Thanks to Giovanni Pellerano of GLOBALEAKS for his collaboration in addressing a misconfiguration in our app, where our content security policy (CSP) was unset. When we moved our app onto Digital Ocean’s App Platform, we didn’t have to use Nginx anymore, and our previous CSP lived in those configuration files. Micah Lee promptly addressed the issue by moving the CSP to the app code, and we immediately deployed the fix. A CSP sets rules for what resources can load in your browser and the permissions an app can request. Since Hush Line doesn’t require any permissions and has next to no dependencies, there’s no impact to our users. Much appreciation for Giovanni’s watchful eye and the collaboration in the #whistleblower community 🙏 https://lnkd.in/gGr2G-pW #cve #opensource #nonprofit #community
Hush Line’s Post
More Relevant Posts
-
Hot take. For profit companies that heavily rely on Open Source Software and benefit from it, should make substantial donations/sponsor projects and allow their employees to contribute during their 9 to 5, and in general contribute in any way possible. The reasons are simple. Ethical - OSS is not free, it is open. Someone has to put their time and effort into it, and it's not to make someone else richer, but to nurture a community echosystem. Strategical - once OSS libraries become the core of your software, you better make sure their are well maintained and have somebody internally able to keep them alive if needed. Security - contributing to OSS makes it less likely for malicious actors to infiltrate as maintainers or for libraries to become unmaintained and subject to vulnerabilities. Do you agree? change my mind. #oss #softwareengineering #softwaredevelopment
To view or add a comment, sign in
-
So many people download new software or apps and never end up using them! The problem is, the apps still contain the personal information and passwords you used, which puts you at risk if you’re not updating the software and patching the vulnerabilities. 👉 Regularly review software and applications to remove any that you don’t use. #quicktechtip #techsolutions #lifehack #businesstip #ZogInc #PennsylvaniaIT #FloridaIT
To view or add a comment, sign in
-
𝗟𝗲𝘃𝗲𝗹 𝗨𝗽 𝗬𝗼𝘂𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝘄𝗶𝘁𝗵 𝗢𝘂𝗿 𝗘𝗻𝗵𝗮𝗻𝗰𝗲𝗱 𝗟𝗼𝗴𝗶𝗻 𝗣𝗮𝗴𝗲! 🔒✨ Welcome to Extreme Verifications! Our login page isn't just secure—it's fortified with layers of protection for your peace of mind. 𝘏𝘦𝘳𝘦’𝘴 𝘸𝘩𝘢𝘵 𝘮𝘢𝘬𝘦𝘴 𝘰𝘶𝘳 𝘴𝘺𝘴𝘵𝘦𝘮 𝘵𝘰𝘱-𝘯𝘰𝘵𝘤𝘩: • 𝘼𝙙𝙢𝙞𝙣-𝙑𝙚𝙧𝙞𝙛𝙞𝙚𝙙 𝘼𝙘𝙘𝙚𝙨𝙨: Students can't log in without admin verification, ensuring only authorized users access our platform. • 𝙎𝙞𝙣𝙜𝙡𝙚 𝘼𝙘𝙘𝙤𝙪𝙣𝙩 𝙋𝙤𝙡𝙞𝙘𝙮: Each user is limited to one account per NIC and Gmail ID, preventing duplicate entries and ensuring fair play. • 𝙍𝙤𝙗𝙪𝙨𝙩 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙁𝙚𝙖𝙩𝙪𝙧𝙚𝙨: Our quiz web application employs cutting-edge security measures. Even admins can't peek at your password, thanks to JWT encryption. => 𝙒𝙝𝙖𝙩 𝙨𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙛𝙚𝙖𝙩𝙪𝙧𝙚𝙨 𝙙𝙤 𝙮𝙤𝙪 𝙫𝙖𝙡𝙪𝙚 𝙢𝙤𝙨𝙩 𝙞𝙣 𝙖𝙣 𝙤𝙣𝙡𝙞𝙣𝙚 𝙥𝙡𝙖𝙩𝙛𝙤𝙧𝙢?🤔🤔 𝘿𝙤 𝙨𝙝𝙖𝙧𝙚 𝙮𝙤𝙪𝙧 𝙩𝙝𝙤𝙪𝙜𝙝𝙩𝙨 𝙖𝙣𝙙 𝙚𝙭𝙥𝙚𝙧𝙞𝙚𝙣𝙘𝙚𝙨 𝙞𝙣 𝙩𝙝𝙚 𝙘𝙤𝙢𝙢𝙚𝙣𝙩𝙨! 𝙄'𝙢 𝙚𝙖𝙜𝙚𝙧𝙡𝙮 𝙬𝙖𝙞𝙩𝙞𝙣𝙜 (𝙬𝙞𝙩𝙝 𝙥𝙤𝙥𝙘𝙤𝙧𝙣)! 🍿😅😅 #ExtremeVerifications #SecureLogin #StudentSecurity #QuizApp #JWTSecurity #EnhancedProtection #TechTalk
To view or add a comment, sign in
-
Sanoid, a system to schedule automatic snapshots of your ZFS datasets. I'm in the process of setting it up and writing an article about it. ZFS is a journaling filesystem, that means that all changes made to files on your storage are tracked. A snapshot is like leaving a bookmark. You can at any time roll-back to your snapshot. This mitigates issues with ransomware and just makes some spills easier to mop up. ;) Oh, and OpenZFS and Sanoid are both Free and Open Source software. :)
To view or add a comment, sign in
-
The Polyfill compromise is a particularly nefarious, large-scale web supply chain attack. Organizations great and small have been hit: Hulu, World Economic Forum, JSTOR, Intuit are just a sampling of the over 100,000 affected organizations. The malicious code is quite special... from our report at Red Sift: "The malicious code injected through cdn.polyfill.io is sophisticated, dynamically generating payloads based on HTTP headers. It activates only on specific mobile devices, avoiding detection by evading admin users and delaying execution. Websites embedding the compromised scripts may inadvertently redirect visitors to malicious sites, exposing them to further risks such as fake Google Analytics links leading to dubious destinations." My colleague Billy McDiarmid shares the specific thing you need to do now: * You MUST still remove the domain from your digital estate and replace it with a safe location instead * Red Sift, Sansec - experts in eCommerce security, Semgrep, Namecheap, Inc, Cloudflare, Google and others have done great work here to keep cyberspace safe space. Read on for more and watch this space.
The recent compromise of the #polyfill .io domain has triggered a web supply chain attack, impacting over 100,000 websites across various sectors including finance, healthcare, non-profits, academia, and more. 📢To ensure the security of your website, we strongly advise you immediately remove any reference to polyfill.io. To find out more about the attack, how we identified impacted customers, and what you can do to get protected, read the blog ➡️ https://lnkd.in/ew47UDAH
Understanding the polyfill.io domain attack - Red Sift Blog
https://blog.redsift.com
To view or add a comment, sign in
-
Supply chain attack
https://lnkd.in/g_dAupp7 #infosec #itsecurity #appsec #applicationsecurity #penetrationtesting #penetrationtester #cyberawareness
Polyfill.io supply chain attack hits 100,000+ websites — all you need to know
sonatype.com
To view or add a comment, sign in
-
Are you part of an organization that uses Microsoft Fabric or Power Platform to enable business users to process data, build applications, reports, dashboards, and more? Then you'll definitely want to join Ziv Daniel Hagbi and David Wyatt for their security meetup for #appsec professionals where they will: - Show how misconfigurations in Power Platform are so easy (and so consequential) - How Fabric has an inherent data leakage flaw (originally disclosed by Ziv in his research https://lnkd.in/ejkqEQYc) And lots more. Not one to miss!
Monday, September 9th at 10AM CST, Zenity is hosting a virtual OWASP® Foundation Low-Code / No-Code security meetup. Join Ziv Daniel Hagbi and David Wyatt to learn how misuse of Power Platform can leave you vulnerable and how other Power Platform admin’s are safeguarding their business apps. Register below: https://lnkd.in/epMcvAEx #securedbyzenity #powerplatform #lowcode #nocode
To view or add a comment, sign in
-
How I Secure Personal Information in Financial Apps 🔐 💡 Ever wonder how to protect users' personal info while developing a financial app? It's not just about coding; it's about creating trust. Here’s how I do it: Encrypt Everything – Secure sensitive data with strong encryption methods. Two-Factor Authentication (2FA) – Add an extra layer of security. Regular Security Audits – Test for vulnerabilities constantly. Use Secure APIs – Only work with trusted, secure third-party APIs. Update Software Regularly – Always stay ahead with the latest security patches. Educate Users – Make them aware of best practices. Data Minimization – Collect only what’s necessary. 👉 Remember, security isn’t a feature—it’s a foundation. P.S. Your app’s success depends on how safe users feel. Start building that trust today! 💪
To view or add a comment, sign in
-
So many people download new software or apps and never end up using them! The problem is, the apps still contain the personal information and passwords you used, which puts you at risk if you’re not updating the software and patching the vulnerabilities. 👉 Regularly review software and applications to remove any that you don’t use. #quicktechtip #techsolutions #lifehack #businesstip #Impress #Texas
To view or add a comment, sign in
-
Learn about the importance of keeping up to date with this #TritonTip! In the age of technology, it's important to keep your Hosted app up to date with the latest software and security patches to ensure it runs smoothly. Regular maintenance is key to preventing any issues and keeping your app performing at its best. Don't compromise on security or efficiency. Did you find this helpful? Share your thoughts in the comments and tell us which topics you’d be interested in for future Triton Tips posts!
To view or add a comment, sign in
71 followers