Acquisitions and Supply Chains: The Achilles’ heel of Product/Organizational Security

(A reminder to folks expecting “R”/”data science” content: the feed for that is at https://rud.is/b/category/r/feed/ if you don’t want to see the occasional non-R/datasci posts.) Over at the $WORK blog we posted some research into the fairly horrible Cisco RV320/RV325 router vulnerability. The work blog is the work blog and this blog is my blog… Continue reading →

Certifiably Gone Phishing

Phishing is [still] the primary way attackers either commit a primary criminal act (i.e. phish a target to, say, install ransomware) or is the initial vehicle used to gain a foothold in an organization so they can perform other criminal operations to achieve some goal. As such, security teams, vendors and active members of the… Continue reading →

Use GitHub Vulnerability Alerts to Keep Users of Your R Packages Safe

Despite their now inherent evil status, GitHub has some tools other repository aggregators do not. One such tool is the free vulnerability alert service which will scan repositories for outdated+vulnerable dependencies. Now, “R” is nowhere near a first-class citizen in the internet writ large, including software development tooling (e.g. the Travis-CI and GitLab continuous integration… Continue reading →

GDPR Unintended Consequences Part 1 — Increasing WordPress Blog Exposure

I pen this mini-tome on “GDPR Enforcement Day”. The spirit of GDPR is great, but it’s just going to be another Potempkin Village in most organizations much like PCI or SOX. For now, the only thing GDPR has done is made GDPR consulting companies rich, increased the use of javascript on web sites so they… Continue reading →

RIPE 76 Selected Talks

RIPE 76 is going on this week and — as usual — there are scads of great talks. The selected ones below are just my (slightly) thinner slice at what may have broader appeal outside pure networking circles. Do not read anything more into the order than the end-number of the “Main URL” since this… Continue reading →

Does Congress Really Care About Your Privacy?

I apologize up-front for using bad words in this post. Said bad words include “Facebook”, “Mark Zuckerberg” and many referrals to entities within the U.S. Government. Given the topic, it cannot be helped. I’ve also left the R tag on this despite only showing some ggplot2 plots and Markdown tables. See the end of the… Continue reading →

2018 IEEE Security & Privacy (Filtered) Paper Dump

The 2018 IEEE Security & Privacy Conference is in May but they’ve posted their full proceedings and it’s better to grab them early than to wait for it to become part of a paid journal offering. There are alot of papers. Not all match my interests but (fortunately?) many did and I’ve filtered down a… Continue reading →

Pym.js Library Vulnerability in widgetframe Package

What’s Up? The NPR Visuals Team created and maintains a javascript library that makes it super easy to embed iframes on web pages and have said documents still be responsive. The widgetframe R htmlwidget uses pym.js to bring this (much needed) functionality into widgets and (eventually) shiny apps. NPR reported a critical vulnerability in this… Continue reading →

rud.is

"In God we trust. All others must bring data"

Post Category → Cybersecurity