Security Leftovers
-
2023-04-27 [Older] Enterprise Linux Security Episode 64 - FIPS
-
2023-04-21 [Older] Cisco Releases Security Advisories for Multiple Products
-
2023-04-21 [Older] Drupal Releases Security Advisory to Address Vulnerability in Drupal Core
-
2023-04-21 [Older] Oracle Releases Security Updates
-
2023-04-21 [Older] VMware Releases Security Update for Aria Operations for Logs
-
84% of Australian organisations predict successful cyber attacks in the coming year [iophk: Windows TCO]
According to Mick McCluney, Trend Micro’s technical director for the region, “We saw the Australian cyber-risk index (CRI) improve from -0.54 in 1H 2022 to -0.12 in 2H 2022. It means that organisations may be taking steps to improve their cyber-preparedness. There is still much to be done, as employees remain a source of risk. The first step to managing this is to gain complete and continuous attack surface visibility and control.”
-
Confidential computing primer [Ed: Outsourcing false advertised as privacy (it's not)]
This article is the first in a six-part series in which we present various usage models for confidential computing, a set of technologies designed to protect data in use—for example by using memory encryption—and the requirements to get the expected security and trust benefits from the technology.
In the series, we will focus on four primary use cases: confidential virtual machines, confidential workloads, confidential containers and finally confidential clusters. In all use cases, we will see that establishing a solid chain of trust uses similar, if subtly different, attestation methods, which make it possible for a confidential platform to attest to some of its properties. We will discuss various implementations of this idea, as well as alternatives that were considered.
-
A way forward for PfP: Pain-free Passwords
A month ago I announced the end of PfP: Pain-free Passwords. But I’m allowed to change my mind, right? Yes, PfP will be developed further after all. However, it’s so different that I’m publishing it as a new browser extension, not an update to the existing extension.
Rather than using its own data format, PfP 3.x reads and writes KeePass database files. In order for the extension to access these files, users have to install a PfP Native Host application. This application provides access to the configured database files only.
Also, PfP 3.x no longer generates passwords on the fly. All passwords are stored inside the database, and generating passwords randomly happens when passwords are added. While this makes recovery more complicated, elsewhere it simplifies things a lot.
-
Update: The Swedish authorities answered our protocol request
We have now received a response from the Swedish Prosecution Authority and the prosecutor in charge of the operation, who told us that the search warrant was a decision made in international legal cooperation with Germany. However, the Swedish Prosecution Authority does not want to give any more details and we were not given any protocols with reference to confidentiality.
See the letter from the prosecution office in its entirety below: [...]
-
Samsung bans employee use of ChatGPT after reported data leak: report
Bloomberg reported Tuesday that some Samsung staff members uploaded sensitive code information to ChatGPT, raising concerns that information uploaded to the AI software could be exposed to other users. A memo obtained by Bloomberg News informed employees that they were prohibited from using AI programs like ChatGPT due to cyber security, noting that the data uploaded could also be difficult to retrieve and delete.
-
An Update on the Lock Icon [Ed: Fake security from NSA collaborator, imposing centralisation on the Web]
Editor’s note: based on industry research (from Chrome and others), and the ubiquity of HTTPS, we will be replacing the lock icon in Chrome’s address bar with a new “tune” icon – both to emphasize that security should be the default state, and to make site settings more accessible. Read on to learn about this multi-year journey.
-
Generative AI is about to destroy your company. Will you stop it?
If coders lied as often as ChatGPT, they would be fired immediately. Stunningly, some enterprise execs seem to be just fine with that — as long as AI continues to code quickly and for so little money.
-
Cloud exit pays off in performance too
Last week, we successfully pulled off our biggest cloud exit yet for Basecamp Classic. This is the original app that started it all for us from way back in 2004. And now, after a couple of years running on AWS, it's back on our own hardware, using MRSK, and holy smokes is it fast! Just look at these charts: [...]