Security Leftovers
Why are Organizations Struggling to Implement Secure Software Development?
The Secure Software Development Education 2024 Survey, conducted through a partnership between the Open Source Security Foundation (OpenSSF) and 'Linux' Foundation (LF) Research, examines the secure software development education needs of professionals in this field. Our results indicate that the need for security awareness and training is one of the top challenges for organizations.
Hacker Stole Secrets From OpenAI
ChatGPT maker Proprietary Chaffbot Company was breached in 2023, but the company says source code and customer data were not accessed.
Some Data Is ‘Breached’ During a Hacking Attack on the Alabama Education Department
Alabama’s education superintendent said some data was breached during a hacking attempt at the State Department of Education.
Security updates for Friday
Security updates have been issued by Fedora (cockpit, python-astropy, python3-docs, and python3.12), Gentoo (BusyBox, GNU Coreutils, GraphicsMagick, podman, PuTTY, Sofia-SIP, TigerVNC, and WebKitGTK+), Mageia (chromium-browser-stable and openvpn), SUSE (cockpit, krb5, and netatalk), and Ubuntu (kopanocore, libreoffice, linux-aws, linux-oem-6.8, linux-aws-5.15, linux-azure, linux-azure-4.15, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oracle, linux-starfive-6.5, and virtuoso-opensource).
In Other News: Abusive Monopolist Microsoft Details ICS Flaws, Smart Grill Hacking, Predator Spyware Activity
Noteworthy stories that might have slipped under the radar: Abusive Monopolist Microsoft details Rockwell HMI vulnerabilities, smart grills hacked, Predator spyware activity drops.
Overlooked Domain Name Resiliency Issues: Registrar Communications, (Fri, Jul 5th)
I often think the Internet would work better without DNS. People unable to remember an IP address would be unable to use it. But on the other hand, there is more to DNS than translating a human-readable hostname to a "machine-readable" IP address. DNS does allow us to use consistent labels even as the IP address changes.
Reproducible Builds (diffoscope): diffoscope 272 released
The diffoscope maintainers are pleased to announce the release of diffoscope version
272. This version includes the following changes:
* Move away from using DSA OpenSSH keys in tests; support has been removed in OpenSSH 9.8p1. (Closes: reproducible-builds/diffoscope#382) * Move to assert_diff helper in test_openssh_pub_key.py