Security and Cheap Complexity. Schneier.com blog post. Mass produced insecurity = low cost. Pull quote: “Today, you just grab some standard microcontroller off the shelf and write a software application for it. And that microcontroller already comes with an IP stack, a microphone, a video port, Bluetooth, and a whole lot more. And since those features are there, engineers use them.” And then try to keep up with all the various vulnerabilities that are discovered.
Graph-based JavaScript bug scanner discovers more than 100 zero-day vulnerabilities in Node.js libraries. PortSwigger.net article. New JavaScript analysis tool. Pull quote: “They expanded their test by crawling 300,000 NPM packages and applying ODGen with graph queries to detect queries. ODGen reported nearly 3,000 security bugs, of which the researchers verified 264 that belonged to libraries with more than 1,000 weekly downloads.” How many of those 264 vulnerabilities found their way into critical systems?
Chemical leak at waste disposal plant kills one, injures four in US. HazardExonthenet.net article. Contains link to article from last week on incident. Definitely a CSB reportable incident. Hydrogen sulfide is nasty stuff.
Notice of closed Federal advisory committee meeting. Federal Register Notice. HSAC meeting will include cybersecurity discussion behind closed doors.
DOT PHMSA ALERT Rail Car Training. Notice at FindlayAllHazards.com. PHMSA funded training by The Center for Rural Development and the AHTC (All Hazards Training Center) for responses to incidents that involve rail shipments of crude oil, ethanol, and other flammable liquids.
No comments:
Post a Comment