it-security – Flying Upside Down

“The recent CCleaner malware outbreak is much worse than it initially appeared, according to newly unearthed evidence. That evidence shows that the CCleaner malware infected at least 20 computers from a carefully selected list of high-profile technology companies with a mysterious payload. (credit: Talos ) Previously, researchers found no evidence that any of the computers infected by the booby-trapped version of the widely used CCleaner utility had received a second-stage payload the backdoor was capable of delivering.”

Source: CCleaner malware outbreak is much worse than it first appeared

Yikes!

Source papers for people who actually want to read about it:

Lots of interesting talk about the fundamentals of a secure system and it’s applications to computers.

Quote I liked (empahasis mine):

The most basic security antipattern is to “do nothing”. That means accepting any and all risk, though. Another is to “do it yourself”; that leads to thinking the system is secure because of custom elements, such as non-peer-reviewed cryptography algorithms or implementations and security through obscurity. “Hand-rolled” security systems have not fared well over the years—developers have learned that implementing stream ciphers, for example, should not be tackled in-house. But there is still a fair amount of security by obscurity, such as “super unguessable URLs”. If a product becomes successful, which is what you want, the unguessable will become all-too-guessable.

Source: [$] Antipatterns in IoT security