Collaborate Disseminate
recently I noticed that OVAL definition files released by Ubuntu security team has changed significantly.
specifically, definition file for Ubuntu Xenial and above changed. they added 4 digits of zeroes before the last 3 dig… Continue reading Ubuntu OVAL ID format changed. for what reason?
I’m arguing with a colleague about the security of storing encrypted password on GitHub.
Our process is currently to commit a configuration file with environment variables including username and passwords. Username and passw… Continue reading Committing encrypted passwords but not usernames
I read recently about whether you should store your database passwords in config files, environment variables, docker secrets, etc. But if somebody can steal it from those places, then s/he can already inject code into your s… Continue reading Why would a hacker bother with stealing your database password?
In the last few years, organizations have been subject to extortion through ransomware. Now, hackers are bypassing the nasty business of trying to get people to give them cryptocurrency to simply hijacking your processor to mine for cryptocurrency. As … Continue reading Malware: Three Industry Problems and How to Solve Them
Say I set up a HashiCorp Vault, on dedicated hardware, with an AKV seal stanza like the following:
seal “azurekeyvault” {
tenant_id = “46646709-b63e-4747-be42-516edeaf1e14”
client_id = “03dc33fc-16d9-4b77-8152-… Continue reading How do I protect the Azure Client ID and Client Secret in HashiCorp Vaults with AKV Auto-Unseal?
Seems to be the general practice these days is to store secrets (e.g., DB, API credentials) in a .ENV file then load it to $_ENV and $_SERVER automatically. This popular library does that and it’s even encouraged as best prac… Continue reading Why use .ENV? What’s wrong with storing secrets in a config.php file outside root directory?
Seems to be the general practice these days is to store secrets (e.g., DB, API credentials) in a .ENV file then load it to $_ENV and $_SERVER automatically. This popular library does that and it’s even encouraged as best practice. This lib… Continue reading Why use .ENV? What’s wrong with storing secrets in a config.php file outside root directory?
Jeremy Winter is Director of Azure Management, responsible for areas such as Azure Governance, Policy, Configuration, PowerShell, Disaster Recovery, Azure Migrate and the Azure Portal Experiences from within Azure Compute. He joins Paul and John to tal… Continue reading Jeremy Winter, Microsoft – Enterprise Security Weekly #117
Amazon’s new security issue, which came to light just days before one of its biggest sale events of the year, is making recent headlines. And whilst it probably won’t stop the online retail giant from achieving a profitable Black … Continue reading Catching Configuration Changes that Can Lead to Data Exposure
If a small company is expanding with various branches across the country, how would the kerberos centralized server be configured? Are the new users assigned new ticket granting servers or are they assigned to the already exi… Continue reading Kerberos Protocol Centralized Server