Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Does Publicly Shaming Companies Improve Security?

    ou might think security teams inside big companies hate it when researchers and the press point out vulnerabilities, but that’s not always the case.

    Security teams are just one voice among many, and often they have trouble convincing bosses that security and privacy should be a priority. An embarrassing story in the press can change that quickly.

  • Security updates for Tuesday
  • Mozilla Security Blog: Protecting Mozilla’s GitHub Repositories from Malicious Modification

    At Mozilla, we’ve been working to ensure our repositories hosted on GitHub are protected from malicious modification. As the recent Gentoo incident demonstrated, such attacks are possible.

    Mozilla’s original usage of GitHub was an alternative way to provide access to our source code. Similar to Gentoo, the “source of truth” repositories were maintained on our own infrastructure. While we still do utilize our own infrastructure for much of the Firefox browser code, Mozilla has many projects which exist only on GitHub. While some of those project are just experiments, others are used in production (e.g. Firefox Accounts). We need to protect such “sensitive repositories” against malicious modification, while also keeping the barrier to contribution as low as practical.

    This describes the mitigations we have put in place to prevent shipping (or deploying) from a compromised repository. We are sharing both our findings and some tooling to support auditing. These add the protections with minimal disruption to common GitHub workflows.

    The risk we are addressing here is the compromise of a GitHub user’s account, via mechanisms unique to GitHub. As the Gentoo and other incidents show, when a user account is compromised, any resource the user has permissions to can be affected.

More in Tux Machines

today's howtos

Deepin 15.11

Today we are looking at Deepin 15.11. Deepin 15.11 is a fantastic release of Deepin, I couldn't find any faults and it just feels so much more stable, with Debian Buster and Kwin Window Manager. One, of the newest features, which I noticed, I guess there will be mixed emotions is that they have now an optional built-in cloud service, currently only available in China, I don't know how secure it will be and exactly what it's purpose will be. Another thing which I noticed is, that Deepin Driver Manager comes now pre-installed and their version of Crossover is upgraded to Crossover 18, available in the Software Center. Read more Direct/video: Deepin 15.11 Run Through

Today in Techrights

Android Leftovers