Lately I’ve been talking a lot about the supply chain risk. You import some software, and are suddenly importing their business model and practices. Well, we’ve just had another ‘shenanigan’ unveiled. And its got some good drama. https://github.com/dominictarr/event-stream/issues/116 In a nutshell…
Don's Blog Technology run (almost) amuck
Tag: supply-chain
Pytosquatting, Supply Chain Risk, and the Slovak National Security Bureau
So most of you will have the Slovak ‘NBU’ on your RSS speed-dial, but I found I was a bit behind on my reading of it. As I was catching up, skcsirt-sa-20170909-pypi caught my eye. In a nutshell, its around…
Software supply chain risk management robots
It finally happened to you. A developer used ‘import A’. A pulled in B, B pulled in C, D. D pulled in E… and somewhere along that chain evil lurked. Now all your bits are belong to l33t hackerz.…
login | 
(RSS)|Create Account|Update email pref
In the lower right you might see a red bell / push notification indicator, click it to enable push notifications (or link below this box).
See the previous archives
(RSS)|Create Account|Update email pref In the lower right you might see a red bell / push notification indicator, click it to enable push notifications (or link below this box).
See the previous archives
- Jayme Snyder on Opening the hiring taps: first legit job ad is up!Congrats Don on this great milestone!
- Mustafa on Speedtest & BBR, consistencyHi Don, Need your help to improve our Speedtest server. Kindly get in touch.
- db on The LED bulb project: an autopsy on some failuresfree to good home. two $25 LED corn cob lights. Lightly used. Some bugs. May have missing led(s). Know a
- Jayme Snyder on The LED bulb project: an autopsy on some failuresI've fixed a number of dead LED back-lit TV's found on Kijiji and through friends. I guess it's so much
- db on Gitlab via the API: prepare a repo with automatic deploy keys and protected branches/tagsi don't really understand what you are asking? the `protect` means that it can't be read.
Jayme Snyder on Opening the hiring taps: first legit job ad is up!Congrats Don on this great milestone! 
Mustafa on Speedtest & BBR, consistencyHi Don, Need your help to improve our Speedtest server. Kindly get in touch. 
db on The LED bulb project: an autopsy on some failuresfree to good home. two $25 LED corn cob lights. Lightly used. Some bugs. May have missing led(s). Know a
- Defense in Depth: Securing your new Kubernetes cluster from the challenges that lurk within
- Cloud Security Blasphemy: Secrets in git
- Keep your certificates young and fresh
- We are all-in on the TLS: the HSTS preload
- Git ransomware: beware the misdirection
- Covert Exfiltration, Cloud Native
- Moving into a new (cloud) neighbourhood? Check its reputation!
- Docker Hub Hack: Secure Your Supply Chain
- That’s the kind of password an idiot uses on luggage: cloud security
- The naked cloud: elasticsearch is stretch but doesn’t cover security
Top