Security Leftovers
-
Security
-
Reproducible Builds: Reproducible Builds in October 2024
Welcome to the October 2024 report from the Reproducible Builds project.
Jens Dietrich, Tim White, of Victoria University of Wellington, New Zealand along with Behnaz Hassanshahi and Paddy Krishnan of Oracle Labs Australia published a paper entitled “Levels of Binary Equivalence for the Comparison of Binaries from Alternative Builds”:
The availability of multiple binaries built from the same sources creates new challenges and opportunities, and raises questions such as: “Does build A confirm the integrity of build B?” or “Can build A reveal a compromised build B?”. To answer such questions requires a notion of equivalence between binaries. We demonstrate that the obvious approach based on bitwise equality has significant shortcomings in practice, and that there is value in opting for alternative notions. We conceptualise this by introducing levels of equivalence, inspired by clone detection types.
-
Integrity/Availability/Authenticity
-
Nigerian national gets 10-year sentence for stealing $20 million through business email compromise scams
Through the phishing emails, the hackers gained access to employee login information, which they used to monitor email accounts for messages indicating a buyer was preparing to make a payment. Ayeni and his co-conspirators would then contact the buyer from the compromised email address and provide wire information linking to their financial accounts.
-
If you want to ask me security questions, I might want to ask you security questions
What annoys me, more and more often when these calls crop up, is that the callers - or more accurately, their employers - haven’t stopped to think that maybe they should confirm their identity with me too.
The point of confirming my identity is that the calling company wants to be certain that it’s getting accurate information from the right person. It’s reasonable for that person to want to be certain that they are giving accurate information to the right company. Just because you call me, doesn’t make you legit from my perspective. After all, almost half the calls I get these days are spams, scams or timewasters of some sort.
-
-