Week of August 2

By /

Welcome to my weekly letter, where I share a few noteworthy articles and my own commentary. Without further ado…

Weekly Read

  • A New Tool Wants to Save Open Source From Supply Chain Attacks (Wired) – the tool here is code signing (via cryptography) to ensure apps run in the supply chain are ‘trusted’.  It’s the same concept as email signature verification or how FIDO/PIV/PKI establish your digital identity.  Soon, everything will have to be digitally signed…
  • Facial Verification Won’t Fight Fraud (Wired) – No it won’t.  Actually using it to establish identity will cause more problems than solving them, since that’s probably the weakest form of biometrics.  The article got to a very good point, and it connects with the last article above: the real issue is the lack of a secure digital ID system. 
  • Apple Says It’s Time to Digitize Your ID, Ready or Not (Wired) – the ability to store and present digital ID on phones definitely has its appeal (for consumers), and I believe the ability to present cards/IDs on a lock screen is a feature Android phones already has for at least 2~3 years (via Google/Android Wallet, or Google Pay or Android Pay…? I lost track of what they call that app nowadays.  Thanks to Google’s various rebranding efforts).  Yet there will always be occasions where a separate ID card works better.  Perhaps it is time to think about adapting a biometric access key as digital/physical ID (disclaimer: I recently started working at the company)
  • As Ransomware Demands Boom, Insurance Companies Keep Paying Out (Wired) – it’s tough.  the insurance carrier is in a position to stop the vicious cycle (by stopping the cover ransomware-attack), forcing clients to take more actions to forge stronger protection against the attacks.  Yet, it is probably a good chance that no matter how hard the clients try to protect their infrastructure, the hackers will still get through…  Such a catch-22.
  • Russian Hackers Are Trying to Brute-Force Hundreds of Networks (Wired) – Of course it was done by a state-sponsored agency named GRU!  A good reminder article – set up tough passwords AND use a tough MFA!
  • Windows 11’s Security Push Puts Microsoft on a Collision Course (Wired) – Looking at the history of Windows OS, I remember how Windows 3.0, 95, 98, XP, Vista, … each version pushed the hardware requirements, typically by CPU specs, RAM, and sometimes storage resources.  We now see Windows 11 requiring a specific security chip (TPM).  It is indeed the era of digital security!

That’s it for this week! Have a nice weekend!

Stay Tuned…

It’s super easy to follow my updates:

  1. If you use any feed readers (e.g. Feedly): Subscribe to my site’s RSS feed
  2. If you are a Medium user, follow me or my publication. Optionally you can adjust your email preference to get my updates via emails
Scroll to Top