From Security Weekly WikiJump to navigationJump to search
, 21:15, 12 November 2020
#[https://medium.com/oreillymedia/container-security-threats-38649261fb4f Container Security Threats] - Good high-level article. There is this: ''Least privilege: You can give different containers different sets of privileges, each minimized to the smallest set of permissions it needs to fulfill its function.'' There is a lot to unpack in that one sentence as there are many sets of privileges (the container user, file system permission, capabilities, AppArmor, Seccomp, etc...).
#[https://www.schneier.com/blog/archives/2020/11/the-security-failures-of-online-exam-proctoring.html The Security Failures of Online Exam Proctoring] - Interesting: ''The remote proctoring industry offers a range of services, from basic video links that allow another human to observe students as they take exams to algorithmic tools that use artificial intelligence (AI) to detect cheating. But asking students to install software to monitor them during a test raises a host of fairness issues, experts say. “There’s a big gulf between what this technology promises, and what it actually does on the ground,” said Audrey Watters, a researcher on the edtech industry who runs the website Hack Education. “(They) assume everyone looks the same, takes tests the same way, and responds to stressful situations in the same way.”''
#[https://arstechnica.com/information-technology/2020/11/researchers-find-way-to-revive-kaminskys-2008-dns-cache-poisoning-attack/ DNS cache poisoning, the Internet attack from 2008, is back from the dead]
#[https://www.zdnet.com/article/google-patches-two-more-chrome-zero-days/ Google patches two more Chrome zero-days | ZDNet]
#[https://www.securityweek.com/term-threat-intelligence-poisoned-it-does-not-mean-what-you-think-it-means The Term "Threat Intelligence" is Poisoned. It Does Not Mean What You Think it Means. | SecurityWeek.Com]