Want a quick way to look over the content of note for the past week? Click through to the PeakZebra summary list 

Topline Notes

So Gartner writes a piece called “7 Top Trends in Cybersecurity for 2022.” 

Attivo likes it because it includes “identity system defense” as one of it’s trends. One suspects it may include “identity system defense” because Gartner knew Attivo would like it, but that’s a conversation for someone else’s newsletter. 

Attivo licensed it and put a copy on their website. An identical copy, as far as the text of the article goes. 

This is the classic situation that SEOs will warn you about: duplicate copy. In a duplicate page situation, Google decides which page it thinks is the “one page to rule them all” and the others more or less disappear from Google search result listings. 

You can give Google a nudge toward the correct primary page by using a meta tag in your page header, like this one: 

<link rel="canonical" href="https://www.gartner.com/en/articles/7-top-trends-in-cybersecurity-for-2022" >https:="" www.gartner.com="" en="" art...<="" a="">"/>

This tells Google that Gartner’s version of the page is the one to rank. 

A quick look at the Attivo copy of the page’s underlying HTML, however, shows that they’ve included a canonical tag that says the Attivo version is the one to rank. 

In a situation like this, you’d expect Google to choose Gartner, which is a more authoritative site with a larger audience. And Attivo should disappear, which might explain why Gartner apparently doesn’t worry about companies that license their articles not getting the canonical tags right.

If you search for “7 Top Trends in Cybersecurity”, you find Gartner in the number one spot, just as you’d expect. 

Here’s the interesting thing: Attivo is listed for the same article, further down the page. 

My takeaway? It’s good practice to get the canonical tag thing right. Especially if you’re publishing content on a site with a bigger audience as well as your own, and you want your page to rank. But it’s not as cut and dried as some SEO gurus would have you believe. It’s quite possibly no big deal if you get it wrong. 

Readworthy

Of general interest:

Malwarebytes Labs
It’s legal to scrape public data—US appeals court
The decision has now been made, and it’s not good news for LinkedIn. Scraping public data is not considered to be a violation of the Computer Fraud and Abuse Act . LinkedIn (and, by extension, Microsoft ) is not impressed with people or organisations scraping publicly available data from its site.

Imperva Cyber Security Blog
4 Bad Bots Likely to Cause Problems for the Remainder of 2022
Imperva’s Threat Research Labs has monitored a 372 percent increase in bad bot traffic on healthcare websites globally since September 2020. Imperva researchers have uncovered bad bot attacks on everything from scheduling websites to e-commerce sites offering high-demand items, even government websites that influence election to political offices.


Technical – of interest:

DarkOwl, LLC » Feed
Version Control Systems and Software Supply Chain Risk
Despite general widespread sentiments against Putin’s invasion of Ukraine, the open source software development community has marked RIAEvanglist’s NPM package as malicious, because this individual chose to deploy malware in the digital supply chain ecosystem. In many cases, this chatter was centered around plans that involved targeting popular open-source software developer repositories like Github and Bitbucket, as well as associated software digital support infrastructure.

Trail of Bits Blog
The Frozen Heart vulnerability in PlonK
This class of vulnerability, which we dubbed Frozen Heart, is caused by insecure implementations of the Fiat-Shamir transformation that allow malicious users to forge proofs for random statements. This means that the public inputs, the values from the trusted setup ceremony, the program’s circuit, and all the public values computed in the proof itself must be included in PlonK’s Fiat-Shamir transformations.