#security (2021-03)

Archive: https://archive.sweetops.com/security/

2021-03-31

Gabe avatar

Does anyone here have experience with data residency and sovereignty in AWS? I have a project coming up to deal with this and would love to hear other experiences.

2021-03-30

loren avatar
loren
Whistleblower: Ubiquiti Breach “Catastrophic”

On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the incident response to that breach alleges Ubiquiti…

2021-03-09

loren avatar
loren

Well that explains why I had to log back into GitHub this morning… Race conditions are the devil! https://github.blog/2021-03-08-github-security-update-a-bug-related-to-handling-of-authenticated-sessions/

GitHub security update: A bug related to handling of authenticated sessions - The GitHub Blog attachment image

On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hah! I was wondering about that too

GitHub security update: A bug related to handling of authenticated sessions - The GitHub Blog attachment image

On the evening of March 8, we invalidated all authenticated sessions on GitHub.com created prior to 12:03 UTC on March 8 out of an abundance of caution.

1

2021-03-04

Meb avatar
Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud | ZDNet attachment image

There are clouds for infrastructure, CRM, HR and other business functions. Is identity going to be one of the handful of clouds in the enterprise?

2021-03-02

Noa Ginzbursky avatar
Noa Ginzbursky

Hey there! after some internal discussion post the recent dependency confusion attack vector publication I read in https://github.blog/2021-02-12-avoiding-npm-substitution-attacks/#never-ignore-build-failures about creating a .npmrc file in the root of projects to ensure that developers checking out a specific repo will always work against our private registry, even if their .npmrc configuration says otherwise. I am looking for an effective way to enforce that this is indeed the setup consistently across all of our repos. Is anyone familiar with an effective way to enforce/gain visibility on this?

Avoiding npm substitution attacks - The GitHub Blog attachment image

Supply chain attacks are a reality in modern software development, but you can reduce attack surface by taking precautions and managing dependencies.

2021-03-01

Meb avatar
Google: Bad bots are on the attack, and your defence plan is probably wrong | ZDNet attachment image

Bot attacks are on the rise as businesses move online due to the pandemic, according to Google

Zach avatar

bad bots bad bots whatcha gonna do whatcha gonna do when they come for you

Google: Bad bots are on the attack, and your defence plan is probably wrong | ZDNet attachment image

Bot attacks are on the rise as businesses move online due to the pandemic, according to Google

1
    keyboard_arrow_up