Russia Says NSA Hacked iOS With Apple’s Help — we Triangulate Kaspersky’s Research - Security Boulevard

Tit-For-Tat #Triangulation Trojan Talk:

#NSA inserted #backdoors into #iOS, says #FSB, allowing @NSAGov to spy on #Russian officials and foreign diplomats.@Kaspersky dubbed it #Triangulation. In today’s #SBBlogwatch, we wonder why it took 4 YEARS to find. At @TechstrongGroup’s @SecurityBlvd: https://t.co/ZoojilKI7M

— @Richi 🤓 Jennings (@RiCHi) June 2, 2023

Dev Jobs are Dead: ‘Everyone’s a Programmer’ With AI ¦ Intel VPUs - DevOps.com

The moral of the story: Too many of us are not living our dreams because we are living our fears

In this week’s #TheLongView:
1⃣ @Nvidia’s CEO grabs headlines by saying your career is toast, and
2⃣ @Intel is still fighting.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/Ym8m7piEbD #DevOps $NVDA $INTC

— @Richi 🤓 Jennings (@RiCHi) June 1, 2023

‘Extinction risk’: Could AI wipe out humans via software backdoors? - ReversingLabs

Generative, schmenerative:

Industry warns of doom unless #AI tamed. Today’s #GenerativeAI models are writing semi-decent code—shouldn’t we worry we’re prepping ground for Skynet?

In this week’s #SSBlogwatch we need your clothes, your boots and your motorcycle. For @ReversingLabs: https://t.co/A0B3AP8Et7

— @Richi 🤓 Jennings (@RiCHi) May 31, 2023

‘Predator’ — Nasty Android Spyware Revealed - Security Boulevard

‘Alien’ Technology:

#Malware used by nation-states to target journos, activists and opposition pols gets deconstructed. Its fast, silent attack is frightening.#Predator runs on #iOS and #Android. In today’s #SBBlogwatch, we unpick it. At @TechstrongGroup’s @SecurityBlvd: https://t.co/mP7WeUHZXy

— @Richi 🤓 Jennings (@RiCHi) May 30, 2023

COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT - Security Boulevard

IEC 60870-5-104 ‘insecure by design’:

New #malware that disrupts #electricity #grid​s. The threat, dubbed #COSMICENERGY, shares DNA with other nasties.

And, yes, it appears to come from #Russia. In today’s #SBBlogwatch, we беспокоимся о будущем. At @TechstrongGroup’s @SecurityBlvd: https://t.co/60TFPSqTH6 #ICS

— @Richi 🤓 Jennings (@RiCHi) May 26, 2023

US DoJ Makes PyPI Give Up User Data ¦ Tape Storage: Not Dead - DevOps.com

The moral of the story: The report of my death has been grossly exaggerated

In this week’s #TheLongView:
1⃣ @PyPI complies with a “string of subpoenas,” and
2⃣ #LTO continues to grow, despite predictions of its demise.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/a9wWCbJgCv #DevOps

— @Richi 🤓 Jennings (@RiCHi) May 25, 2023

‘BrutePrint’ Unlocks Android Phones — Chinese Researchers - Security Boulevard

SPI/TEE MITM FAIL:

A brace of 0-days allow them to unlock @Android phones with a fake #fingerprint. They’ve dubbed it #BrutePrint.

Check your #ThreatModel for broken #biometrics. In today’s #SBBlogwatch, we touch on all the issues.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/iGrXGStaae

— @Richi 🤓 Jennings (@RiCHi) May 24, 2023

PyPI paused as automated attack overwhelms admins - ReversingLabs

Python team needs a rest:

:@PyPI under attack from bots at weekend. Bad actors submitting malicious packages with names similar to established deps.

Yet another scary illustration of fragile #SoftwareSupplyChain​s. In this week’s #SSBlogwatch we look deeper.

For @ReversingLabs: https://t.co/ahUzInOJjM

— @Richi 🤓 Jennings (@RiCHi) May 23, 2023

Facebook Fined $1.3B — Zuckerberg Furious in GDPR Fight - Security Boulevard

GDPR Move for Mark’s Money: No legal way to move Europeans’ data to the US since 2015. Cloud industry better take note.

:@EUintheUS slaps €1.2B fine on @Meta. For @Facebook’s illegal processing of data in US—where there’s no #privacy law.

It’s taken 10 years already. In #SBBlogwatch, we see this rumbling on for another decade.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/cb6h0Zk1aO #GDPR

— @Richi 🤓 Jennings (@RiCHi) May 22, 2023

Google Chrome 3rd Party Cookies Crumbling — Finally! - Security Boulevard

Om Nom Nom Nom Nom: #PrivacySandbox inching towards reality. But concerns remain.

:@Google’s plan to kill the #3rdPartyCookie is moving forward.

The #PrivacySandbox #AdTech APIs are close to being finalized, but more testing needs done. In today’s #SBBlogwatch, we can’t wait another 18 months.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/Zq08qpKL7w

— @Richi 🤓 Jennings (@RiCHi) May 19, 2023

OpenAI to go Open Source — Elon Musk was a ‘Huge Idiot’ ¦ Mojo Risin’ - DevOps.com

The moral of the story: If they say I never loved you, you know they are a liar

In this week’s #TheLongView:
1⃣ Sources say it’s an #OpenSource future for @OpenAI, and
2⃣ Improving #AI #perf with #MojoLang.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/bh0Jgu1sGb #DevOps

— @Richi 🤓 Jennings (@RiCHi) May 18, 2023

MSI UEFI key breach: How safe are YOUR secrets?

OEM OMG: No HSM

Last month’s @MSItweets data theft causing panic: Extremely sensitive signing #keys have been found among the leaked data.

If nothing else, there are important lessons to learn. In this week’s #SSBlogwatch we lock up our secrets.

For @ReversingLabs: https://t.co/QIJL1wXoun

— @Richi 🤓 Jennings (@RiCHi) May 17, 2023

TSA Facial Recognition Pilot Flies Solo at U.S. Airports - Security Boulevard

Your Tinfoil Hat is Under Your Seat: Prepare to have your face scanned at airport security.

:@TSA is piloting a way to match scans of your face with the ID you present at security.

But there are #privacy concerns—are they justified? In today’s #SBBlogwatch, we kick the tires and light the fires.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/4b4S4x3kFi

— @Richi 🤓 Jennings (@RiCHi) May 16, 2023

Microservices Sucks — Amazon Goes Back to Basics - DevOps.com

The moral of the story: Life shrinks or expands in proportion to one’s courage

In #TheLongView: @Amazon @PrimeVideo has ditched its use of #microservices-cum-​#serverless, reverting to a traditional, #monolithic architecture. It vastly improved the workload’s cost and #scalability.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/pGSObEIwSe #DevOps

— @Richi 🤓 Jennings (@RiCHi) May 10, 2023

Red teamers take on AI at DEF CON 31 - ReversingLabs

Near the Tannhäuser Gate:

At @DEFCON 31, #infosec researchers can compete to find vulns in the new generation of #LLM #generativeAI.

From bias, to hallucination and jailbreaks, expect much egg on face. In this week’s #SSBlogwatch we prime for prompt action. For @ReversingLabs: https://t.co/bhxGToJADr

— @Richi 🤓 Jennings (@RiCHi) May 9, 2023

Knives Out for TikTok as Journo Reveals her Spy Story - Security Boulevard

Clock Ticking for U.S. Ban: FT’s Criddle claims ByteDance spied on her—because she wrote damaging stories about TikTok.

Reporter “surveilled” by @TikTok_US staff. Saga left @CristinaCriddle “on edge,” losing sleep and asking, “What is #TikTok?”@ByteDanceTalk denies spying. In today’s #SBBlogwatch, we feel direction wind is blowing. At @TechstrongGroup’s @SecurityBlvd: https://t.co/fx1A8QlLqa

— @Richi 🤓 Jennings (@RiCHi) May 8, 2023

Dallas Reels from Royal Ransomware Raid - Security Boulevard

Royal, née Zeon, born of Conti: Police, 911, courts and other city services staggering to recover

#Dallas still paralyzed from Monday’s #ransomware attack. City IT badly affected—including @DallasPD, 911 dispatch, courts. #Royal ransomware group is perp.

In today’s #SBBlogwatch, we shot J.R. (ask your parents).

At @TechstrongGroup’s @SecurityBlvd: https://t.co/ovMfFAL4dz

— @Richi 🤓 Jennings (@RiCHi) May 5, 2023

FIDO/WebAuthn Passkeys is Inevitable: Get on the Train ¦ IBM CEO Hates WFH - DevOps.com

The moral of the story: The two most important days in your life are the day you are born and the day you find out why

In this week’s #TheLongView:
1⃣ The #Passkeys #authentication standard gets a huge boost, and
2⃣ @IBM’s @ArvindKrishna wants workers back in the office.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/myY00RiYsf #DevOps #DevSecOps #2FA #WFH

— @Richi 🤓 Jennings (@RiCHi) May 4, 2023

SolarWinds hack: Did DoJ know 6 months earlier? - ReversingLabs

DoJ on down-low for half a year:

What did @TheJusticeDept know about the @SolarWinds fiasco? How early did it find out? And who did it tell?

It’s complicated. But Hanlon’s razor probably applies. In this week’s #SSBlogwatch we look at the story from all sides. For @ReversingLabs: https://t.co/cunYTPlzYO

— @Richi 🤓 Jennings (@RiCHi) May 3, 2023

New Apple ‘Rapid’ Update is Slow, Messy FAIL - Security Boulevard

PATCH NOW! Oh, wait, you can’t: “You are no longer connected to the internet,” it sneers.

:@Apple’s new #RapidSecurityResponse update is a mess. The whole thing seems a bit half-baked.

No doubt it’s important to install. In today’s #SBBlogwatch, we’re in the dark—because there aren’t any release notes.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/1dgcYPvzEw

— @Richi 🤓 Jennings (@RiCHi) May 2, 2023

Rust in Windows — it’s Official — Safe and Fast - Security Boulevard

40-year-old code: Starting with ancient, vulnerable legacy, Redmond team is rewriting chunks in the trendy secure language.

Yes, @Microsoft loves @RustLang: It’s rewriting some of @Windows in #Rust. #Security VP @dwizzzleMSFT reveals more, to the excitement of many.

In today’s #SBBlogwatch, we can’t wait for the next #Insider build. At @TechstrongGroup’s @SecurityBlvd: https://t.co/vKeFXQbslb

— @Richi 🤓 Jennings (@RiCHi) April 28, 2023

Linux 6.3: What’s New ¦ AWS Layoffs are a Worry - DevOps.com

The moral of the story: Every strike brings me closer to the next home run

In this week’s #TheLongView:
1⃣ A new #Linux kernel drops, and
2⃣ #layoffs at @AWScloud point to trouble.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/Mgt8eLrtsf #DevOps $AMZN #AWS

— @Richi 🤓 Jennings (@RiCHi) April 27, 2023

#RSAC is bustling — AI + security is huge: #StrongerTogether? - ReversingLabs

#RSAC #AI snacks #StrongerTogether:

At #RSAC, you can’t move for #AI chatter. How will it help with #SoftwareSupplyChain #security? And will it help bad actors?@MosconeCenter is full of people again. In this week’s #SSBlogwatch we believe the hype. For @ReversingLabs’ @SecuredSoftware: https://t.co/2SaXAzF1II

— @Richi 🤓 Jennings (@RiCHi) April 26, 2023

FINALLY! Google Makes 2FA App Useable — BUT There’s a Catch - Security Boulevard

2FA OTP ASAP?

:@Google’s #2FA #OTP app now remembers settings between installs. $GOOG’s #Authenticator app has been worse than useless.

But Google might have reduced your security. In today’s #SBBlogwatch, we sync our thoughts.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/OqBnSHvkZY

— @Richi 🤓 Jennings (@RiCHi) April 25, 2023

Governments Try to Ban Encryption (Yet Again) - Security Boulevard

CSAM: Déjà Vu

Yet again, they’re tugging on the “think of the children” strings.

Really? This tired old argument again? In today’s #SBBlogwatch, we repeat ad nauseam: You can’t make #math illegal.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/ZoFovPDZQ1

— @Richi 🤓 Jennings (@RiCHi) April 24, 2023

EU cyber laws ‘will’ make FOSS devs liable - ReversingLabs

The Python Software Foundation is very, very unhappy with the draft Cyber Resilience Act (CRA) and Product Liability Act (PLA).

European lawmakers want all software makers to be liable for security holes. Even non-profit or hobbyist developers could be sued for negligence.

The EU’s draft Cyber Resilience Act (CRA) and Product Liability Act (PLA) would “create a chilling effect” and do “irreparable harm,” according to the organization behind Python and PyPI. When replicated across other parts of the software supply chain ecosystem, we risk the whole house of cards crashing down — as devs race to limit their liability.

The goal might be laudable, but some aspects need a major rethink. In this week’s Secure Software Blogwatch, we fear unintended consequences.


Read more: EU cyber laws ‘will’ make FOSS devs liable

Drop Everything: Update Chrome NOW — 0-Day Exploit in Wild - Security Boulevard

It’s Help|About time:

:@GoogleChrome has high-severity vuln. Scrotes already exploiting it.#CVE20232033 is a nasty zero-day that needed @Google to rush out an emergency patch.

In today’s #SBBlogwatch, we head for the hamburger.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/KoDNHxIRyk

— @Richi 🤓 Jennings (@RiCHi) April 17, 2023

Western Digital Redux: My Cloud Alive Again, Ransom is $10M+ - Security Boulevard

Your Cloud — But For How Long?

10 days on, @WesternDigital #MyCloud drives are alive again. But #ransomware hackers want huge payday—or will release 10TB of pilfered private data.

In today’s #SBBlogwatch, we wonder if we can trust $WDC ever again.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/EQgCCON5st

— @Richi 🤓 Jennings (@RiCHi) April 14, 2023

Can ChatGPT Fix Bugs? ‘Wolverine’ Dev Says YES - DevOps.com

The moral of the story: Life’s tragedy is that we get old too soon and wise too late

In this week’s #TheLongView: Instead of #AI aids for #programming, what about for #debugging?

The pseudonymous @Bio_Bootloader says he’s persuaded #GPT4 to make his code self heal.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/mAODYklXQw #DevOps #ChatGPT

— @Richi 🤓 Jennings (@RiCHi) April 13, 2023

‘But His Emails!’ — Ukrainian Hackers Hack Hillary Hacker - Security Boulevard

Beware Fancy Bears Bearing Gifts:

Confirms #DCLeaks caper was by #APT28. #Russian #GRU officer #SergeyMorgachev wanted by @FBI for influencing 2016 #election. And now he’s been doxxed—hackers ordered sex toys.

In today’s #SBBlogwatch, we dil-don’t. At @TechstrongGroup’s @SecurityBlvd: https://t.co/vSK7NdipXi

— @Richi 🤓 Jennings (@RiCHi) April 12, 2023

Has public USB ‘juice jacking’ made it into the wild? - ReversingLabs

Déjà vu, but carry protection:

🫣@FBIDenver last week warned folks not to plug into public #USB charging stations.

As more and more laptops can charge via USB PD, traveling #DevOps staff (with credentials etc.) need to be aware.

In this week’s #SSBlogwatch, we remember DEF CON 19: https://t.co/i3mhj08HV3

— @Richi 🤓 Jennings (@RiCHi) April 11, 2023

Yes, You CAN Steal This Car — by Opening the Fender - Security Boulevard

Car Makers: CAN You Not?
Thieves are prising open the front fenders of cars, just below the headlight. The idea is to get at the car’s data bus, known as CAN.

😱 @Toyota #RAV4 and many others vulnerable to #CANbus injection attack. Cars need #ZeroTrust too.

Scrotes CAN spoof the keyless ignition.

In today’s #SBBlogwatch, we bemoan lousy vehicle security design.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/3Sc49Cd1wB

— @Richi 🤓 Jennings (@RiCHi) April 10, 2023

Tesla Staff Shared Saucy Snaps of Customers (Sources Say) - Security Boulevard

I guess I’m banned from Twitter now: Tesla employees mocked and memeified private photos and videos. Firm’s message boards were full of the stuff.

After interviewing nine ex-employees, @Reuters alleges gross misconduct inside #Tesla: “#Private camera recordings, captured by cars, were shared in chat rooms.”

In today’s #SBBlogwatch, we break out the duct tape.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/u97atBZQUT

— @Richi 🤓 Jennings (@RiCHi) April 7, 2023

Android Apps Must Let Users Delete Data ¦ RISC-V in the Data Center - DevOps.com

The moral of the story: Live in the sunshine, swim the sea, drink the wild air

In this week’s #TheLongView:
1⃣ @Google forces apps to make deleting users’ data easier,
2⃣ the @RISC_V drumbeat grows louder.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/PpTTz4PPhD #DevOps @Calista_Redmond @AndroidDev

— @Richi 🤓 Jennings (@RiCHi) April 6, 2023

With Twitter code in the wild, DevSecOps doubts surface - ReversingLabs

Blue bird b0rked:

First, @Twitter’s source code was leaked. Then it open-sourced its #ranking algorithm.

In this week’s #SSBlogwatch we ponder the unintended consequences of “transparency.”

For @ReversingLabs’ @SecuredSoftware: https://t.co/SOnU3SFz3V

— @Richi 🤓 Jennings (@RiCHi) April 6, 2023

TikTok Abused Kids’ Data — UK Fines it $16 Million - Security Boulevard

This is Fine: $8.50 per Child
UK regulator punishes TikTok at 5.5% of revenue. Says app illegally tracked children.

3/ In other news, #Australia bans the app from federal phones, making it the fifth eye to close.

In today’s #SBBlogwatch, we sip our coffee, oblivious to the events unfolding currently.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/KfSJ652phF

— @Richi 🤓 Jennings (@RiCHi) April 4, 2023

Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!) - Security Boulevard

Déjà Vu: Not Your Cloud
Hack of WD systems leads to My Cloud service outage. Owners unable to access files.

3/ Bizarrely, even though users have local files on the NAS, they’re *inaccessible*.

In today’s #SBBlogwatch, we shrug and shuck.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/iiJOzVR05P

— @Richi 🤓 Jennings (@RiCHi) April 3, 2023

npm is Scam-Spam Cesspool ¦ Google in Microsoft Antitrust Thrust - DevOps.com

The moral of the story: Life would be tragic if it weren’t funny

In this week’s #TheLongView:
1⃣ The @npmJS #npm #repo suffers #spam infestation, and
2⃣ Microsoft @Azure makes @GoogleCloud sad.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/7Dx18QMc2T #DevOps

— @Richi 🤓 Jennings (@RiCHi) March 31, 2023

Brits Slap Wrists of DDoS Kids, via NCA’s Fake Booter Sites - Security Boulevard

UK NCA: No Way
UK National Crime Agency nips it in the bud: Aims to scare straight naughty DDoS kiddies.

3/ The theory goes that an early slap on the wrist can stop people becoming hardened #cybercriminals.

In today’s #SBBlogwatch, we’re a tiny bit skeptical, your majesty.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/zjtZKoRmkb

— @Richi 🤓 Jennings (@RiCHi) March 30, 2023

Do you trust AI to find app sec holes while you sleep? - ReversingLabs

Purr-fect? Or cat-astrophe?
Microsoft has turned OpenAI’s LLM onto cybersecurity. “Security Copilot” is its name for conversational, ChatGPT security analysis and monitoring.

Or, at least, so says #Microsoft.

In this week’s #SSBlogwatch we wonder whether to believe the hype.

For @ReversingLabs’ @SecuredSoftware: https://t.co/TMl9H2xe08 #AI #ML #GPT #GPT4 #ChatGPT #ChatGPT4

— @Richi 🤓 Jennings (@RiCHi) March 30, 2023

FINALLY! FCC Acts on SMS Scam-Spam — But Will It Work?

NARRATOR: It didn’t
Federal Communications Commission rules to block illegal text messages. What took you so long?

Sadly, this is likely to be as useful as the Commission’s rules about spoofed calls (i.e., not at all).

In today’s #SBBlogwatch, we ask if it’ll have the desired effect.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/0kOncwKKxh

— @Richi 🤓 Jennings (@RiCHi) March 17, 2023

Scams Lost US $10 BILLION in 2022 — Crypto Fraud Grows Fast - Security Boulevard

Ben is disappointed: FBI reports huge rise in cryptocurrency investment scams. Why am I not surprised?

It makes terrifying reading.

In today’s #SBBlogwatch, we duck and cover.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/iJs11FktrI

— @Richi 🤓 Jennings (@RiCHi) March 16, 2023

GitHub enforces 2FA — it’s about time (given the state of supply chain security) - ReversingLabs

What took you so long, @Microsoft?

This week’s #SSBlogwatch for @ReversingLabs’ @SecuredSoftware: https://t.co/hJnLLAR8Zf #2FA #MFA #SoftwareSupplyChain

— @Richi 🤓 Jennings (@RiCHi) March 15, 2023

SVB: When Silly Valley Sneezes, DevOps Catches a Cold - DevOps.com

The moral of the story: Good friends, good books and a sleepy conscience: This is the ideal life

In this week’s #TheLongView: #SiliconValleyBank and what it means for #DevOps. Your salary is safe, but who’s to blame?

Perhaps we just need *more* SVBs, so the risk doesn’t get concentrated in one bank.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/4tldSt3c8r #SVB

— @Richi 🤓 Jennings (@RiCHi) March 14, 2023

White House to Regulate Cloud Security: Good Luck With That - Security Boulevard

Be careful what you wish for: Biden administration wants new regulations for cloud providers. But we’re not sure it’ll help.

3/ The internet disagrees.

In today’s #SBBlogwatch, we unpick the arguments.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/xnkBuf6Nmu

— @Richi 🤓 Jennings (@RiCHi) March 13, 2023

‘Extraordinary, Egregious’ Data Breach at House and Senate - Security Boulevard

Capitol Trouble: Senators, representatives and staffers suffer PII leak: Could it finally kickstart some action?

3/ By the people, for the people?

In today’s #SBBlogwatch, we wait to see how equal we really are.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/KQDiXatBnP

— @Richi 🤓 Jennings (@RiCHi) March 10, 2023

Ban TikTok, say FBI, CIA, NSA, DNI, GOP, DNC, POTUS (but not ACLU) - Security Boulevard

R.E.S.P.E.C.T. RESTRICT
The White House and both sides of the Senate agree: TikTok needs to be stopped—or at least RESTRICT’ed. A bipartisan bill seeks to make that happen.

This alphabet soup surely means a ban /will/ happen.

In today’s #SBBlogwatch, we refresh our FYPs while we still can.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/IkY8haRQhv

— @Richi 🤓 Jennings (@RiCHi) March 9, 2023

Linux Tweak Brings Big Speedup ¦ DCs in SPAAACE (Redux) ¦ Atlassian Fires 500 - DevOps.com

The moral of the story: You have brains in your head. You have feet in your shoes. You can steer yourself any direction you choose.

In this week’s #TheLongView:
1⃣ @Intel optimizes #Linux multithreaded networking,
2⃣ #DataCenters in #space (again), and
3⃣ more #DevOps toolmaker #layoffs.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/4ZDCq9LweN

— @Richi 🤓 Jennings (@RiCHi) March 8, 2023

White House cyber strategy: A love/hate story - ReversingLabs

A thin line: The Biden administration’s new cybersecurity strategy will, among other things, punish big software developers for failing to follow best practices. And, for the first time, it will make them liable.

3/ Naturally, it’s dividing opinions.

As usual, in this week’s #SSBlogwatch we’re not going to tell you what to think.

For @ReversingLabs’ @SecuredSoftware: https://t.co/n6ZhKsK2YS

— @Richi 🤓 Jennings (@RiCHi) March 7, 2023

Voice-Clone AI Scams — it’s NOT ME on the Phone, Grandma - Security Boulevard

“Wolfie’s fine, honey”
Voice AI tech being misused by scammers: Scrotes fake your voice and call your grandparents.

3/ Stop the world. In today’s #SBBlogwatch, we want to get off.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/64cGC0Grd5

— @Richi 🤓 Jennings (@RiCHi) March 6, 2023

Microsoft FAIL: ‘BlackLotus’ Bootkit Breaks Secure Boot - Security Boulevard

UEFI DBX Ignored for 13 Months: BlackLotus malware targets UEFI Secure Boot. For a mere $5000, you too can own it.

3/ Naïvely negligent or perfectly pragmatic?

In today’s #SBBlogwatch, we dig in and find out.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/kIO161g89k

— @Richi 🤓 Jennings (@RiCHi) March 3, 2023

LinkedIn Job Scams: Out of Hand ¦ 4-Day Workweek: Let’s Get Serious - DevOps.com

The moral of the story: Life is 10% what happens to you and 90% how you respond to it

In this week’s #TheLongView:
1⃣ Don’t get scammed looking for a job, and
2⃣ momentum grows for the 32-hour working week.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/P1LbbJSjpo #DevOps

— @Richi 🤓 Jennings (@RiCHi) March 2, 2023

LastPass revelations: BIG lessons for DevSecOps teams - ReversingLabs

Yearnings for learnings: LastPass has revealed a little more about the vault breach that occurred during August last year. And there are big, big lessons to be learned for Dev(Sec)Ops.

And waddya know? The PC was infected with a #keylogger.

In this week’s #SSBlogwatch we facepalm, furiously.

For @ReversingLabs’ @SecuredSoftware: https://t.co/ySjfUL4sey #LastPass

— @Richi 🤓 Jennings (@RiCHi) March 1, 2023

US Marshals Ransomware Hack is ‘Major Incident’ - Security Boulevard

Useless USMS?
The U.S. Marshals Service (USMS) has been hacked (again). Scrotes stole sensitive stuff (supposedly).

Your tax dollars NOT at work.

In today’s #SBBlogwatch, we lose patience.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/NrCJDiiyDS

— @Richi 🤓 Jennings (@RiCHi) February 28, 2023

‘See No Evil’ — Mozilla SLAMS Google’s App Privacy Labels - Security Boulevard

Google’s not Looking, so You’re Blind: Google doesn’t want you to know what your Android apps do with your data. That seems to be the conclusion from a Mozilla study into Google’s app store.

3/ Oh, what a tangled web we weave.

In today’s #SBBlogwatch, we struggle to be brief.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/LXa1NJagnj

— @Richi 🤓 Jennings (@RiCHi) February 24, 2023

WTH? WFH is 6× Pre-Covid ¦ Plus: Agile Sucks (Redux) - DevOps.com

The Moral of the Story: Life is like a coin—you can spend it any way you wish, but you only spend it once

In this week’s #TheLongView:
1⃣ Working from home #WFH is here to stay, and
2⃣ #Agile is still a failure.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/e7eZXyPq0w #DevOps

— @Richi 🤓 Jennings (@RiCHi) February 23, 2023

Surprise! US DoD Server Had no Password — 3TB of Sensitive Data Leaked - Security Boulevard

I’m Sorry, Dave: Sensitive military data found on unprotected Microsoft Azure server. Defense Department email store left insecure for at least 11 days.

3/ Amateurs. In today’s #SBBlogwatch, we seek professional help.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/dF4Gk01OuM

— @Richi 🤓 Jennings (@RiCHi) February 22, 2023

Lesson from Core-JS: Beware hidden dependencies from indebted Russian devs - ReversingLabs

This is not a drill: Denis Pushkarev has big debts — and his code is EVERYWHERE.
The Code-JS project is absolutely huge. Perhaps your project has a dependency on it? The likelihood is you’d never know.

The #SoftwareSupplyChain #security alarm should be at DEFCON 2 by now.

In this week’s #SSBlogwatch we sum up the situation at fast pace.

For @ReversingLabs’ @SecuredSoftware: https://t.co/LkVjR4i6Bg

— @Richi 🤓 Jennings (@RiCHi) February 22, 2023

GoDaddy Hosting Hacked — for FOURTH Time in 4 Years - Security Boulevard

4th Time’s a Charm: GoDaddy’s web hosting service breached yet again. This time, the perps were redirecting legit websites to malware.

3/ Hey, @GoDaddy: It’s bad enough you keep reporting hacks—but the same hack you failed to clean up previous times? INEXCUSABLE.

In today’s #SBBlogwatch, we note the trouble started when CEO moved from Expedia.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/M1hMQdZ62Q

— @Richi 🤓 Jennings (@RiCHi) February 20, 2023

‘Serious’ Ransomware Emergency in Oakland, Calif. — Legacy FAIL - Security Boulevard

Transparency: We’ve Heard of It
Oakland is still reeling from last week’s ransomware attack. San Francisco’s poorer neighbor is asking for help.

In the meantime, #Oakland’s not even saying if the public’s private information is at risk.

In today’s #SBBlogwatch, we dig below the surface.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/Ie54YtdBYj

— @Richi 🤓 Jennings (@RiCHi) February 17, 2023

Dev of core-js Will Flip Table ¦ Another 451 PyPI Maldeps - DevOps.com

The moral of the story: The healthiest response to life is joy

In this week’s #TheLongView:
1⃣ Denis “@zloirock” Pushkarev is fed up with #CoreJS freeloaders, and
2⃣ hundreds more malicious packages found at @PyPI.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/bHIuuKuFp5 #DevOps

— @Richi 🤓 Jennings (@RiCHi) February 16, 2023

Lessons from ChatGPT, Bing AI, Bard and Copilot: Chatty AI is just a toy - ReversingLabs

Beep, boop; hope, hype: Generative AI isn't ready for prime time. So don't play games with your software development. After the uncritical, hyperbolic stories last week, here comes the fable: The innocent child inconveniently points at Microsoft’s Bing AI demo as if it was a naked emperor.

Some of the mistakes they’re making are absolute howlers.

In this week’s #SSBlogwatch we write one word after another.

For @ReversingLabs’ @SecuredSoftware: https://t.co/Gx5IP8jsYW

— @Richi 🤓 Jennings (@RiCHi) February 15, 2023

Your Mental Health Data for Sale or Rent — 20¢ - Security Boulevard

US GDPR ASAP: Data brokers are selling PII about mental health conditions—such as depression, anxiety, bipolar disorder, PTSD and OCD.

TIL Saint Valentine is also the patron saint of #epilepsy.

In today’s #SBBlogwatch, we love #privacy.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/RA7bAwvIsb

— @Richi 🤓 Jennings (@RiCHi) February 14, 2023

Reddit Hacked — 2FA is no Phishing Phix - Security Boulevard

Snoo Boo Boo: Reddit got hacked with a “sophisticated” spear phishing attack. The individual victim was an employee who clicked the wrong email link.

#FIDO2 / #WebAuthn to the rescue?

In today’s #SBBlogwatch, we open a stopwatch app to time the arms race.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/Kgoqr28BDy #phishing #MFA

— @Richi 🤓 Jennings (@RiCHi) February 10, 2023

Amazing Fast Crypto for IoT — US NIST Fingers ASCON - Security Boulevard

CAESAR Winner Wins Again: Implementing modern cryptography standards on tiny IoT devices is hard. They’re underpowered, need to sip battery charge and something like AES is often overkill.

3/ It’ll be useful on cheap, tiny devices such as #RFID chips (pictured), which cost about 25¢ (also pictured).

In today’s #SBBlogwatch, in #NIST we trust—or do we?

At @TechstrongGroup’s @SecurityBlvd: https://t.co/BJhZlTQFi2

— @Richi 🤓 Jennings (@RiCHi) February 9, 2023

Voice.ai ‘Stole’ Code ¦ AWS Gets Filthier - DevOps.com

The moral of the story: Life is a succession of lessons which, must be lived to be understood

In this week’s #TheLongView:
1⃣ Alleged theft of #GPL code by @getVoiceAI, and
2⃣ @Amazon will run its @AWSCloud #datacenters on gas.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/kr0OeCTPXj #DevOps

— @Richi 🤓 Jennings (@RiCHi) February 8, 2023

C-SCRM: We’re from the government — and we’re here to help with software supply chain security - ReversingLabs

CISA and FASC and NIST — oh my!
A whole alphabet soup of agencies, offices and councils are springing up in D.C. and beyond. They’re trying to help us with the software supply chain security problem.

3/ Sounds terrifying.

In this week’s #SSBlogwatch we remember Ronald Reagan.

For @ReversingLabs’ @SecuredSoftware: https://t.co/ribZWAd9BZ

— @Richi 🤓 Jennings (@RiCHi) February 7, 2023

Dutch Cops Bust ‘Exclu’ Messaging Service, Arrest 42 - Security Boulevard

Exclu Sieve: Crims are Dim
Police in the Netherlands broke open alleged drugs gangs by hacking an encrypted messenger service, Exclu. Lives were saved and alleged perps arrested.

3/ I think we can assume WhatsApp and Signal are still safe.

In today’s #SBBlogwatch, we have nothing to hide.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/FKB5eQdT7G

— @Richi 🤓 Jennings (@RiCHi) February 6, 2023

Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology - Security Boulevard

Euf***ed Up — Again: Anker said its Eufy cameras never send unencrypted video. But a couple of months ago, researchers discovered they did. Despite the clear evidence, Anker denied, delayed and deflected.

We waited 65 days for this?

In today’s #SBBlogwatch, we’re done with the Anker brand.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/fReUMYqynm

— @Richi 🤓 Jennings (@RiCHi) February 3, 2023

OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot | Netflix Blocks Password Sharing - DevOps.com

The moral of the story: Life is like riding a bicycle: To keep your balance, you must keep moving

In this week’s #TheLongView:
1⃣ #ChatGPT darling @OpenAI wants people to write code in English, and
2⃣ the unintended consequences of blocking shared accounts at @Netflix.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/pXmthwdl4K #DevOps $MSFT $NFLX

— @Richi 🤓 Jennings (@RiCHi) February 2, 2023

‘Finish Him!’ US Kills Huawei With Final Tech Ban - Security Boulevard

“Splendid Achievement”
The federal government has cut off Huawei’s last sources of technology. Export licenses for chips and other tech components are finished.

3/ And what of the unintended consequences?

In today’s #SBBlogwatch, we prepare for all-out economic warfare.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/SzokqDZBIc

— @Richi 🤓 Jennings (@RiCHi) February 1, 2023

Google's open source team layoffs: Your software supply chain security is at risk - ReversingLabs

Don’t be evil: Google has laid off many leading lights of the open source world. This will have a profound effect on software supply chain security.

Patronage from firms such as Google was key to security-critical open source projects — e.g., #BoringSSL, #Samba and @KubernetesIO.

In this week’s #SSBlogwatch will the last to leave please turn off the lights?

For @ReversingLabs’ @SecuredSoftware: https://t.co/YkwlxdPbG5

— @Richi 🤓 Jennings (@RiCHi) February 1, 2023

Another Password Manager Leak Bug: But KeePass Denies CVE - Security Boulevard

‘Nihilistic; Dismissive’
Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw.

3/ This strikes many as dangerous.

However, Reichl blames the victim, saying an exploit would be the notional user’s fault for using an insecure device.

In today’s #SBBlogwatch, we dig in.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/dAe0UIjlZ0

— @Richi 🤓 Jennings (@RiCHi) January 31, 2023

‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al - Security Boulevard

Site Seized; Russians Riled: The ransomware scrotes known as Hive got pwned this week. Their servers are no more.

3/ Six months of secret work has paid off, we’re told.

In today’s #SBBlogwatch, мы заняты пчелы.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/y8oFdBlzVo

— @Richi 🤓 Jennings (@RiCHi) January 27, 2023

Microsoft Outage Outrage: Was it BGP or DNS? - DevOps.com

The moral of the story: Life imposes things on you that you can’t control, but you still have the choice of how you’re going to live through this

#TheLongView: All of @Microsoft’s cloud services go down, everywhere. Redmond’s IaaS, PaaS and SaaS—incl @GitHub—were dead for hours, and are still running unreliably—despite Microsoft saying it’s fixed.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/BQfV23PBtU #DevOps

— @Richi 🤓 Jennings (@RiCHi) January 25, 2023

Move over, npm: Trust VS Code extensions at your own risk, dev teams - ReversingLabs

VSC Marketplace FAIL: It’s super easy to spoof Visual Studio Code extensions. And it’s incredibly hard to detect.

3/ It may also be present in @VisualStudio and @AzureDevOps.

In this week’s #SSBlogwatch we run and hide.

For @ReversingLabs’ @SecuredSoftware: https://t.co/fo19rhLAoX

— @Richi 🤓 Jennings (@RiCHi) January 24, 2023

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew - Security Boulevard

FBI TSC CSV on AWS S3: CommuteAir, a United Airlines puddle-jumper affiliate, leaked the federal government’s No-Fly and “Selectee” lists. Or, at least, a snapshot from 2019—totaling more than 1.8 million entries.

3/ I’m amazed it hasn’t happened before.

In today’s #SBBlogwatch, we say hello to our old friend maia arson crimew—@_nyancrimew.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/WgrpNc5vxd #CommuteAir

— @Richi 🤓 Jennings (@RiCHi) January 23, 2023

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks - Security Boulevard

Magenta Maladministration: T-Mobile US has been hacked yet again. In case you’re not keeping score, that’s the sixth time since 2018.

CEO @MikeSievert (pictured) should be un-happy.

In today’s #SBBlogwatch, we wonder if he might become un-CEO.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/xeh5a3HqTe

— @Richi 🤓 Jennings (@RiCHi) January 20, 2023

8-Bit Floating Point for AI/ML? | Amazon and Microsoft Shed Tech Jobs - DevOps.com

The moral of the story: You never really learn much from hearing yourself speak

In this week’s #TheLongView:
1⃣ New ideas bring low-power #ML inference, and
2⃣ more big-tech #jobs are going.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/z4wAPEsoif #DevOps $MSFT $AMZN

— @Richi 🤓 Jennings (@RiCHi) January 19, 2023

GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’? - ReversingLabs

Good thing, or bad?
GitHub launches Code Brushes — a fascinating new “usable prototype” toolbox in the Copilot Labs Visual Studio Code extension. In theory, it can make your code more secure, easier to understand and more.

3/ But is it art?

In this week’s #SSBlogwatch we miss @BobRossOfficial’s amazing hair.

For @ReversingLabs’ @SecuredSoftware: https://t.co/Smd4JAgMQF

— @Richi 🤓 Jennings (@RiCHi) January 19, 2023

Another Password Manager Breach: NortonLifeLock Apes LastPass - Security Boulevard

Monkey123 See — Monkey123 Do: NortonLifeLock is warning customers their passwords are loose. First LastPass, now this?

3/ These things come in threes.

In today’s #SBBlogwatch, we wonder who’s next.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/VkX0g6vG9Q

— @Richi 🤓 Jennings (@RiCHi) January 16, 2023

Yikes, Control Web Panel has Critical RCE — Patch NOW - Security Boulevard

CWP RCE CVE POC BBQ: Linanto’s popular web hosting control panel, CWP, has a nasty flaw. It’s easily exploitable—in fact, it’s being exploited right now.

It’s a 9.8 on the 10-point #CVSS scale.

In today’s #SBBlogwatch, we’re surprised it’s not a perfect 10.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/1SAdehYj9Z

— @Richi 🤓 Jennings (@RiCHi) January 13, 2023

FAA Ground Stop due to Technical Debt? | Don’t Do DIY Crypto! - DevOps.com

The moral of the story: Don’t settle for what life gives you—make life better and build something

In this week’s #TheLongView:
1⃣ The @FAANews’s #NOTAM database gets corrupted, and
2⃣ @ThreemaApp shows why DIY #cryptography is bad.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/3rMIcrbWTg #DevOps #crypto #TechicalDebt

— @Richi 🤓 Jennings (@RiCHi) January 12, 2023

If you don't love me now: JsonWebToken breaks the software supply chain (again) - ReversingLabs

JWT type confusion: Yes, here’s another example of the risks in uncontrolled software supply chains. This npm library is relied upon by countless apps and services — perhaps yours.

3/ The bug’s been fixed by @Auth0, after the #vulnerability was disclosed responsibly by @Unit42_intel.

In this week’s #SSBlogwatch we worry for people who don’t update.

For @ReversingLabs’ @SecuredSoftware: https://t.co/iBhPMnKOPO

— @Richi 🤓 Jennings (@RiCHi) January 11, 2023

Digital License Plates: Stupid, Pointless, Insecure - Security Boulevard

The ‘S’ in IoT is for Security: Reviver’s Rplate digital license plates are inherently insecure: Their design seems to be riddled with privacy holes, given the apparent lack of API security, which is easily defeated.

3/ It’s another silly #SiliconValley digitalization disaster.

In today’s #SBBlogwatch, we pity the fool.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/N7hzzSzUUZ #IoT #Rplate

— @Richi 🤓 Jennings (@RiCHi) January 10, 2023

CES 2023 FAIL: Worst in Show for Security and Privacy - Security Boulevard

This Happened in Vegas — it Should Stay in Vegas: The Consumer Electronics Show wrapped up yesterday. But some vendors faced stiff criticism over their privacy and security stances.

3/ This is the way.

In today’s #SBBlogwatch, we feel #fabulous.

At @TechstrongGroup’s @SecurityBlvd: https://t.co/D6tS8QhzMo

— @Richi 🤓 Jennings (@RiCHi) January 9, 2023

Southwest Airlines: ‘Shameful’ Technical Debt Bites Back - DevOps.com

The moral of the story: I like criticism. It makes you strong.

The débâcle of canceled flights was caused by decades of #TechnicalDebt. That’s the analysis of @Columbia prof @Zeynep. A lack of scalability in #SkySolver, $LUV’s crew sched. system, led to days of paralysis.

At @TechstrongGroup’s @DevOpsDotCom: https://t.co/y6XcUbuNMi #DevOps

— @Richi 🤓 Jennings (@RiCHi) January 5, 2023