Data Safety and Information Security

Data Safety and Information Security

745 bookmarks
Custom sorting
Keyoxide
Keyoxide
A modern, secure and privacy-friendly platform to establish your decentralized online identity
·codeberg.org·
Keyoxide
_FORTIFY_SOURCE
_FORTIFY_SOURCE
glibc 2.3.4 introduced _FORTIFY_SOURCE in 2004 to catch security errors due to misuse of some C library functions. The initially supported functions was fprintf, gets, memcpy, memmove, mempcpy, memset
·maskray.me·
_FORTIFY_SOURCE
MITRE D3FEND Knowledge Graph
MITRE D3FEND Knowledge Graph
D3FEND is a knowledge base of cybersecurity countermeasure techniques. In the simplest sense, it is a catalog of defensive cybersecurity techniques and their relationships to offensive/adversary techniques. The primary goal of the initial D3FEND release is to help standardize the vocabulary used to describe defensive cybersecurity technology functionality.
·d3fend.mitre.org·
MITRE D3FEND Knowledge Graph
Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers
Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers
A number of financial institutions in and around New York City are dealing with a rash of super-thin "deep insert" card skimming devices designed to fit inside the mouth of an ATM's card acceptance slot. The card skimmers are paired…
·krebsonsecurity.com·
Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers
Transacting in Person with Strangers from the Internet
Transacting in Person with Strangers from the Internet
Communities like Craigslist, OfferUp, Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don't deserve to end up in…
·krebsonsecurity.com·
Transacting in Person with Strangers from the Internet
Denial of Wallet Attacks: The new (D)DoS in a Serverless world
Denial of Wallet Attacks: The new (D)DoS in a Serverless world
Denial of Service (DoS) attacks always have been the easiest way to inflict maximum financial damages without requiring advanced skills or techniques. With the advent of cloud computing, website owners can now deploy more resources than the attackers and gracefully handle these primitive attacks. It led to the development of
·kerkour.com·
Denial of Wallet Attacks: The new (D)DoS in a Serverless world
SBOMs Are Great for Supply Chain Security but Buyers Beware
SBOMs Are Great for Supply Chain Security but Buyers Beware
While software bill of materials (SBOMs) have emerged as a potential way for organizations to begin to secure their supply chains, they are not a panacea. However, complementing SBOMs with Supply-Chain Levels for Software Artifacts (SLSA) shows great promise. SLSA provides a framework and roadmap so that the industry can start adhering to the implementation of SBOMs and other security good practices for securing the software supply chain.
·thenewstack.io·
SBOMs Are Great for Supply Chain Security but Buyers Beware
The Security Pros and Cons of Using Email Aliases
The Security Pros and Cons of Using Email Aliases
One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a "+" character after the username portion of your email address -- followed by…
·krebsonsecurity.com·
The Security Pros and Cons of Using Email Aliases
What do we trust to keep our data private?
What do we trust to keep our data private?
We find it fascinating to contemplate the future of privacy and confidentiality in computation. Privacy-enhancing technologies (PETs), as a…
·medium.com·
What do we trust to keep our data private?
ORCID
ORCID
·orcid.org·
ORCID
Subversive Trilemma: Why Cyber Operations Fall Short of Expectations
Subversive Trilemma: Why Cyber Operations Fall Short of Expectations
Abstract. Although cyber conflict has existed for thirty years, the strategic utility of cyber operations remains unclear. Many expect cyber operations to provide independent utility in both warfare and low-intensity competition. Underlying these expectations are broadly shared assumptions that information technology increases operational effectiveness. But a growing body of research shows how cyber operations tend to fall short of their promise. The reason for this shortfall is their subversive mechanism of action. In theory, subversion provides a way to exert influence at lower risks than force because it is secret and indirect, exploiting systems to use them against adversaries. The mismatch between promise and practice is the consequence of the subversive trilemma of cyber operations, whereby speed, intensity, and control are negatively correlated. These constraints pose a trilemma for actors because a gain in one variable tends to produce losses across the other two variables. A case study of the Russo-Ukrainian conflict provides empirical support for the argument. Qualitative analysis leverages original data from field interviews, leaked documents, forensic evidence, and local media. Findings show that the subversive trilemma limited the strategic utility of all five major disruptive cyber operations in this conflict.
·direct.mit.edu·
Subversive Trilemma: Why Cyber Operations Fall Short of Expectations
How the Saitama backdoor uses DNS tunnelling
How the Saitama backdoor uses DNS tunnelling
A walkthrough of one of the stealthy communication techniques employed in a recent attack using APT34's Saitama backdoor.
·blog.malwarebytes.com·
How the Saitama backdoor uses DNS tunnelling
OAuth Security in a Cloud Native World
OAuth Security in a Cloud Native World
Outlining how my thinking has evolved after working with various cloud deployment types and integrating security into many kinds of apps.
·thenewstack.io·
OAuth Security in a Cloud Native World
Does GraphQL Introduce New Security Risks?
Does GraphQL Introduce New Security Risks?
GraphQL is a friendly alternative to REST APIs. But there are some security repercussions of adopting GraphQL developers need to know.
·devops.com·
Does GraphQL Introduce New Security Risks?