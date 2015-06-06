Language Selection

Security: Information Operations Kill Chain, Reproducible Builds, Dynamic Application Security Testing

Submitted by Roy Schestowitz on Monday 6th of May 2019 04:13:20 PM Filed under
Security
  • Towards an Information Operations Kill Chain

    On a similar note, it's time to conceptualize the "information operations kill chain." Information attacks against democracies, whether they're attempts to polarize political processes or to increase mistrust in social institutions, also involve a series of steps. And enumerating those steps will clarify possibilities for defense.

    I first heard of this concept from Anthony Soules, a former National Security Agency (NSA) employee who now leads cybersecurity strategy for Amgen. He used the steps from the 1980s Russian "Operation Infektion," designed to spread the rumor that the U.S. created the HIV virus as part of a weapons research program. A 2018 New York Times opinion video series on the operation described the Russian disinformation playbook in a series of seven "commandments," or steps. The information landscape has changed since 1980, and information operations have changed as well. I have updated, and added to, those steps to bring them into the present day: [...]

  • Reproducible Builds in April 2019

    As a quick recap, whilst anyone can inspect the source code of free software for malicious flaws, almost all software is distributed to end users pre-compiled. The motivation behind reproducible builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

  • 3 Opensource Tools for DAST

    DAST or Dynamic Application Security Testing is a method of black-box penetration testing. To understand why DAST is preferred over SAST, let’s take an example. Let’s assume you bought a new car, and you are ready for a test drive. You start the engine, it works, but when you try to stop the vehicle, the brake doesn’t work. You now know that you have a problem, you don’t know what it is, but there is a problem. The DAST approach will comprise of testing the brakes and related parts whereas the SAST approach will completely disassemble the car to look for a flaw. Although, SAST approach might look more precise at the same time is very overwhelming, but on the other hand, the DAST approach is more practical and real-world.

Back End: OpenStack, Kubernetes and Mirantis

  • My summary of the OpenStack Train PTG aka Denver III
    This was the first re-combined event with both summit and project teams gathering happening in the same week and the third consecutive year that OpenStack has descended on Denver. This is also the first Open Infrastructure summit - the foundation is expanding to allow other non openstack projects to use the Open Infrastructure foundation for housing their projects. This is a brief summary with pointers of the sessions or rooms I attended in the order they happened. The full summit schedule is here and the PTG schedule is here.
  • Running networking labs over Kubernetes with Antidote
    I’ve just come across Antidote a recent project that intends at running networking-oriented labs over Kubernetes. It is developped by members of the Network Reliability Engineering community (Juniper-related, AFAIU), to power the NRE Labs platform. It looks very similar to other platforms that allow you to run labs remotely in consoles opened on cloud machines, alongside lab instructions. I find it interesting as the code is published under FLOSS license (Apache), and seems to be runable over any Kubernetes installation: you can test it with Minikube through the selfmedicate repo.
  • [SUSE] Kubernetes – the not so secret ingredient to enterprise success
    Five years ago, the word Kubernetes rang familiar to no one. Fast forward to today and it’s become one of the most well-known container management systems across the globe. Its popularity has grown so much that it’s been recently declared the leading system in the “war for container orchestration dominance” by Forrester in its 2018 cloud predictions. As it stands, almost 4,000 organisations across the world use Kubernetes, and CIOs within every industry consider it to be the management system of choice – especially when dealing with DevOps. It has seen such success that many of the major cloud providers, such as Microsoft and Amazon, have integrated it into their application infrastructure.
  • Configure On-Premise Cloud Environments In Minutes
    Mirantis has launched a web-based SaaS application to help users deploy a compact cloud and experience the flexibility and agility of Infrastructure-as-Code. Model Designer for Mirantis Cloud Platform (MCP) is said to help infrastructure operators build customized, curated, exclusively open source configurations for on-premise cloud environments.

