Security Leftovers
-
OpenSSF (Linux Foundation) ☛ AI Cyber Challenge (AIxCC) and the Needle GNU/Linux Kernel Vulnerability – Part 1
Could artificial intelligence (AI) practically help find and fix vulnerabilities in a scalable way? We don’t know for certain, but there’s hope that it could. In this article, we’ll look at a competition to encourage the development of AI-enabled tools that will automatically find and fix vulnerabilities. By itself, this would be a little abstract. To make our discussion concrete, we’ll look at this competition through the lens of a specific vulnerability in the GNU/Linux kernel called “needle”.
-
SANS ☛ Finding Honeypot Data Clusters Using DBSCAN: Part 1, (Wed, Jul 10th)
Sometimes data needs to be transformed or different tools need to be used so that it can be compared with other data. Some honeypot data is easy to compare since there is no customized information such as randomly generated file names, IP addresses, etc.
-
APNIC ☛ [Podcast] Testing Post Quantum Cryptography DNSSEC
If quantum computing becomes viable, Post Quantum Cryptography (PQC) will be needed to replace RSA and ECC signatures in DNSSEC. How well can today's DNS system handle PQC methods?
-
Reproducible Builds: Reproducible Builds in June 2024
Welcome to the June 2024 report from the Reproducible Builds project!
In our reports, we outline what we’ve been up to over the past month and highlight news items in software supply-chain security more broadly.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by AlmaLinux (buildah, gvisor-tap-vsock, kernel-rt, libreswan, linux-firmware, pki-core, and podman), Fedora (firefox and jpegxl), Gentoo (Buildah, HarfBuzz, and LIVE555 Media Server), Oracle (buildah, gvisor-tap-vsock, kernel, libreswan, and podman), Red Hat (containernetworking-plugins, dotnet6.0, dotnet8.0, fence-agents, kernel, libreswan, libvirt, perl-HTTP-Tiny, python39:3.9, toolbox, and virt:rhel and virt-devel:rhel modules), SUSE (firefox, freeradius-server, haproxy, jbigkit, kernel, kernel-firmware, pam, ppp, python3-cryptography, skopeo, and tar), and Ubuntu (dotnet6, dotnet8, exim4, firefox, golang-1.21, golang-1.22, openssh, and python-django).
-
Silicon Angle ☛ Security vulnerability in NSA training tool allowed unauthorized content modifications
Founded by President Harry Truman in 1952, the U.S. National Security Agency is supposed to provide security through intelligence gathering, but what happens when it overlooks its own security? A new report from Contrast Security Inc. today details just that: a security vulnerability found in SkillTree, an open-source NSA training platform maintained on Microsoft's proprietary prison GitHub .