The Case for 2FA, Post Rest-client Gem CVE
On 08/19/2019, a CVE was discovered on a popular Ruby gem called Rest-client. Although caught quickly, this could raise the case of 2FA being a requirement for Package Manager accounts like Rubygems and NPM.
Account Protection Policies to Cover Business Assets
Utilizing two factor authentication, strong passphrases, password managers, and NIST standards; private company accounts can remain secure. Cover your assets!
Restrict Who Can Push to Matching Branches on Github
On GitHub, you can enable branch restrictions allowing only certain users, teams, or apps to be able to push to a protected branch.
New Interview on Drifting Ruby
Recent Drifting Ruby Episode #183 interview with Frank Rietta, Web Application Security Architect.
Applying Agile and Security in Software Development Public Appearance at KSU
Frank will be presenting Applying Agile and Security in Software Development at the IS General Speaker Series #3 on 2/28/2018 at KSU in Marietta.
Security Quick-Wins: Use DNS CAA records to avoid fraudulent certificates
Prevent certificate fraud and boost your TLS security in 5 minutes using this simple standardized DNS entry.
Migrate Away from SSL/Early TLS for PCI Compliance
PCI compliance 3.1 and 3.2 no longer allow for SSL/Early TLS. Upgrade now to ensure your company remains compliant with the changes that start June 30, 2018.
Georgia SB 315, set to criminalize most independent security threat research, heads to Georgia Governor Nathan Deal for signature or veto
As big companies buy cybersecurity insurance rather than fix fundamental security problems, Georgia clears the way for them to press charges or bring civil lawsuits against Good Samaritan researchers.
Georgia SB 315 anti-hacking law dangerously misses the mark of protecting people, making us all less safe
If Georgia SB 315 becomes law, computer security experts will stop reporting vulnerabilities in good faith because doing so could lead to their criminal prosecution under dangerously broad anti-hacking law.
Lay off the marketing plugins. Equifax hit with fake Flash update.
Equifax caught distributing malware. Be careful what you allow to be included in your website to avoid these sorts of hacks.