Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

via the inimitable Daniel Stori at Turnoff.US!

Daniel Stori's ‘Permission Issue’ →

April 16, 2024 by Marc Handelman in Daniel Stor, Turnoff.US, Security Flaws
April 16, 2024 /Marc Handelman
Daniel Stor, Turnoff.US, Security Flaws

via the exacting observational skills of Daniel Stori at Turnoff.us!

Daniel Stori's 'Meltdown and Spectre Impacts' →

January 23, 2018 by Marc Handelman in Security Humor, Security Flaws, Security Failure, Sarcasm, Satire
January 23, 2018 /Marc Handelman
Security Humor, Security Flaws, Security Failure, Sarcasm, Satire

Securosis Firestarter: Mike Rothman and Rich Mogull's Breacheriffic EquiFail →

December 18, 2017 by Marc Handelman in Security Flaws, Security Failure, Security Operations

Certainly the most erudite discussion I've found in the secops space; in which, Messrs. Rothman and Mogull discuss recent operational failures from a security operations perspective. Enjoy!

December 18, 2017 /Marc Handelman
Security Flaws, Security Failure, Security Operations

Node Package Manager, Tribulátio, In Paradiso

August 23, 2017 by Marc Handelman in Attacks, Attack Analysis, Security Development, Security Failure, Security Flaws, Information Security, Infosec Competence

Well, looks like there is a bit of bother at npm, what with the security failures of recent import. Read Adam Shostack's well-crafted piece detailing what's broken, and what to do about it (it being fairly obvious once you read his thoughtful post). Enjoy.

"In June, security researcher ChALkeR explained how he "obtained direct publish access to 14% of npm packages (including popular ones). The estimated number of packages potentially reachable through dependency chains is 54%." Then, there was a typo-squatting attack that went undetected for two weeks. And just a few days ago, Ivan Akulov reported on malicious packages in npm." - via Adam Shostack, writing at IANS

August 23, 2017 /Marc Handelman
Attacks, Attack Analysis, Security Development, Security Failure, Security Flaws, Information Security, Infosec Competence

Found Wanting... →

October 09, 2016 by Marc Handelman in Kernel Cracks, Security Flaws, Operating System Security, Operating Systems, Unix-like OS, Linux, Android, Linux Security, Kernel Security

J.M. Porup -  an Ars Technica UK writer - examines the security posture of the Linux kernel, and finds it somewhat wanting...

October 09, 2016 /Marc Handelman
Kernel Cracks, Security Flaws, Operating System Security, Operating Systems, Unix-like OS, Linux, Android, Linux Security, Kernel Security

Feet of Clay, Bitlocker Backdoor →

November 24, 2015 by Marc Handelman in All is Information, Security Flaws, Security Development, Security Architecture, Information Security, Feet of Clay

Lucian Constantin, writing at ComputerWorld UK, tells the tale of Bitlocker, the Feet of Clay edition...

November 24, 2015 /Marc Handelman
All is Information, Security Flaws, Security Development, Security Architecture, Information Security, Feet of Clay

Ah... The Nineties! →

May 26, 2015 by Marc Handelman in All is Information, Security Flaws, Network Security, Networks

Gotta love the 90's... Regardless of that affection, avoid, if you will, blasts from the past such as this newly reported flaw via Peter Bright (writing at Ars Technica) with tinges of that bygone decade... Read it and Weep.

May 26, 2015 /Marc Handelman
All is Information, Security Flaws, Network Security, Networks