“Operating Identity: Pioneering Trends in Tech – A Focus on Identity, Security, DevOps, and More"

Welcome to the latest issue of Operating Identity, where we journey through the dynamic realms of technology and digital security. We've handpicked insightful articles to offer you a panoramic view of the current technological landscape and its future trajectory. From deep dives into the world of secure communication protocols to innovative approaches in handling technical debt, our curated content is geared towards igniting your strategic thinking and enhancing your expertise. As we explore these pivotal topics, our goal is to equip you with cutting-edge knowledge and perspectives that empower you to excel in an increasingly digital-centric world. Join us in embracing the challenges and opportunities that lie ahead in the ever-evolving sphere of technology.

Identity:

1. Advancing iMessage security: iMessage Contact Key Verification - Time to Read: 9 minutes - Apple’s iMessage was the first widely available messaging service to provide secure end-to-end encryption by default, starting from when it launched in 2011.
2. WebAuthn - A Short Introduction - Time to Read: 11 minutes - WebAuthn (Web Authentication) is an API specification by W3C that facilitates a secure way for users to log in to online services and websites using various authentication methods, such as biometrics (e.g., fingerprint or facial recognition) and hardware-based authenticators?
3. DIDKit and Verifiable Credentials - Time to Read: 3 minutes - Recently I made a post on Veramo and Verified Credentials where I discussed a little bit about Veramo and my findings in trying to use it. This post is about DIDKit from SpruceID. DIDKit is another set of packages for creating DIDs, verifiable credentials, verifiable presentations, etc.

Security:??

1. New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security - Time to Read: 5 minutes - Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel.
2. Malware exploits undocumented Google OAuth endpoint to regenerate Google cookies - Time to Read: 6 minutes - CloudSEK researchers analyzed a zero-day exploit that can allow the generation of persistent Google cookies through token manipulation. In October 2023, a developer known as PRISMA first uncovered an exploit that allows the generation of persistent Google cookies through token manipulation.

DevOps:

1. How to be on-call - Time to Read: 11 minutes - A few years ago at Arctic Wolf I put together a talk titled “How to be on-call”, in response to the rapid growth of the organization and increasing number of on-call schedules. The talk turned out to be very popular and the recording became part of the onboarding process for new employees.
2. Temporary elevated access management with IAM Identity Center - Time to Read: 16 minutes - AWS recommends using automation where possible to keep people away from systems—yet not every action can be automated in practice, and some operations might require access by human users. Depending on their scope and potential impact, some human operations might require special treatment.

Compliance:?

1. Choosing a security model - Time to Read: 3 minutes - You can choose from various security models or approaches for AWS. The choice of approach and the best-fitting model depends on your audience, the target business outcomes, and the overall business process. It is possible to use a blend of multiple models.

Tools/Projects:?

1. My Approach to Building Large Technical Projects - Time to Read: 9 minutes - Whether it's building a new project from scratch, implementing a big feature, or beginning a large refactor, it can be difficult to stay motivated and complete large technical projects. A method that works really well for me is to continuously see real results and to order my work based on that.
2. A Framework for Prioritizing Tech Debt - Time to Read: 5 minutes - Having spent over a decade building tech startups, I've come across my fair share of tech debt: The gnarly Ember.js code no one wants to touch, the bespoke cloud infrastructure maintained entirely by hand, or the solitary Elixir service left behind by a long-gone former teammate.

About UberEther?

UberEther is a full-stack technology integrator that builds innovative solutions for our clients and turns their security and access control needs into a value-added enabler that transforms the organization in previously impossible ways.

More than anything, though, we want to be a partner in your success. We want to work with you to meet your larger security goals, turning what many see as an obstacle into an asset.

In Conclusion?

As we conclude this edition of UberEther's Newsletter, we hope the insights and discussions presented have been enlightening and inspiring. The realms of Identity, Security, DevOps, Compliance, and Tools/Projects are not just foundational to the tech industry; they are the driving forces shaping its future. We encourage you to explore these topics further and engage with the content to enhance your professional knowledge and skills. Stay tuned for our next issue, where we will continue to bring you the latest trends, innovations, and thought leadership from the world of technology. Thank you for joining us on this journey of discovery and growth.