Application Security This week for June 30

Fascinating look into Internet routing that caused an outage last week.  We are really building this city on a bed of sticks.

https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/

 

Not my normal fare for this newsletter, but Microsoft added a secure vault to OneDrive.  Not in the US yes, but my Australian friends can give it a try.

https://www.windowscentral.com/microsoft-announces-onedrive-personal-vault-secure-area-within-your-onedrive

 

There is a directory traversal vulnerability in ... this blog!  Please don't hack my.  I'll update later today.

https://seclists.org/fulldisclosure/2019/Jun/44

 

MongoDB is adding field level encryption.  Now if folks would just use the authentication features ...

https://www.wired.com/story/field-level-encryption-databases-mongobd/

 

Found a VERY cool tool that lists known vulnerabilities in default containers.

https://vulnerablecontainers.org/

 

A weird enge case forces the npm deployment script to push the .git folder.  Remember, complexity is the enemy of security.

https://npm.community/t/npm-6-9-1-is-broken-due-to-git-folder-in-published-tarball/8454/2

 

And that's the news folks.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList