Security: Shopify, Logitech, pwnedkeys.com and Common Passwords
How Shopify Avoided a Data Breach, Thanks to a Bug Bounty
At KubeCon + CloudNativeCon NA 2018, Shopify and Google detail a Kubernetes security incident reported by a bug bounty security researcher that was quickly remediated before any harm was done.
Logitech Options App Plagued By PID Exploit, Security Vulnerability Fixed With New Update
Logitech Options is an app that controls all of Logitech’s mice and keyboards. It offers several different configurations like Changing function key shortcuts, Customizing mouse buttons, Adjusting point and scroll behavior and etc. This app contained a huge security flaw that was discovered by Tavis Ormandy who is a Google security researcher. It was found that Logitech Options was opening a WebSocket server on each individual computer Logitech Options was run on. This WebSocket server would open on port 10134 on which any website could connect and send several various commands which would be JSON-encoded.
pwnedkeys: who has the keys to *your* kingdom?
I am extremely pleased to announce the public release of pwnedkeys.com – a database of compromised asymmetric encryption keys. I hope this will become the go-to resource for anyone interested in avoiding the re-use of known-insecure keys. If you have a need, or a desire, to check whether a key you’re using, or being asked to accept, is potentially in the hands of an adversary, I would encourage you to take a look.
“123456” Tops The List Of Worst Passwords For 5th Consecutive Year
