From Security Weekly WikiJump to navigationJump to search
- Exit Stage Left: Eradicating Security Theater from processes and policies in how we build secure software. Check out the video as well. It's an important topic that we wanted to revisit from last episode.
- Lax Security Exposes Smart-Irrigation Systems to Attack Across the Globe also revisits consequence-driven engineering from last episode, and shows why passwordless defaults have different context based on what the device is meant to do. Industrial music on your IoT speakers is a little different than industrial systems on your IoT.
- Update for the removal of Adobe Flash Player: October 27, 2020 shows how to truly end-of-life an application -- you have to downgrade or restore your system to before this patch if you ever want to use Flash again (you don't).
- AWS Nitro Enclaves – Isolated EC2 Environments to Process Confidential Data based on a system that can attest to the integrity of its boot process and similar to Asylo on GCP.
- Home Depot Confirms Data Breach in Order Confirmation SNAFU is a good reminder that data breaches don't always need an external compromise or a cloud misconfiguration -- system errors and software mistakes can be just as dangerous, and can be just as important to your threat modeling discussions.
- Link Previews: How a Simple Feature Can Have Privacy and Security Risks in all sorts of apps, from email to chat to web sites with user-generated content. Most apps that process links have to consider these implications, which means most DevOps teams should be adding them to threat modeling discussions.
- Getting started in macOS security has some useful resources for macOS security. And, of course, there's the Apple Platform Security documentation that gives an overview of security components.