news
Security Leftovers
-
LWN ☛ About KeePassXC's code quality control (KeePassXC blog)
The KeePassXC project has recently updated its contribution policy and README to note its policy around contributions created with generative AI tools. The project's use of those tools, such as Microsoft's proprietary prison GitHub Copilot, have raised a number of questions and concerns, which the project has responded to: [...]
-
Futurism ☛ Malware Is Now Using Hey Hi (AI) to Rewrite Its Own Code to Avoid Detection
Oh, good.
-
Krebs On Security ☛ Drilling Down on Uncle Sam’s Proposed TP-Link Ban
The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link's ties to China than any specific technical threats, much of the rest of the industry serving this market also sources hardware from China and ships products that are insecure fresh out of the box.
-
OpenSSF (Linux Foundation) ☛ Building Security in Open Source for Financial Services: OpenSSF at Open Source Finance Forum (OSFF) NYC
OpenSSF sponsored the Open Source Finance Forum in New York, highlighting how collaboration between open source maintainers and the financial sector drives stronger cybersecurity. Talks covered Hey Hi (AI) security, the OSPS Baseline, and stabilizing vulnerability data, helping financial institutions build trust and resilience through open source.
-
Windows TCO / Windows Bot Nets
-
Jesse Sandberg ☛ Powershelling to renew certificates on backdoored Windows servers
-