Read it (PDF) and be pleased that all-well-might-indeed-be-right-with-the-Universe, at least in user-land universal 2nd factor crypto that, is...

h/t

Meanwhile, in security project news, comes word of a new Alphabet, Inc. Google Security (NasdaqGS: GOOG) project, monikered appropriately - Project Wycheproof. Purportedly apellated for the smallest mountain in the world, it is now clear that security engineers at Google possess a sense of the absurd, whilst taking care of business, as it were...

Daniel Bleichenbacher and Thai Duong both Security Architects at Google Inc., have announced the Project, via the Google Security Blog. Source is on GitHub. Enjoy.

h/t

Apparently, DNSChanger has reared it's pernicious head again, infecting large numbers of unwary users and vectored through steganographic code malware inclusion within major news site banner ads... This time, per The Hacker News reporter Swati Khandelwal, comes the bad news of both the vector and the attack.

Well-wrought thought piece on the failure of Red Hat and Ubuntu to secure their respective distros utilizing standardization in the form of reproducible builds (and other means).

Damn kids apparently have forgotten their lessons whilst in kindergarten regarding safe and fair play. In this case, however, we have the added component of organizations, companies and individuals suffering due to the ineptitude of the big names in Linux... Astounding.

h/t

News, via Finnish site Metropolitan, of a DDoS attack on computer-managed HVAC systems in the town of Lappeenranta, Finland. In a country situated geographically as Finland, this attack should be construed as a life safety issue. H/T

News, of Microsoft Corporation (NasdaqGS: MSFT) selling of customer telemetry on Windows 10 has come to light via Martin Kauffman on GHacks. Martin superlatively details the phenomenal audacity of Microsoft in the matter of selling usage information; and, while not surprising, just another indicator of the onerous feet-of-clay syndrome now evident in Redmond. Oh, and by-the-way, the data being shared is with a security firm, simply astounding. As always, you be the judge.

AWS re:Invent 2016 - Security Automation, Spend Less Time Securing Your Applications →

Google's Keys to Security, Pragmatism At It's Finest →

IGF 2016, The 'Right to Be Forgotten' →

AWS re:Invent 2016 - GxP Compliance in the Cloud →

Cloud Computing, End of →

AWS re:Invent 2016 - Enterprise Patterns for Payment Card Industry Data Security Standard →

AWS re:Invent 2016 - Architecting for End-to-End Security in the Enterprise →

Wycheproof, The Project →

AWS re:Invent 2016 - Evolving an Enterprise-Level Compliance Framework with Amazon CloudWatch →

AWS re:Invent 2016 - Securing Serverless Architectures, and API Filtering at Layer 7 →

DNSChanger, Redux →

AWS re:Invent 2016 - You Can’t Protect What You Can’t See, Security & Compliance from Adobe →

AWS re:Invent 2016 - Hackproof Your Cloud, Responding to 2016 Threats →

Linux Security, The Litany of Failure →

AWS re:Invent 2016 - The Psychology of Security Automation →

AWS re:Invent 2016 - Encryption, It Was the Best of Controls, It Was the Worst of Controls →

AWS re:Invent 2016 - How AWS Automates Internal Compliance at Massive Scale with AWS Services →

Finnish HVAC Systems DDoS'd →

AWS re:Invent 2016 - Predictive Security, Using Big Data to Fortify Your Defenses →

Microsoft Begins Selling Windows 10 Telemetry →