Now Tec BlogNow Tec Blog

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    AI poses a risk of human extinction, technology leaders such as Sam Altman warn

    May 31, 2023

    1MDB suspect Kee Kok Thiam dies weeks after returning to Malaysia | Corruption

    May 31, 2023

    Emotional Computing: A Machine that Understands Human Emotions

    May 31, 2023
    Facebook Twitter Instagram
    • Home
    • Business

      Bankman-Fried prepares to accuse law firm of FTX cheating

      May 31, 2023

      Goldman Sachs plans another job cut

      May 30, 2023

      Nationwide spelling bee change described as ‘brutal’

      May 30, 2023

      Debt ceiling agreement ends extension of student loan moratorium

      May 30, 2023

      AOC says Elon Musk promoted his parody Twitter account

      May 30, 2023
    • Gadgets

      Latest TTRPG news, new releases, crowdfunding

      May 30, 2023

      Twitter is only worth a third of what Elon Musk paid

      May 30, 2023

      The Flash director wants Ezra Miller to star in sequel

      May 30, 2023

      Insidious Horror spin-off stars Mandy Moore, Kumail Nanjiani

      May 30, 2023

      Twitter testing community notes for images

      May 30, 2023
    • Tech

      Experts warn AI runaway is in danger of extinction

      May 30, 2023

      How to Polish Your LinkedIn Profile | Wired

      May 30, 2023

      ChatGPT is a lifeline for some people with autism

      May 30, 2023

      It’s the age of Ozempic. Do we need weight watchers anymore?

      May 30, 2023

      How to talk about AI (even if you don’t know much about it)

      May 30, 2023
    • World

      1MDB suspect Kee Kok Thiam dies weeks after returning to Malaysia | Corruption

      May 31, 2023

      NATO launches Arctic exercises, pledges to protect Finland | NATO News

      May 31, 2023

      Russia-Ukraine War: List of Major Events, Day 462 | Russo-Ukrainian War News

      May 31, 2023

      North Korea launches space satellite, warns South Korea and Japan | Military News

      May 30, 2023

      US denounces China’s “aggressive maneuver” over South China Sea | South China Sea News

      May 30, 2023
    • AI

      AI poses a risk of human extinction, technology leaders such as Sam Altman warn

      May 31, 2023

      Experts warn AI could lead to human extinction. Are we taking it seriously enough?

      May 31, 2023

      AI could enable a new kind of PC, could launch in 2024

      May 30, 2023

      AI rally is too narrow

      May 30, 2023

      Preparing for a growing job market thanks to artificial intelligence

      May 30, 2023
    • Apple

      Best deals from Apple: Up to 43% off AirPods, MacBooks, Apple Watch and more at Amazon

      May 31, 2023

      How to activate and use eSIM on Android

      May 30, 2023

      Want another iMac?

      May 30, 2023

      Chargers & Smartphone Accessories Sale: Up To 70% Off

      May 28, 2023

      This hidden camera detector sells for $39

      May 28, 2023
    • ChatGPT

      Massachusetts Hospitals, Physicians and Medical Organizations Pilot ChatGPT Technology

      May 31, 2023

      No ChatGPT in my court: judge ordered all AI-generated content to be declared and checked

      May 30, 2023

      You can now share links to silly ChatGPT conversations

      May 30, 2023

      Lawyers used ChatGPT to cite fake lawsuits. What is Ethics?

      May 30, 2023

      Gee Code: 6 Prompts Gen Z Can Use On ChatGPT To Secure Their Bags

      May 30, 2023
    • Cyber Security

      How data integration benefits cyber risk exposure management

      May 30, 2023

      Interstate 65 near Clanton Hacks Roadwork Signs as Experts Discuss Cybersecurity Best Practices

      May 30, 2023

      How generative AI will reshape cybersecurity

      May 30, 2023

      CUK Legal Department Holds Workshop on Cybersecurity

      May 30, 2023

      Department of Commerce Expands Montana Cybersecurity Program

      May 30, 2023
    • Computing

      Emotional Computing: A Machine that Understands Human Emotions

      May 31, 2023

      Global Cloud Computing Market Size and Forecast in the Education Sector

      May 31, 2023

      Global Cloud Computing Market Size and Forecast in Retail Banking

      May 30, 2023

      Global Next Generation Computing Market Size, Trends, Scope and Top Manufacturers 2023-2030 – SleterFC.com

      May 30, 2023

      HSBC and Quantinuum Explore Quantum Computing in Financial Services – High Performance Computing News Analysis

      May 30, 2023
    • Science

      Healy Gives Life Sciences Companies $24.4 Million Tax Cuts

      May 31, 2023

      “Barkour” Agility Course Made for Robot Dogs

      May 30, 2023

      Black Studies/Scientific Studies: The Science of Language Conference

      May 30, 2023

      LSU alumni want to work at Blue Origin and help others love STEM

      May 30, 2023

      The World’s Largest Freshwater Fish Focuses on its Sensitive Ecosystem | Chemistry

      May 30, 2023
    Facebook Twitter Instagram
    Now Tec BlogNow Tec Blog
    • Home
    • Business

      Bankman-Fried prepares to accuse law firm of FTX cheating

      May 31, 2023

      Goldman Sachs plans another job cut

      May 30, 2023

      Nationwide spelling bee change described as ‘brutal’

      May 30, 2023

      Debt ceiling agreement ends extension of student loan moratorium

      May 30, 2023

      AOC says Elon Musk promoted his parody Twitter account

      May 30, 2023
    • Gadgets

      Latest TTRPG news, new releases, crowdfunding

      May 30, 2023

      Twitter is only worth a third of what Elon Musk paid

      May 30, 2023

      The Flash director wants Ezra Miller to star in sequel

      May 30, 2023

      Insidious Horror spin-off stars Mandy Moore, Kumail Nanjiani

      May 30, 2023

      Twitter testing community notes for images

      May 30, 2023
    • Tech

      Experts warn AI runaway is in danger of extinction

      May 30, 2023

      How to Polish Your LinkedIn Profile | Wired

      May 30, 2023

      ChatGPT is a lifeline for some people with autism

      May 30, 2023

      It’s the age of Ozempic. Do we need weight watchers anymore?

      May 30, 2023

      How to talk about AI (even if you don’t know much about it)

      May 30, 2023
    • World

      1MDB suspect Kee Kok Thiam dies weeks after returning to Malaysia | Corruption

      May 31, 2023

      NATO launches Arctic exercises, pledges to protect Finland | NATO News

      May 31, 2023

      Russia-Ukraine War: List of Major Events, Day 462 | Russo-Ukrainian War News

      May 31, 2023

      North Korea launches space satellite, warns South Korea and Japan | Military News

      May 30, 2023

      US denounces China’s “aggressive maneuver” over South China Sea | South China Sea News

      May 30, 2023
    • AI

      AI poses a risk of human extinction, technology leaders such as Sam Altman warn

      May 31, 2023

      Experts warn AI could lead to human extinction. Are we taking it seriously enough?

      May 31, 2023

      AI could enable a new kind of PC, could launch in 2024

      May 30, 2023

      AI rally is too narrow

      May 30, 2023

      Preparing for a growing job market thanks to artificial intelligence

      May 30, 2023
    • Apple

      Best deals from Apple: Up to 43% off AirPods, MacBooks, Apple Watch and more at Amazon

      May 31, 2023

      How to activate and use eSIM on Android

      May 30, 2023

      Want another iMac?

      May 30, 2023

      Chargers & Smartphone Accessories Sale: Up To 70% Off

      May 28, 2023

      This hidden camera detector sells for $39

      May 28, 2023
    • ChatGPT

      Massachusetts Hospitals, Physicians and Medical Organizations Pilot ChatGPT Technology

      May 31, 2023

      No ChatGPT in my court: judge ordered all AI-generated content to be declared and checked

      May 30, 2023

      You can now share links to silly ChatGPT conversations

      May 30, 2023

      Lawyers used ChatGPT to cite fake lawsuits. What is Ethics?

      May 30, 2023

      Gee Code: 6 Prompts Gen Z Can Use On ChatGPT To Secure Their Bags

      May 30, 2023
    • Cyber Security

      How data integration benefits cyber risk exposure management

      May 30, 2023

      Interstate 65 near Clanton Hacks Roadwork Signs as Experts Discuss Cybersecurity Best Practices

      May 30, 2023

      How generative AI will reshape cybersecurity

      May 30, 2023

      CUK Legal Department Holds Workshop on Cybersecurity

      May 30, 2023

      Department of Commerce Expands Montana Cybersecurity Program

      May 30, 2023
    • Computing

      Emotional Computing: A Machine that Understands Human Emotions

      May 31, 2023

      Global Cloud Computing Market Size and Forecast in the Education Sector

      May 31, 2023

      Global Cloud Computing Market Size and Forecast in Retail Banking

      May 30, 2023

      Global Next Generation Computing Market Size, Trends, Scope and Top Manufacturers 2023-2030 – SleterFC.com

      May 30, 2023

      HSBC and Quantinuum Explore Quantum Computing in Financial Services – High Performance Computing News Analysis

      May 30, 2023
    • Science

      Healy Gives Life Sciences Companies $24.4 Million Tax Cuts

      May 31, 2023

      “Barkour” Agility Course Made for Robot Dogs

      May 30, 2023

      Black Studies/Scientific Studies: The Science of Language Conference

      May 30, 2023

      LSU alumni want to work at Blue Origin and help others love STEM

      May 30, 2023

      The World’s Largest Freshwater Fish Focuses on its Sensitive Ecosystem | Chemistry

      May 30, 2023
    Now Tec BlogNow Tec Blog
    Home»Tech News»New tool aims to save open source from supply chain attacks
    Tech News

    New tool aims to save open source from supply chain attacks

    eduardo_alves38By eduardo_alves38June 18, 2021Updated:June 18, 2021No Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Russia is historically destructive NotPetya malware attack and his most recent SolarWinds Cyberespionage Campaign have something in common besides the Kremlin: they are both real examples of software supply chain attacks. It’s a term for what happens when a hacker slips malicious code into legitimate software that can spread on a large scale. And as more supply chain attacks emerge, a new open source project is poised to take a stand, making crucial protection free and easy to implement.

    The founders of Sigstore Hopefully their platform will drive the adoption of code signing, an important protection for software supply chains, but popular and widely used open source software often overlooks. Open source developers don’t always have the resources, time, expertise, or the means to fully implement code signing on top of all the other non-negotiable components they need to build their code to function.

    “Until about a year and a half ago, I felt like I was the madwoman standing around the corner with a sign saying, ‘The end is drawing near. No one understood the problem, ”says Dan Lorenc, open source software researcher and supply chain engineer at Google. “But over the past year things have changed dramatically. Now everyone is talking about supply chain security, we have a Executive Decree about that, and everyone is starting to realize how critical open source is and how we really need to devote resources to securing the security of it for everyone.

    Lorenc is far from the only researcher who has focused on security challenges open source or supply chain projects. But the general attention generated by recent high-profile hacks has sparked a whole new level of excitement for the work Lorenc and his associates already had underway.

    “It is about first identifying the fruits at hand.”

    Santiago Torres-Arias, Purdue University

    To understand the meaning of Sigstore, you need to have an idea of ​​what code signing does. Think of it like orders of battle fought in ancient times. The generals would recognize the handwriting of the royal scribe, the signature of the commander-in-chief and the wax seal detailed on the envelope, while a carefully controlled web of pages conveyed the messages in a controlled chain of possession. This system worked because it was extremely difficult, but not entirely impossible, for an outside entity to infiltrate the process, replicate crucial elements and bypass all of those integrity checks.

    It is the same for the signature of cryptographic code. You can’t just create a Windows update and distribute it to your closest friends or foes. Only Microsoft can do this unless something badly goes wrong. One of the reasons it’s so difficult for anyone other than Microsoft to send updates to your Windows laptop is because the software has to have been “signed” by the right creator at the right time. It is the seal of John Hancock and wax of the digital age.

    You can see why the stakes are so high, however, for ancient battles and modern software. If someone could send malicious commands or updates, they could stage a coup or compromise billions of computers. The benefits of code signing are clear, but getting hobbyists, volunteers, and other open source contributors to integrate it requires a low barrier to entry.

    “These are huge problems that put infrastructure at risk around the world,” says Bob Callaway, chief architect of open source enterprise software company RedHat. “It is certainly not a panacea that will solve everything, but it will make a big dent for people to actually use the best practices and cryptographic techniques that have been around for a long time and make the versions more secure.”

    Sigstore, which is affiliated with the Linux Foundation, and currently run by Google, Red Hat, and Purdue University, combines two components. First, it coordinates convoluted cryptography for its users; it even gives the possibility of literally managing everything for developers who cannot or do not want to take on the extra work themselves. Using established pre-existing credentials like an email address or a third-party login system like Sign In with Google or Sign In with Facebook, you can quickly begin to cryptographically sign the code you produce as having been created by you at some point. moment. . Second, Sigstore automatically produces a public, immutable open source log of all activity. This ensures public accountability for every submission and a place to start investigating if something goes wrong.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    eduardo_alves38
    • Website

    Related Posts

    Experts warn AI runaway is in danger of extinction

    May 30, 2023

    How to Polish Your LinkedIn Profile | Wired

    May 30, 2023

    ChatGPT is a lifeline for some people with autism

    May 30, 2023
    Add A Comment

    Leave A Reply Cancel Reply

    Editors Picks

    Massachusetts Hospitals, Physicians and Medical Organizations Pilot ChatGPT Technology

    May 31, 2023

    No ChatGPT in my court: judge ordered all AI-generated content to be declared and checked

    May 30, 2023

    You can now share links to silly ChatGPT conversations

    May 30, 2023

    Lawyers used ChatGPT to cite fake lawsuits. What is Ethics?

    May 30, 2023
    Top Reviews
    Advertisement
    Demo
    Now Tec Blog
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • About us
    • DMCA
    • Privacy Policy
    © 2023 nowtecblog. Designed by nowtecblog.

    Type above and press Enter to search. Press Esc to cancel.