Free tools and resources for Data Protection Officers!

Tag Archives for " open source "

Widely used open source software contained bitcoin-stealing backdoor

A hacker or hackers sneaked a backdoor into a widely used open source code library with the aim of surreptitiously stealing funds stored in bitcoin wallets. The malicious code was inserted in two stages into event-stream, a code library with 2 million downloads that’s used by Fortune 500 companies and small startups alike.

In stage one, version 3.3.6, published on September 8, included a benign module known as flatmap-stream. Stage two was implemented on October 5 when flatmap-steam was updated to include malicious code that attempted to steal bitcoin wallets and transfer their balances to a server located in Kuala Lumpur. The backdoor came to light last Tuesday with this report from Github user Ayrton Sparling.

Full article: Widely used open source software contained bitcoin-stealing backdoor | Ars Technica

French cyber-security agency open-sources CLIP OS, a security hardened OS

The National Cybersecurity Agency of France, also known as ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information), has open-sourced CLIP OS, an in-house operating system its engineers had developed to address the needs of the French government administration.

In a press release, ANSSI described CLIP OS as a “Linux-based operating system [that] incorporates a set of security mechanisms that give it a very high level of resistance to malicious code and allow it to protect sensitive information.”

Source: French cyber-security agency open-sources CLIP OS, a security hardened OS | ZDNet

Open-source GDPR framework seeks to tackle DSARs

Customer data platform mParticle has been working with engagement platform Braze, and analytics platforms Amplitude and AppsFlyer to create the framework, laying out three goals for the project:

  1. offer a JavaScript Object Notation specification — a format for structuring data — to allow controllers and processors to manage data subject access requests in an efficient manner;
  2. provide cryptographic verification of request receipts in order to demonstrate accountability to regulators; and
  3. create a callback mechanism to give controllers the ability to track the statuses of the requests.

Source: Open-source GDPR framework seeks to tackle DSARs

Understand the dangers of OSS? Equifax means you have to.

The Equifax breach has dominated headlines since it was announced earlier this month — and for good reason. The personal data of well over half the U.S. population, when adjusted for children and others who do not have need for credit reports, was affected.

Source: Understand the dangers of OSS? Equifax means you have to

Oversight of use of open source code crucial as GDPR approaches

Organisations should take steps to improve their oversight of the use of open source code in software deployed within their business before new EU data protection laws begin to apply, an industry expert has said.

Source: Oversight of use of open source code crucial as GDPR approaches, says industry expert

>