The hottest Security Substack posts right now

And their main takeaways
Category
Top U.S. Politics Topics

A reactionary take on memory safety

lcamtuf’s thing 42 HN points 01 Mar 24
🕹 Technology Security
  1. Memory safety in programming languages like C and C++ is a significant issue due to the risk of buffer overflows and other coding errors.
  2. Although there is a push to adopt memory-safe languages like a mandate from The White House, the practicality and necessity of such a move is questionable.
  3. Challenges in enforcing a complete shift to memory-safe languages include the limited exposure of critical code to attacks and the fact that other security vulnerabilities are more common in causing breaches.

War Is Politics By Other Means

Gideon's Substack 52 implied HN points 13 Nov 23
🌍 World Politics Security
  1. Israel's war in Gaza aims to destroy Hamas as a military organization and establish control.
  2. The objective is not just deterrence but complete destruction of Hamas.
  3. Concerns arise about achieving political objectives and potential radical solutions amidst ongoing conflict.

🐉 Microsoft Layoffs, Dating App Vulnerabilities & Mario Kart Decompilation

ppdispatch 8 implied HN points 20 May 25
🕹 Technology Security
  1. Stack Overflow is trying to rebrand because its traffic is dropping a lot. This change is happening as more developers start using AI tools for help instead of asking questions on forums.
  2. A dating app called Cerca has serious security issues that exposed personal data of thousands of users. This issue shows that new companies often risk safety for faster growth.
  3. The Mario Kart 64 game has now been fully decompiled, making it easier to preserve and possibly port the game to other platforms. This is a big win for gaming history and the open-source community.

Edition 18: The diminishing returns of DAST

Boring AppSec 76 implied HN points 08 Mar 23
🕹 Technology Security
  1. DAST tools were valuable in the past for their ability to discover OWASP top 10 defects
  2. Now, the way software is built has changed, making DAST less effective in CI/CD pipelines
  3. There are still some ways to integrate DAST tools effectively, like repurposing them for low-hanging fruit and using them alongside Pentesters
Get a weekly roundup of the best Substack posts, by hacker news affinity:

December 8, 2024

Letters from an American 16 implied HN points 09 Dec 24
🇺🇸 U.S. Politics Security
  1. Bashar al-Assad's regime in Syria has fallen after over a decade of civil war, leading to excitement and celebrations in the streets. This change opens up hope for a new future for Syria's people.
  2. The U.S. is taking actions to prevent ISIS from becoming stronger in Syria now that Assad is gone. They hit many ISIS targets to ensure that group doesn't regain power.
  3. The loss of Assad shows that no dictator is safe forever. It gives people hope that change is possible, both in Syria and in other places with similar regimes.

A Little Intelligence ...

Trying to Understand the World 5 implied HN points 16 Jul 25
🇺🇸 U.S. Politics Security
  1. Understanding intelligence can be tricky. Many people want quick answers, but the reality is often complicated and requires deeper research.
  2. Media often oversimplifies intelligence, turning it into dramatic narratives. This can make people believe in stereotypes instead of the real workings of intelligence agencies.
  3. Intelligence collection is not just about spying; it involves understanding various interests between countries. Even allies spy on each other to protect their own interests.

AI governance frames

The Good blog 39 implied HN points 30 Jan 24
🕹 Technology Security
  1. AI governance can be viewed through different frames like product safety, innovation policy, and national security risk.
  2. Different approaches to AI governance include preventing competitive dynamics, addressing great power conflict, and improving consumer welfare.
  3. AI governance also encompasses considerations related to military technology, economic growth benefits, and political economy.

Newsletter #0: Zero-Knowledge Proofs

Decoding Coding 19 implied HN points 26 Jan 23
🔮 Crypto Security
  1. Zero-knowledge proofs let someone prove they know something without giving away the actual information. It's like showing you can perform a magic trick without revealing how it’s done.
  2. These proofs have been around since the 1980s and have evolved into important applications in areas like finance and identity verification, especially in Web3 technologies.
  3. ZKPs have key properties like completeness and soundness, but they also come with challenges like being complex to implement and vulnerable to quantum computing attacks.

Meta Updated Threads API, Wallarm $50M, Salt Surface

The API Changelog 4 implied HN points 04 Aug 25
🕹 Technology Security
  1. Meta has improved its Threads API with new features like interactive polls and better analytics tools for developers.
  2. Wallarm raised $50 million to enhance its API security platform, focusing on protecting against AI-related threats.
  3. Anthropic stopped OpenAI from using its Claude models due to what it claims was misuse, highlighting tension in the AI industry.

How security cookie works

bumbread 19 implied HN points 28 Aug 22
🕹 Technology Security
  1. Buffer overruns can lead to memory corruption by writing data outside allocated buffers.
  2. Security cookies are implemented to detect buffer overruns by placing a special value on the stack near the return address, which is checked for changes.
  3. Control over security checks can be managed by compilers, and understanding how security cookies work can be valuable in analyzing assembly code and optimizing performance.

Why Pocket is Rolling with Rollkit

Olshansky's Newsletter 45 implied HN points 29 Sep 23
🕹 Technology Security
  1. Pocket Network is implementing the Shannon Upgrade as a micro-rollup using Rollkit and Celestia.
  2. Pocket Network provides developers with reliable, performant, and cost-effective RPC access to the open internet.
  3. The decision to pivot to Rollkit allows Pocket to focus on core utility, delegate security to Data Availability layers, and scale the number of relays the network can handle.

New Year, New Direction

The Security Industry 35 implied HN points 04 Jan 24
💼 Business Security
  1. The fifth edition of the Security Yearbook will be published in 2024.
  2. Wiley will be publishing the Security Yearbook 2024 for better distribution.
  3. All editions of Security Yearbook will stop being sold in April this year.

Virtual Private Cloud (VPC)

Vasu’s Newsletter 13 implied HN points 25 Oct 24
🕹 Technology Security
  1. A Virtual Private Cloud (VPC) helps businesses create a separate and secure online environment to manage their resources. This means they can control who has access to what information.
  2. With a VPC, administrators can set rules to protect incoming and outgoing internet traffic. It's like having a security system for their online resources.
  3. VPCs come with useful features like VPN connections and load balancers, which help improve communication and manage traffic effectively. This can make online services run more smoothly.

Apple Intelligence, Ticketmaster data breach, Snowflake, BBC pension, Banking trojans, Multifactor authentication

Secure GenAI 1 HN point 10 Jun 24
🕹 Technology Security
  1. Cloud Security is crucial: Recent breaches like Ticketmaster and Snowflake highlight the importance of securing cloud-based systems with robust security measures like multi-factor authentication.
  2. Malware Threats are evolving: Sophisticated malware like the Anatsa banking Trojan emphasizes the continuous evolution of cyber threats, requiring proactive security measures to counter them.
  3. Data Breaches impact all organizations: The breaches affecting diverse entities such as Ticketmaster, BBC, and US government emphasize that cyberattacks pose a risk to organizations of all sizes and sectors.

Software engineering practices you should probably be following in 2024

The Tech Enabler 3 HN points 27 Feb 24
🕹 Technology Security
  1. Prefer statically typed languages over dynamically typed ones as they offer better reliability and help catch errors earlier.
  2. Utilize automatic code formatting tools for consistent code style and to save time on debating formatting during code reviews.
  3. Consider using queues as data sources in event-driven systems for better scalability and leverage infrastructure-as-code tools like Terraform for repeatable and manageable infrastructure.

The “Perks” of Being a Full-Stack Dev, Junior Devs’ Burnout, & JavaScript’s Temporal

HackerPulse Dispatch 8 implied HN points 04 Feb 25
🕹 Technology Security
  1. Junior developers risk burnout by trying to keep up with many new tools instead of mastering the basics. It's better to understand a few things deeply than to know a little about everything.
  2. The push for full-stack developers often spreads skill sets too thin. Companies might want to save money, but true expertise comes from focusing on specific areas.
  3. JavaScript's new Temporal object is designed to fix the old Date issues. It will help developers manage dates and times more accurately and easily.

There is no secure software supply-chain

On Engineering 44 implied HN points 12 Apr 23
🕹 Technology Security
  1. The security of open source software is under threat due to a lack of reliable maintainers, leading to compromised secure software supply chains.
  2. Supply-chain attacks, like the SolarWinds attack, can have massive impacts on government agencies and organizations by compromising dependencies in software.
  3. Incentivizing open source maintainers with money may not always be the best solution; allocating real engineering time and resources to contribute and support open source projects can help maintain software reliability and security.

Present at the Destruction

The Cosmopolitan Globalist 7 implied HN points 21 Feb 25
🇺🇸 U.S. Politics Security
  1. The U.S. has built a strong global order through NATO and free trade after World War II, which led to peace and prosperity. This system is now in jeopardy due to current policies that threaten these alliances.
  2. The recent political shifts in the U.S. are causing worries among European nations about their security, as there is a sense that they can no longer rely on American support. This fear has led Europe to rethink its defense strategies.
  3. A shift away from established democratic values and alliances can lead to chaos and potential conflicts, as abandoning cooperation only benefits adversaries like Russia and China.

Go fix your bugs

Basta’s Notes 40 implied HN points 04 May 23
🕹 Technology Security
  1. Always validate the types of values your API accepts to prevent potential security vulnerabilities.
  2. Be cautious with regular expressions to avoid performance issues like ReDoS (Regular Expression Denial of Service).
  3. Check and handle subdomains and domain name validation to prevent unexpected bugs or failures in your application.

☀️ Newsletter #28: hack the system, catch the light, conquer space...

Women On Rails Newsletter - International Version 19 implied HN points 29 Mar 22
🕹 Technology Security
  1. The newsletter covers topics like Machine Learning, design skills, and historical insights on being a woman developer in the 60s.
  2. Interesting updates on Ruby and Rails, with resources for upgrading to Ruby 3.0, finding Ruby career paths, and insights on Static Site Generators.
  3. Tips include a tool to generate empty commits on GitHub for managing multiple accounts, a tutorial on building a ML Web App, and an article on exploring vulnerabilities in Zoom by a Security Engineer.

Edition 28: ADR v/s Shift-left should be looked at as a "Stock" v/s "Flow" problem

Boring AppSec 7 implied HN points 27 Jan 25
🕹 Technology Security
  1. ADR focuses on real-time data in production, which helps reduce false positives, while shift-left aims to find issues early in the development process to fix them easily.
  2. You need a balance of both ADR and shift-left strategies. ADR manages existing problems (stock), and shift-left deals with changes being made (flow).
  3. When choosing tools, flow tools should be light and supportive for developers, while stock tools track and analyze existing issues. They both require different management approaches.

How To Avoid Losing Your Crypto

DeFi Education 2 HN points 13 Mar 24
🔮 Crypto Security
  1. Many people lose their crypto profits because they don't sell at the right time. It's important to have a plan to take profits when you can.
  2. Understanding the risks of different products is crucial. Many losses come from not knowing how things like hacks or hidden risks can affect your investments.
  3. Security is key to keeping your crypto safe. This means having good practices in place, like using hardware wallets and being aware of scams and phishing attempts.

American Policies Only Make Haiti Worse

QTR’s Fringe Finance 19 implied HN points 14 Mar 24
🌍 World Politics Security
  1. American intervention in Haiti has not improved the country, leading to a cycle of political instabilities and social issues.
  2. US involvement in Latin American countries often contributes to making them more dangerous, impacting the local population negatively.
  3. The situation in Haiti, particularly with figures like Jimmy Cherizier, is complex and requires careful examination beyond surface-level portrayals.

Attested-enclave networks

Gray Mirror 33 implied HN points 10 Jun 23
🕹 Technology Security
  1. An attested network is like a governed network where every app is like its own government.
  2. Network attestation enhances security by allowing nodes to verify the software running on other nodes.
  3. In an attested network, applications can enforce security measures like expiring messages to prevent unauthorized access.

STOP USING vsts-npm-auth

Simple Truth Systems 2 HN points 06 Mar 24
🕹 Technology Security
  1. Vsts-npm-auth is not safe or reliable, with no shared source code and unknown contributors.
  2. There are suspicions about the authenticity of vsts-npm-auth contributors, possibly Microsoft engineers, but lacking transparency.
  3. The recommendation to use vsts-npm-auth, even in Microsoft documentation, raises questions about its credibility and safety.

Nasdaq Tape D API, OatFi $24M, Salt Illuminate

The API Changelog 3 implied HN points 09 Jun 25
🕹 Technology Security
  1. Postman has introduced a new AI feature called Agent Mode that makes API tasks much faster and easier. This means developers can spend less time on manual work and more time building.
  2. OatFi has raised $24 million to improve B2B payment solutions with their APIs. Their goal is to help businesses manage cash flow effectively through better financing options.
  3. Security updates are becoming a big focus in the API world, with companies like Salt Security launching tools to help organizations protect their APIs quickly. This is important to keep sensitive data safe and comply with regulations.

Nyhetsbrev steigan.no 22.11.2024

steigan.no 8 implied HN points 22 Nov 24
🇺🇸 U.S. Politics Security
  1. Equinor is laying off 20% of its renewable energy workers due to tough market conditions and is pulling out of several countries. This means around 250 jobs will be cut.
  2. The International Criminal Court has issued arrest warrants for Israeli leaders Netanyahu and Gallant for war crimes in Gaza. If they travel to any member countries, they could be arrested.
  3. The U.S. plans to supply Ukraine with banned antipersonnel mines, breaking its own rules. This raises concerns about civilian safety and the implications of using these weapons in the conflict.

Blockchain: Fad or future?

A Bit Gamey 27 implied HN points 30 Jul 23
🕹 Technology Security
  1. Blockchain is a secure and tamper-proof way of storing information through a distributed database.
  2. Blockchain has diverse uses beyond cryptocurrencies, including financial transactions, supply chain management, healthcare, voting, and intellectual property.
  3. The future of blockchain involves potential applications like smart contracts, decentralized applications, IoT security, and government transparency, indicating it's more than just a passing trend.

Threat Model

Reboot 21 implied HN points 18 Nov 23
🕹 Technology Security
  1. In the age of the internet, it's challenging to disappear in America due to the digital footprint left by basic needs like addresses, bank cards, and online accounts.
  2. There is a small community of tech-savvy individuals focused on extreme privacy, using specialized tools like privacy-focused operating systems, encrypted communication, and anonymous browsing.
  3. Extreme privacy can be isolating and exhausting, leading to a constant balance between the desire for privacy and the inherent risks and limitations of disappearing from the public eye.

The Danger We Face

The Cosmopolitan Globalist 18 implied HN points 24 Jan 24
🌍 World Politics Security
  1. American deterrence has eroded, leading to catastrophic implications like a potential surprise nuclear attack from North Korea.
  2. The media's limited focus on foreign events, particularly in regions like Ukraine, can lead to critical foreign policy mistakes and erode global security.
  3. The importance of maintaining a strong deterrence and supporting allies like Ukraine to prevent further escalation and potential world war.

RPKI measurement & a SSH mystery

Dataplane.org Newsletter 19 implied HN points 03 Jan 22
🕹 Technology Security
  1. Dataplane.org is actively involved in RPKI RP measurement work since May 2021, tracking synchronization data and software usage diversity in RPKI relying parties.
  2. A significant and unexplained drop in SSH activity globally was observed in early October 2021, particularly affecting users of 'libssh', possibly due to a new SSH worm infection.
  3. Dataplane.org introduced a new signal data named sshidpw, providing daily reports of SSH id/password pairs seen in authentication attempts, proving beneficial for system admins and researchers.

The Spy, The Chef, The Actor: Russian Theater

Dr. Pippa's Pen & Podcast 26 implied HN points 27 Jun 23
🌍 World Politics Security
  1. There are theories suggesting that recent events in Russia, including a coup attempt, may have been orchestrated in a theatrical manner involving Putin, a former chef, and a private army.
  2. The risk of Russia breaking up into smaller parts is being discussed, with concerns about potential nuclear weapons falling into the wrong hands.
  3. The CIA's promotion of amnesty for Russians and the actions of key figures like the former chef may have significant implications for international relations and security.

Trends to Watch in 2021 and Best Books of 2020

Gradient Flow 39 implied HN points 31 Dec 20
🕹 Technology Security
  1. The post highlights key AI and data trends for 2021, with a focus on managing data-focused teams and upcoming trends to watch out for.
  2. A selection of recommended books from 2020 covers a wide range of topics, from data analytics and machine learning to history, biography, security, and big tech.
  3. The author provides a glimpse into personal experiences in 2019, like visiting the longest zipline in the world, and sends well wishes for 2021.