATO plans to help prepare Ukraine for a spring offensive against Russia have spilled onto social media platforms.
-
Technical, Legal Action Taken to Prevent Abuse of Cobalt Strike, Microsoft Software [Ed: They pretend to be the heroes rather than culprits]
Microsoft, Fortra and Health-ISAC have taken legal and technical action to prevent the abuse of the Cobalt Strike exploitation tool and Microsoft software.