#security - March 2021 | Slack Archive

Mebalmost 5 years ago

https://www.zdnet.com/article/google-bad-bots-are-on-the-attack-and-your-defence-plan-is-probably-wrong/

Noa Ginzburskyalmost 5 years ago

Hey there! after some internal discussion post the recent dependency confusion attack vector publication I read in https://github.blog/2021-02-12-avoiding-npm-substitution-attacks/#never-ignore-build-failures about creating a .npmrc file in the root of projects to ensure that developers checking out a specific repo will always work against our private registry, even if their .npmrc configuration says otherwise. I am looking for an effective way to enforce that this is indeed the setup consistently across all of our repos. Is anyone familiar with an effective way to enforce/gain visibility on this?

Mebalmost 5 years ago

https://www.zdnet.com/article/okta-and-auth0-a-6-5-billion-bet-that-identity-will-warrant-its-own-cloud/

lorenalmost 5 years ago(edited)

Well that explains why I had to log back into GitHub this morning... Race conditions are the devil! https://github.blog/2021-03-08-github-security-update-a-bug-related-to-handling-of-authenticated-sessions/

lorenalmost 5 years ago

https://www.theregister.com/2021/03/29/php_repository_infected/

lorenalmost 5 years ago

https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/

Gabealmost 5 years ago

Does anyone here have experience with data residency and sovereignty in AWS? I have a project coming up to deal with this and would love to hear other experiences.