Category: Uncategorized

Auto Added by WPeMatico

Leaked GitHub Python Token

Posted on By infossl
leaks, security analysis, Security technology, supply chain, Uncategorized

Here’s a disaster that didn’t happen: Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF). JFrog discussed what could have happened: The … Read More “Leaked GitHub Python Token” »

Education in Secure Software Development

Posted on By infossl
security education, Security technology, software, Uncategorized

The Linux Foundation and OpenSSF released a report on the state of education in secure software development. …many developers lack the essential knowledge and skills to effectively implement secure software development. Survey findings outlined in the report show nearly one-third of all professionals directly involved in development and deployment ­ system operations, software developers, committers, … Read More “Education in Secure Software Development” »

Providing Security Updates to Automobile Software

Posted on By infossl
books, cars, cybersecurity, Security technology, software, Uncategorized

Auto manufacturers are just starting to realize the problems of supporting the software in older models: Today’s phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servicing products seven years after they stop selling them. … Read More “Providing Security Updates to Automobile Software” »

New Research in Detecting AI-Generated Videos

Posted on By infossl
academic papers, artificial intelligence, deepfake, Security technology, Uncategorized, videos

The latest in what will be a continuing arms race between creating and detecting videos: The new tool the research project is unleashing on deepfakes, called “MISLnet”, evolved from years of data derived from detecting fake images and video with tools that spot changes made to digital video or images. These may include the addition … Read More “New Research in Detecting AI-Generated Videos” »

Compromising the Secure Boot Process

Posted on By infossl
cryptography, encryption, keys, passwords, Security technology, supply chain, Uncategorized, vulnerabilities

This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December … Read More “Compromising the Secure Boot Process” »

The CrowdStrike Outage and Market-Driven Brittleness

Posted on By infossl
Security technology, Uncategorized

Friday’s massive internet outage, caused by a mid-sized tech company called CrowdStrike, disrupted major airlines, hospitals, and banks. Nearly 7,000 flights were canceled. It took down 911 systems and factories, courthouses, and television stations. Tallying the total cost will take time. The outage affected more than 8.5 million Windows computers, and the cost will surely … Read More “The CrowdStrike Outage and Market-Driven Brittleness” »

Data Wallets Using the Solid Protocol

Posted on By infossl
data privacy, data protection, inrupt, security standards, Security technology, Uncategorized

I am the Chief of Security Architecture at Inrupt, Inc., the company that is commercializing Tim Berners-Lee’s Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here, but basically a digital wallet is a repository for personal data and documents. Right now, … Read More “Data Wallets Using the Solid Protocol” »