@Jonathan Eunice has joined the channel
Dang it Gigabyte. https://www.wired.com/story/gigabyte-motherboard-firmware-backdoor/
Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say.
anybody know if there is a utility to parse system information and return whether or not the system is affected? here’s a list of known affected motherboards so I guess it wouldn’t be too hard to script something.
A Gigabyte feature designed to update motherboards with the latest firmware accidentally opens up a backdoor for hackers to exploit in major malware oof.
Anyone have experience simplifying a SSO login page which provides multiple ways of logging in by using multiple vanity login domains instead. For example a menu asking user to choose a way to sign in between “microsoft account” and “google account” would be converted into two domains ms.example.com and ga.example.com. What are the negatives to such an approach (besides increase in resources to manage)? Is this against some best practice? Is this somewhat common?
I’m thrilled to share our journey towards Continuous Security Audits at Dgraph Labs Inc. In our blog post, we delve into how we detect and remediate potential Security Issues within our offerings. Our new setup integrates a selection of toolsets and aids in “Improved Visibility” and “Faster Security Issue Resolution” for our organization (and our esteemed customers). Within a concise timeframe (~3 months), we’ve successfully addressed over 2k+ security issues with this, significantly bolstering our SOC2 compliance endeavors. Learn more about our Security Landscape, Layers, Tools in our blog post. https://www.sudhishkr.com/posts/20230609_how-we-fixed-2kplus-security-issues/
#DevSecOps #SecurityAudit #DgraphLabs #ContinuousSecurity #OpenSource #DevOps #CVEs #Linters #GitHubActions #SecureCoding
In this article we explain our journey towards Continuous Security Audits to detect and remediate potential Security Issues within our OpenSource offerings at Dgraph Labs Inc. As part of this initiative, we have integrated a selection of toolsets to facilitate Security Audits to provide ‘Improved Visibility’ and ‘Faster Security Issue Resolution’. Notably, we have successfully addressed over 2k+ security issues, significantly bolstering our SOC2 compliance endeavors.