Are anyone familiar with any webserver security check tools? I have a couple of servers that does shared hosting (don’t get me started on why…) and I’d like to assess wether or not they are secure enough (as far as shared hosting can get secure)
That is, I’m interested in the actual server configuration, not individual web applications
@Erik Weber is this in a containerized env?
Hrm… yea, don’t have any suggestions for that.
Thanks anyway. Do you know of any container based shared hosting solutions? I’ve taken over some legacy crappy shared webservers I’d like to get rid of
Update your Google Chrome browser immediately to patch a new high-severity zero-day RCE vulnerability (CVE-2019-5786) that hackers are actively exploiting in the wild
Remote-desktop giant ‘among more than 200 govt agencies, oil, gas, tech corps’ hit by cyber-gang
does anyone use something like anchore to scan docker images for vulnerabilities?
or claire maybe?
(not the channel, but the docs)
Aqua Security has a good microscanner
anyone running zero-trust even for their mail/collaboration/etc and integreated with MDM/EMM?
There are three new Rails security issues that were just released. This can lead to remote code execution, file disclosure and denial of service.
https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw
Aggressive sales tactics can make it harder for overworked cybersecurity execs to find and stop real threats.
how do you guys send sensitive data to each other? i use keybase but was wondering if there are better alternatives
But 1Password just added the ability to share to individuals
Also, chamber is ideal for development secrets
i use 1pw for personal
We use 1Password for teams
Plus integrates with Duo for MFA/geofencing
And supports slack notifications so we have an easily accessible audit log
@Erik Osterman (Cloud Posse) Geofencing for passwords… is this some fancy voodoo? (like, i can only log in when i’m in the office?)
Yea Duo works with push, so if your phone is not in a specific geography (not sure how specific) it will reject the request. E.g. coming from North Korea ;)
@Erik Osterman (Cloud Posse) I love 1PW, my company (like most) uses lastpass cause it’s cheaper :P
Yea it seems like party lines are drawn between LastPass and 1p. I never got used to the LastPass UI. Briefly used Dashlane for 1 year and so happy to be back to 1Password.
I think LastPass offers better enterprise support. They have an extensive list of policies.
Voova, 2FA, two factor authentication, security, Amazon, Amazon Web Services
Ha yeah; worked with him once. I’m suprised he knew how to delete anything
that reports wrong of course
he’s serving 12 months
and 1 year on license
” the company lost “big contracts with transport companies” to the tune of £500,000 “ If you’re in aws sharing creds and no 2fa you don’t really get sympathy
“Could Voova have avoided this crisis? Yes, and the solution would have been simple: a 2FA (two-factor authentication) system. By implementing this system, when Needham logged into the system a text message would’ve been sent to Speedy’s smartphone also asking for permission to login” When you write an article but don’t bother to look at the auth options
… journalists, pfft