Mackenzie Jackson, the Developer Advocate at GitGuardian joins Paul to discuss how “secrets sprawl” on sites like GitHub threatens software supply chains.
API
Update: Two Years After Discovery Dangerous Security Hole Lingers in GPS Services
Security researchers warned of a serious vulnerability in a GPS service by the China-based firm ThinkRace exposes sensitive data in scores of GPS services, more than two years after the hole was discovered and reported to the firm. (Update: added comment from John van den Oever, the CEO of one2track B.V – PFR 1/3/2018)
Samsung’s Tizen Operating System: a Hacker’s Dream | Motherboard
In-brief: Motherboard reports on an audit of Samsung’s Tizen mobile and IoT operating system that suggests it contains numerous, serious security holes.
OEM Software Leaves New Windows PCs Vulnerable
(credit: Duo Security)
The next time you’re in the market for a new Windows computer, consider this: if it comes from one of the top five manufacturers, it’s vulnerable to man-in-the-middle attacks that allow hackers to install malware.
That’s the take-away from a report published Tuesday by researchers from two-factor authentication service Duo Security. It found third-party updating tools installed by default threatened customers of Dell, HP, Lenovo, Acer, and Asus. The updaters frequently expose their programming …read more
Better Web Application Security in 14 Steps
In-brief:In-brief: In this, the last in a three-part series on REST API, Neeraj Khandelwal of Barracuda Networks examines how web application security design can help secure REST APIs and provides tips for securing web applications. You can read Neeraj’s previous posts (here and here).
