Bluepurple Pulse: week ending October 3rd
Do Governments need a National Software Resilience Office?
Welcome to the substack highlights from the blueteamsec subreddit.
Operationally nothing is standout this week other than having too much fun surging against a commercial red team to develop understanding of their tradecraft and infrastructure.
In the high-level we saw the CyberPeace Institute and the Cybersecurity Tech Accord publish a manifesto outlining their focus on Prioritizing Human-Centric Equities within the Proposed UN Cybercrime Treaty. There are some admirable calls in it, but we will have to accept a balkanised Internet in part by the likes of China and Russia.
In the technical it was disclosed there is a bug (not security directly) in gpsd in Linux which on October 23rd 2021 (this month) will cause the time to jump back 1024 weeks. Understanding the implications and impact at a national level for all systems which derive their time via gpsd for the affected versions on Linux via GNSS (GPS) or a AIS receiver feels challenging today. Versions v3.20 - v3.22 are affected with v…
Keep reading with a 7-day free trial
Subscribe to Cyber Defence Analysis for Blue & Purple Teams to keep reading this post and get 7 days of free access to the full post archives.