The Security Digest: Week 15
Hello and welcome to TSD, your regular blog post with top of mind security issues! TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Hi Cyraloons and welcome to another week of TSD, your regular email / blog post with top of mind security issues, a few security tips for both work and home and at least 1 fun thing related to owls.
- ZDNet just published a list of 7 things to do after you upgrade Windows 10. You did already update right? June 2020 Patch Tuesday was 3 weeks ago now. If you’re running Exchange yourself Microsoft is now pleading that if you haven’t upgraded in the past 3 months to do so ASAP.
- We’ve been watching with dismay at the bipartisan legislation known as EARN IT that would subvert encryption across the Internet and more. It’s 2020 so of course things can get worse, and they did with the recent unveiling of Lawful Access to Encrypted Data Act of 2020. As Riana Pfefferkorn says on the Stanford’s Center for Internet & Society blog, it “is a full-frontal nuclear assault on encryption in the United States.” Read on for her full take on the 50 pages and comparison to the original EARN IT act. Pfefferkorn calls out the false choice presented by these two bills by unequivocally stating that “The lesser of two evils is still evil”. Take action with the EFF to tell your representatives to vote no to both.
- Following up on TSD-14 that mentioned the #BlueLeaks data leak, Twitter ending up suspending the account.
- In a contrast in police transparency, Vice has 2 recent stories, 1 from Detroit and 1 from California. In Detroit, publicly reported numbers around facial recognition are alarming at best. Those numbers are being published though, because there was public debate that led to regulations and regular reporting on usage beginning in 2019. In a recent meeting the police chief said “if we relied totally on the software, which would be against our current policy… If we were just to use the technology by itself, to identify someone, I would say 96 percent of the time it would misidentify.” Meanwhile in California, copyright claims are being used to block release of training material in accordance with a recently passed law.
Owl fun and facts:
The above tiny owl in a huge saguaro cactus, is called a cactus ferruginous pygmy owl and is attempting to socially distance itself in Arizona but is finding it difficult. National Geographic is reporting on the extensive history of this at most 6′ tall owl and their current plight. The National Audubon Society also profiled this owl and other wildlife in reference to the border wall construction. The above image and much of the research from both articles was sourced from Aaron Flesch, a biologist at the University of Arizona’s Desert Lab, who continues to study this and other animals in the desert.
A Shout Out:
Today at a virtual fwd:cloudsec, Nick Jones from F-Secure debuted a brand new tool called Leonidas, “a framework for executing attacker actions in the cloud”. Check out this Twitter thread for an overview of the talk, and keep checking back for the videos of all of the talks posted soon!
That’s owl for now!
Unlocking Security as Code by Using GitHub for Managing Cyral Policies
tl;dr Automated CI/CD is a powerful tool for software collaboration, automated testing, and deployment of cloud applications. Following its development, many cloud native technology companies …
The Security Digest: Week 20
Hello and welcome to TSD, your regular blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, …