How bad can it git? Characterizing secret leakage in public GitHub repositories

How bad can it git? Characterizing secret leakage in public GitHub repositories Meli et al., NDSS’19

On the one hand you might say there’s no new news here. We know that developers shouldn’t commit secrets, and we know that secrets leaked to GitHub can be discovered and exploited very quickly. On the other hand, this study goes much deeper, and also provides us with some very actionable information.

…we go far beyond noting that leakage occurs, providing a conservative longitudinal analysis of leakage, as well as analyses of root causes and the limitations of current mitigations.

In my opinion, the best time to catch secrets is before they are ever committed in the first place. A git pre-commit hook using the regular expressions from this paper’s appendix looks like a pretty good investment to me. The pre-commit hook approach is taken by TruffleHog, though as of the time this paper was written, TruffleHog’s secret detection mechanisms were notably inferior (detecting only 25-29%) to those developed in this work (§ VII.D). You might also want to look at git-secrets which does this for AWS keys, and is extensible with additional patterns. For a belt and braces approach, also Continue reading

DNS Privacy at IETF 104

From time to time the IETF seriously grapples with its role with respect to technology relating to users' privacy. Should the IETF publish standard specifications of technologies that facilitate third party eavesdropping on communications or should it refrain from working on such technologies? Should the IETF take further steps and publish standard specifications of technologies that directly impede various forms of third party eavesdropping on communications? Is a consistent position from the IETF on personal privacy preferred? Or should the IETF be as agnostic as possible and publish protocol specifications based solely on technical coherency and interoperability without particular regard to issues of personal privacy? This issue surfaced at IETF 104 in the context of discussions of DNS over HTTPS, or DOH.

Celebrating 50 Years of the RFCs That Define How the Internet Works

First page of RFC 1

50 years ago today, on 7 April 1969, the very first “Request for Comments” (RFC) document was published. Titled simply “Host Software”, RFC 1 was written by Steve Crocker to document how packets would be sent from computer to computer in what was then the very early ARPANET. [1]

Steve and the other early authors were just circulating ideas and trying to figure out how to connect the different devices and systems of the early networks that would evolve into the massive network of networks we now call the Internet. They were not trying to create formal standards – they were just writing specifications that would help them be able to connect their computers. Little did they know then that the system they developed would come to later define the standards used to build the Internet.

Today there are over 8,500 RFCs whose publication is managed through a formal process by the RFC Editor team. The Internet Engineering Task Force (IETF) is responsible for the vast majority (but not all) of the RFCs – and there is strong process through which documents move within the IETF from ideas (“Internet-Drafts” or “I-Ds”) into published standards or informational documents[2].

50 years Continue reading

Feature Friday: A Chat With Security Experts

DockerCon brings industry leaders and experts of the container world to one event where they share their knowledge, experience and guidance. This year is no different. For the next few weeks, we’re going to highlight a few of our amazing speakers and the talks they will be leading.

In this second highlight, we have several industry experts on container and application security that we’re excited to have sharing their knowledge at DockerCon. We’re going to have sessions covering network security, a dissection of a real world Kubernetes vulnerability (and what to do about it), encrypted containers, and the new AWS Firecracker “micro-VM” for containers, just to name a few.

In case you missed it, you can also see our first speaker highlight here, featuring storage, service mesh and networking experts.

 

Zero Trust Networks Come to Docker Enterprise Kubernetes

More on their session here.

 

Spike Curtis 

Tigera Software Developer

Brent Salisbury 

Docker Technical Alliances

What is your breakout about?

Brent: Docker Enterprise with Calico for networking being used in conjunction with Istio is an exciting intersection of securing various layers of networking – all from a single policy interface.

Spike: The Docker-Calico-Istio combination Continue reading

How to setup an encrypted SOCKS proxy using stunnel

Why using SOCKS

There are times in which setting up a complete VPN tunnel might be an overkill (or not be an option at all).

For example, assume the followings:

  • You don’t want to tunnel all the traffic, just want to do so for your browsers.
  • Your OS is running under a limited account and doesn’t allow creation of tun interfaces.
  • Your provider does not allow setting up a tun device.
  • You want to securely surf the web on your old android device that doesn’t support tunneling.

stunnel can be used on your Android phone. SOCKS functionality could then be directly used in your phone for apps that support it: Firefox, Telegram, etc.

To see how to install and setup stunnel on android, take a look at:

How to run stunnel on your android device

These are just couple of examples. In such cases, setting up a SOCKS proxy might just do the trick.

Another interesting aspect of SOCKS proxy, is that after the initial per each connection handshake, it doesn’t add much overhead to the underlying traffic.

Overhead might not look like a big deal at first, but it adds up. This is specially true when you have a Continue reading

39 – DCNM 11.1 and VXLAN EVPN Multi-site Update

Dear Network experts,

It took a while to post this update on DCNM 11.1 due to other priorities, but I should admit it’s a shame due to all great features that came with DCNM 11.1. As mentioned in the previous post, DCNM 11.1 brings a lot of great improvements.

Hereafter is a summary of the top LAN fabric enhancements that comes with DCNM 11.1 for LAN Fabric.

Feel free to look at the Release-notes for an exhaustive list of New Features and Enhancements in Cisco DCNM, Release 11.1(1)

Fabric Builder, fabric devices and fabric underlay networks

  • Configuration Compliance display side-by-side of existing and pending configuration before deployment.

  • vPC support for BGWs (VXLAN EVPN Multi-site) and standalone fabrics.

Brownfield Migration

  • Transition an existing VXLAN fabric management into DCN.

Interfaces

  • Port-channel, vPC, subinterface, and loopback interfaces can be added and eddited with an external fabric devices.

  • Cisco DCNM 11.1(1) specific template enhancements are made for interfaces.

Overlay Network/VRF provisioning

  • Networks and VRFs deployment can be deploy automatically at the Multi-site Domain level from Site to Site in one single action.

External Fabric

  • Switches can be added to the external fabric. Inter-Fabric Connections (IFCs) can be created Continue reading

Save the Date: Hackathon@AIS

The third Hackathon@AIS will take place in Kampala, Uganda on the 19th and 20th of June 2019. The Hackathon@AIS is an event aimed at exposing engineers from the African region to Internet Standards development and usage. This will be the third event in the series following successful events held in Nairobi (2017) and Dakar (2018), each alongside the Africa Internet Summit (AIS).

See what was covered in 2017 and 2018 Hackathons@AIS here:
2017 Hackathon@AIS
2018 Hackathon@AIS

The event is targeted at network/system engineers, software developers, and/or computer science students to introduce them to existing and evolving Internet standards development that can help further their careers.

Applications for the event will open in April 2019.

Fellowships will be awarded to strong applicants where possible.

Applications will close on 12 May 2019.

For more information please contact Kevin Chege: [email protected].

Read testimonials from the 2018 Hackathon@AIS fellows.

The post Save the Date: Hackathon@AIS appeared first on Internet Society.

Stuff The Internet Says On Scalability For April 5th, 2019

Wake up! It's HighScalability time:

 

How unhappy do you have to be as a customer to take so much joy in end-of-lifing a product?

 

Do you like this sort of Stuff? I'd greatly appreciate your support on Patreon. I wrote Explain the Cloud Like I'm 10 for people who need to understand the cloud. And who doesn't these days? On Amazon it has 44 mostly 5 star reviews (100 on Goodreads). They'll learn a lot and love you for the hookup.

 

  • $40 million: Fortnite World Cup prize money; 89%: of people who like Go say they like Go; 170 million: paid iCloud accounts; 533: days bacteria lived on the outside of ISS; 95%: BTC volume is fake; 51: LTE vulnerabilities found by fuzzing; 13,000: CRISPR edits in a single cell; 5G: 762Mbps down and a 19ms ping; 17,000: awesome Historic Blues & Folk Recordings; 3,236: Amazon broadband LEO satellite network; 5.1 million: emails sent during 10 day spam campaign; 

  • Quoteable Quotes:

Help us update the Cloudflare Blog!

Help us update the Cloudflare Blog!
Help us update the Cloudflare Blog!

Want to get right to the feedback? Click here.

As you’ve probably noticed over the years, we’re always evolving and improving the look and feel of different aspects of the Cloudflare experience. Sometimes it’s more about function, other times it’s more about form, and most of the time it’s a combination of both. But there’s one area of the site that many users visit even more frequently than they visit the homepage or their dashboard, and strangely enough it hasn’t really seen any major updates in years. And if you’re reading this, that means you're looking at it.

With more than 150 current contributors, and more than 1,000 posts, we have a lot of people dedicating a lot of their time to writing blog posts. And based on the responses I see in the comments, and on Twitter, there are a lot of people who really like to read what these authors have to say (whether it has much to do with Cloudflare or not).

Well, we’d like to finally give some love to the blog. And we really want to know what you, our loyal (or even occasional) readers, think. There are two options to choose from. Continue reading

1 1,218 1,219 1,220 1,221 1,222 3,792