• A while back, Google released Santa, a solution for binary white-/blacklisting on macOS. However, they didn’t release the server-side compoent (nor really document it very well), so Santa was more of a component than a full system. Now, there’s Moroz, an open-source server-side tool for Santa. Together, the two are finally a solid solution for binary white-/blacklisting on macOS
  • A couple of great studies on 0days: Zero Days, Thousands of Nights The Life and Times of Zero-Day Vulnerabilities and Their Exploits by Lillian Ablon and Timothy Bogart, and Taking Stock: Estimating Vulnerability Rediscovery by Trey Herr and Bruce Schneier.
  • Josh Levy is Building a Digital Security Exchange to “[help] the U.S. digital security community be more responsive to the needs of civil society groups and high-risk communities”. There’s an impressive list of folks signed on, and there are several ways they’re looking for help if you want to get involved.

What’s this?

This is a weekly roundup of interesting infosec related links, inspired by Geek Feminism’s linkspam tradition.

If you’d like to suggest a link for a future roundup, post it to Pinboard tagged with securitylinkspam and I’ll find it there.