all InfoSec news
Sourcegraph Administrator Access compromised by Credentials in Publicly Available Code
Sept. 11, 2023, 5:01 a.m. | Ars Technica
The RISKS Digest catless.ncl.ac.uk
ArsTechnica reports that a recent security breach at Sourcegraph was
facilitated by credentials embedded in publicly-available source code.
Credentials visible in source or executable code is an obviously bad
practice. Besides the fact that it is obviously dangerous, it has been on
the OWASP list for many years.
The tragedy is that this class of security breach is completely
preventable. There is no reason for putting credentials in source or
executable code.
The ArsTechnica article can be found at:
https://arstechnica.com/security/2023/09/pii-leaked-after-sourcegraph-an-ai-driv …
access bad breach code compromised credentials embedded fact list owasp practice reports security security breach source code sourcegraph visible
More from catless.ncl.ac.uk / The RISKS Digest
iPhone Apps Secretly Harvest Data When They Send Notifications
3 months, 1 week ago |
catless.ncl.ac.uk
Bugs in our pockets: the risks of client-side scanning
3 months, 1 week ago |
catless.ncl.ac.uk
Tesla Hacked at Pwn2Own Automotive 2024
3 months, 1 week ago |
catless.ncl.ac.uk
The Great Freight-Train Heists of the 21st Century
3 months, 1 week ago |
catless.ncl.ac.uk
Offshore Wind Farms Vulnerable to Cyberattacks
3 months, 1 week ago |
catless.ncl.ac.uk
EFI IPv6/PXE Security Flaw
3 months, 3 weeks ago |
catless.ncl.ac.uk
Imaging privacy threats from an ambient light sensor
3 months, 3 weeks ago |
catless.ncl.ac.uk
Re: CLEAR wants to scan your face at airports. Privacy experts are worried.
3 months, 3 weeks ago |
catless.ncl.ac.uk
Jobs in InfoSec / Cybersecurity
Cyber Security Analyst
@ Dane Street | Palm Beach Gardens, Florida, United States
Program Information System Security Manager (ISSM) - onsite Tucson, AZ - TOP SECRET required
@ RTX | AZ855: RMS AP Bldg M05 1151 East Hermans Road Building M05, Tucson, AZ, 85756 USA
Lead - Business System Service (Workday HR Functional Consultant)
@ Freshworks | Bengaluru, India
Cloud Security Engineer
@ ButterflyMX | United States - Remote
Compliance Specialist
@ Airtable | Austin, Texas or San Francisco, California
Cyber SCRM Cloud Assessor Lead
@ Accenture Federal Services | Arlington, VA