Snipe-IT; Dark Knowledge; The Data Horde
We had a lovely 36-hour getaway helping support The Maine Island Trail Association (MITA), so today's newsletter is both late and brief! Not much exposition, as all three resources are fairly self-explanatory. Back to the normal blatherings Friday!
I'm a big fanboi of "Software Bill of Materials" (SBOM). Folks usually describe SBOM as nutritional labels for software, but I like to think of SBOM as a formalized standard for software/device components and dependencies declaration. Either way, SBOMs make it possible for, say, an organization to know that they have log4j when the feces hit the propellers [Direct PDF].
Knowing you have something is not the same thing as knowing where that something is within your org. So while a tool such as Dependency Track can help with SBOM-based vulnerability detection and auditing (and much, much more), you're S.O.L. if you don't know which assets have what installed.
Enter: Snipe-IT, an open-source asset and license management system.
If you're not in data science, IT administration, cybersecurity, legal, or finance, this is a boring topic, and you should go to the next section immediately.
The rest of you should check out the Snipe-IT overview and full demo, and consider tossing out whatever vendor you have now, since you're likely not really using your asset management system properly anyway.
NOTE that this resource is for tiny to giant orgs and support cool things like QR & bar codes. It's actively developed, and the community is outstanding.
Billed as a "Devilishly Dark Curation Of Anti-Detect Research Papers", Dark Knowledge is a library of research papers and presentations for counter-detection and web privacy enthusiasts. At present, there are 119 resources going back to 2008, all in the GH repo — so you don't have to hunt for PDFs all over the internets.
If you're at all interested in digital privacy and what the bad folks are doing to thwart attempts at preserving privacy, tick the "watch" button on this repo and consider contributing new resources you find.
Here are the papers it has from 2021-present (no links, as I'd really like you to look at the whole list at the repo. This is a great resource!).
DRAWNAPART - A Device Identification Technique based on Remote GPU Fingerprinting
Fingerprinting in Style - Detecting Browser Extensions via Injected Style Sheets
JA3cury - A New Approach to TLS Fingerprinting by Merging Fingerprinting Methods
JARM Randomizer - Evading JARM Fingerprinting
Kubernetes Hardening Guidance
ML-CB - Machine Learning Canvas Block
On Reliability of JA3 Hashes for Fingerprinting Mobile Applications
OS Fingerprinting and Tethering Detection in Mobile Networks
Tales of FAVICONS and Caches - Persistent Tracking in Modern Browsers
The CNAME of the Game - Large-scale Analysis of DNS-based Tracking Evasion
The Data Horde
I was just going to mention the Flash Player Emergency Kit (in light one of the topics in a previous edition), but, since it's a light exposition day, I figured I should give you something more solid to chew on.
The Data Horde is a great group with a great blog "dedicated to the Archiving and Preservation of Knowledge, particularly on the Internet." They report news on web content at risk of disappearing, efforts to archive them and even document and sponsor community revivals of lost or soon-to-be lost resources. They also also offer guides and resources for anyone who’d like to get into archiving.
Resources die and links rot all the time on the internet. Digital archiving (think micro- and macro-efforts akin to The Wayback Machine) is a vitally important discipline, and something I watch pretty closely. The Data Horde does digital archiving quite well and their blogs are not spammy and usually great reading.
Oh, and if you do need to resurrect or preserve some Flash-based data visualizations, def check out their emergency kit.
Back to full content Friday! ☮