Dipl.-Inform. Carsten Eilers

• [1] Tom Preston-Werner (mojombo), GitHub-Blog: "Public Key Security Vulnerability and Mitigation"
• [2] Michael Hartl's Tech Blog: "Mass assignment in Rails applications"
• [3] Tom Preston-Werner (mojombo), GitHub-Blog: "Responsible Disclosure Policy"
• [4] Egor Homakov: "Commit that changed my life."
• [5] rails/rails Issue #5228: "Mass assignment vulnerability - how to force dev. define attr_accesible?"
• [6] Ruby On Rails Security Guide - 6 Mass Assignment
• [7] rails/rails Commit 06a3a8a: "Whitelist all attribute assignment by default."
• [8] Egor Homakov: "How-To"
• [9] homakov/ClientSit Issue #3: "Hello, I m Bender"
• [10] rails/rails Issue #5239: "I’m Bender from Future. [TITLE FOR SALE]"
• [11] rails/rails Commit b839657: "wow how come I commit in master? O_o"
• [12] Kommentar unter [11]
• [13] GitHub Help: "Responsible Disclosure of Security Vulnerabilities"
• [14] Tim Pease (TwP), GitHub-Blog: "A Whole New Code Search"
• [15] Paul Ducklin, Sophos: "Do programmers understand the meaning of PRIVATE?"
• [16] Michael Mimoso, threatpost: "GitHub Search Down After Some Credentials and Crypto Keys Exposed"
• [17] RaiderSec: "Automatically Enumerating Google API Keys from Github Search"
• [18] Melissa Elliott, @0xabad1dea: "Oh geez just found an ssh password to a production server ..."
• [19] Brian Doll (briandoll), GitHub-Blog: "Secrets in the code"
• [20] GitHub Help: "Remove sensitive data"
• [21] Dan Palmer: "GitHub's Security Vulnerabilities"
• [22] Carsten Eilers: "Websecurity: Cookie Tossing"
• [23] Egor Homakov: "Hacking Github with Webkit"
• [24] Ryan Tomayko (rtomayko), GitHub Blog: "New GitHub Pages domain: github.io"
• [25] Chris Roussel: "[Full-disclosure] GitHub Login Cookie Failure" ff
• [26] Secunia Advisories für Git 1.x
• [27] GitHub Help: "GitHub Security"
• [28] Wynn Netherland (pengwynn), GitHub Blog: "Easier builds and deployments using Git over HTTPS and OAuth"

Carsten Eilers