July summary - 2017-07

07 July

• Dropbox Paper looks really good!
• There is even an app to link to GitHub https://github.com/maxking/paper-to-git
• Only if it was possible to make it public !?

Tech

Many surveys this month

• Secure Coding
• The JetBrains survey shows that static code analysis and code review are lagging behind other practices https://www.jetbrains.com/research/devecosystem-2017/#key-takeaways
• RiskyBiz podcast with Colin Domony (VeraCode, A code analysis tool). Discussed the divide between developer's reality and "security people" https://risky.biz/RB443/
• O'Reilly: "The alarming state of secure coding neglect: A survey reveals a deep divide between developer aspirations for security and organizational practices." https://www.oreilly.com/ideas/the-alarming-state-of-secure-coding-neglect
• https://www.oreilly.com/ideas/2017-ops-salary-survey?imm_mid=0f4434&cmp=em-webops-na-na-vleu17_nurture_em7_ops_salary_survey
• Infrastructure
• DNS and TLD can be a mess. Will have to read about DNSSEC also ... https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/
• Using BGP to Acquire Bogus TLS Certificates: https://petsymposium.org/2017/papers/hotpets/bgp-bogus-tls.pdf You can spoof IP addresses by tricking BGP.
• OAuth
• As a "Google Suite" administrator, you can white list OAuth apps allowed to access your user's data https://gsuiteupdates.googleblog.com/2017/07/manage-access-to-third-party-apps-with.html
• Containers
• https://opensource.com/article/17/7/how-linux-containers-evolved
• http://www.networkcomputing.com/network-security/linux-container-security-10-essential-elements/932255289

Crypto

• Revokation: does this private key match this public key? Not an obvious question ! https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
• Hacker's mistakes testimony "Recovering data from a disk encrypted by #NotPetya with Salsa20" http://blog.ptsecurity.com/2017/07/recovering-data-from-disk-encrypted-by.html Point is that bad hacker's work is not top quality.
• ECC Tutorial https://Johannes-Bauer.com/compsci/ecc/

Politic

• Monopoly: "A Way to Own Your Social-Media Data" By LUIGI ZINGALES and GUY ROLNIK (JUNE 30, 2017) https://www.nytimes.com/2017/06/30/opinion/social-data-google-facebook-europe.html
• Quete de sens et "tâcherons de la suite Office" http://www.lemonde.fr/campus/article/2017/07/17/le-hipster-patissier-est-aujourd-hui-plus-valorise-que-le-cadre-sup-de-la-defense_5161299_4401467.html