Skip to content

WindowsTechs.com

Collaborate Disseminate

Search for:

Primary menu

Home

Author Archives: Nathan Aw

Software Supply Chain Security – blockchain and smart contract to build workflows to sign, verify and protect software artifacts for true provenance? [closed]

Posted on January 30, 2022 by Nathan Aw

I refer to https://github.com/nathanawmk/using-blockchain-to-establish-software-provenance-thereby-securing-open-source-software-supply-chain
Will the use of blockchain and smart contract to build workflows to sign, verify and protect soft… Continue reading Software Supply Chain Security – blockchain and smart contract to build workflows to sign, verify and protect software artifacts for true provenance? [closed]→

Posted in Software, Vulnerability

Software Supply Chain Security – blockchain and smart contract to build workflows to sign, verify and protect software artifacts for true provenance? [closed]

Posted on January 30, 2022 by Nathan Aw

I refer to https://github.com/nathanawmk/using-blockchain-to-establish-software-provenance-thereby-securing-open-source-software-supply-chain
Will the use of blockchain and smart contract to build workflows to sign, verify and protect soft… Continue reading Software Supply Chain Security – blockchain and smart contract to build workflows to sign, verify and protect software artifacts for true provenance? [closed]→

Posted in Software, Vulnerability

supply chain security – ways of detecting and deterring compromise at a lower level i.e., hardware class of vulnerabilities [duplicate]

Posted on January 30, 2022 by Nathan Aw

Software supply chain focuses on software. How about hardware supply chain security? I refer to Compromise Hardware Supply Chain ("https://attack.mitre.org/techniques/T1195/003/").
I wish to know how can one detect if one’s hardw… Continue reading supply chain security – ways of detecting and deterring compromise at a lower level i.e., hardware class of vulnerabilities [duplicate]→

Posted in Hardware

Applying AI/ML to secure Software Supply Chain Security? [closed]

Posted on January 25, 2022 by Nathan Aw

I refer to https://github.com/ossf/wg-supply-chain-integrity on open source software supply chain security, specifically on an attacker could insert malicious code into a popular open source library and carry out an attack.
Would the appli… Continue reading Applying AI/ML to secure Software Supply Chain Security? [closed]→

Posted in opensource

Is Time-based one-time password (TOTP) sufficiently secure as another factor of authentication?

Posted on January 23, 2022 by Nathan Aw

Given the increasing widespread adoption of Time-based one-time password (TOTP) in view of SMS OTP hacks, Is Time-based one-time password (TOTP) sufficiently secure as another factor of authentication, on top of username/password?
I refer … Continue reading Is Time-based one-time password (TOTP) sufficiently secure as another factor of authentication?→

Posted in TOTP

In view of the recent open source security incidents, does "Security through Obscurity" represent a new way forward? [closed]

Posted on January 20, 2022 by Nathan Aw

With the recent spate of open source software incidents (log4shell, npm hacks), I return to the timeless 1984 turing lecture by ken thompson on trusting trust – https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrusting… Continue reading In view of the recent open source security incidents, does "Security through Obscurity" represent a new way forward? [closed]→

Posted in obscurity

How did Alibaba Cloud Security Team engineer discover the log4j vulnerability? Reverse Engineering, Fuzzing, both or?

Posted on January 19, 2022 by Nathan Aw

How did the Alibaba Cloud Security Team engineer discover the Log4Shell (CVE-2021-44228) vulnerability? What was the detailed account of the discovery and/or the events leading up to the discovery?
More importantly, what are the techniques… Continue reading How did Alibaba Cloud Security Team engineer discover the log4j vulnerability? Reverse Engineering, Fuzzing, both or?→

Posted in Log4Shell

What security controls to guard against malicious Insider Threat Engineers?

Posted on January 19, 2022 by Nathan Aw

In most organisations, there will be watchers who will watch out for insider threats from the employees. e.g., Insider Threat Engineer.
But who will watch the watchers themselves in the event they turn rogue? What security controls exist t… Continue reading What security controls to guard against malicious Insider Threat Engineers?→

Posted in insider threats

Applying Cleanroom Engineering Techniques such as Formal Verification/Formal Specifications to root out 0-day vulnerabilities such as log4shell? [closed]

Posted on December 17, 2021 by Nathan Aw

I refer to Cleanroom Software Engineering Reference Model (https://kilthub.cmu.edu/articles/journal_contribution/Cleanroom_Software_Engineering_Reference/6572228) and Zero-Defect Software (https://trace.tennessee.edu/cgi/viewcontent.cgi?ar… Continue reading Applying Cleanroom Engineering Techniques such as Formal Verification/Formal Specifications to root out 0-day vulnerabilities such as log4shell? [closed]→

Posted in formal verification, Zero Day

Does Log4Shell ("CVE-2021-44228 ") affect K8S/Containers and function-as-a-service (FaaS)?

Posted on December 14, 2021 by Nathan Aw

Does Log4Shell ("CVE-2021-44228") affect K8S/Containers and/or function-as-a-service (FaaS) running image with affected log4j?
I would like to understand if this vulnerability affects ephemeral setups such as K8S/FaaS and how JND… Continue reading Does Log4Shell ("CVE-2021-44228 ") affect K8S/Containers and function-as-a-service (FaaS)?→

Posted in Container, Log4Shell

Post navigation

← Older posts

Newer posts →

Primary Sidebar Widget Area

Infocon Status

Recent Posts

FSF to OnlyOffice: You Can’t Use the GNU (A)GPL to Take Software Freedom Away April 18, 2026
US Government Now Wants Anthropic’s ‘Mythos’, Preparing for AI Cybersecurity Threats April 18, 2026
ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers April 18, 2026
Tool Embodiment and the Dead Trackball April 18, 2026
Ukrainian emergency services and hospitals hit by espionage campaign using new AgingFly malware April 18, 2026

Tag Cloud

Agriculture Alzheimer's Disease Art Audio Automation Bluetooth Building and Construction Campervan Camping Cancer Coronavirus (COVID-19) Cycling Dementia Diabetes DNA Electric Vehicles Food Home House Huawei Indiegogo MIT Mobility Moon New Atlas Audio NVIDIA Off-grid Off-road Pedal-assisted Photography Physics Radio Repair RV Samsung Satellite Sony SpaceX spoofing sustainable design The Immune System Tiny Footprint Training Water Zoom

Archives

Facebook
Twitter
Linkedin
Email

Copyright © 2026 WindowsTechs.com. All Rights Reserved.

Theme: Catch Box by Catch Themes

Scroll Up