Weekly Digest – Week 31, 2021

Articles and News

The Logic Behind Three Random Words

This blog post gives some background information on the three random words password creation advice.

https://www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words

#password-strength #password

Kubernetes Hardening Guidance

Kubernetes hardening guide by the NSA and CISA.

https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF

#kubernetes #kubernetes-security #cisa #nsa #container-security

The Apple PSI System

Paper about the cryptography and security analysis behind the Apple PSI system.

https://www.apple.com/child-safety/pdf/Apple_PSI_System_Security_Protocol_and_Analysis.pdf

#csam-detection #apple #apple-psi

Linux Kernel Security Done Right

Suggests for improving Linux Kernel security, e.g. by converting redundant downstream kernel bug-fixing by vendors into greater upstream collaboration.

https://security.googleblog.com/2021/08/linux-kernel-security-done-right.html

#linux-kernel #linux-security

HTTP/2: The Sequel is Always Worse

This blog post investigates HTTP/2 implementation issues and some of the resulting security implications.

https://portswigger.net/research/http2

#http/2 #http #web-security

The Open-Source Movement Comes to Medical Datasets

https://hai.stanford.edu/news/open-source-movement-comes-medical-datasets

#open-source #health-data #medical-dataset

Project and Releases

OpenShift 4.8

OpenShift 4.8 brings, among other improvements, an additional OCI-compliant runtime based on Kata Containers, NVIDIA multi-instance GPU, OpenShift Pipelines, IPv6 support, and serverless functions as a technology preview.

https://cloud.redhat.com/blog/red-hat-openshift-4.8-is-now-generally-available

#kuberentes #openshift #red-hat #type:release