Drucksache: windows.developer Magazin 7.2013 - GitHub-Sicherheit
Im windows.developer Magazin 7.2013 ist ein Artikel über die Sicherheit von Git und insbesondere GitHub erschienen. Es handelt sich um eine erweiterte und aktualisierte Version des Artikels aus dem PHP Magazin 4.2013. An einer Stelle wurde der gedruckte Artikel aber bereits vom Internet überholt: Die Quelle [4] ist nicht mehr online. Dabei handelt es sich um Egor Homakovs eigenes als Proof of Concept genutztes Projekt.
Und hier noch die Links und Literaturverweise aus dem Artikel:
- [1] Tom Preston-Werner (mojombo), GitHub-Blog: "Public Key Security Vulnerability and Mitigation"
- [2] Michael Hartl's Tech Blog: "Mass assignment in Rails applications"
- [3] Tom Preston-Werner (mojombo), GitHub-Blog: "Responsible Disclosure Policy"
- [4] Egor Homakov:
"Commit that changed my life."(Projekt ist nicht mehr online) - [5] rails/rails Issue #5228: "Mass assignment vulnerability - how to force dev. define attr_accesible?"
- [6] Ruby On Rails Security Guide - 6 Mass Assignment
- [7] rails/rails Commit 06a3a8a: "Whitelist all attribute assignment by default."
- [8] Egor Homakov: "How-To"
- [9] homakov/ClientSit Issue #3: "Hello, I m Bender"
- [10] rails/rails Issue #5239: "I’m Bender from Future. [TITLE FOR SALE]"
- [11] rails/rails Commit b839657: "wow how come I commit in master? O_o"
- [12] Kommentar unter [11]
- [13] GitHub Help: "Responsible Disclosure of Security Vulnerabilities"
- [14] Tim Pease (TwP), GitHub-Blog: "A Whole New Code Search"
- [15] Paul Ducklin, Sophos: "Do programmers understand the meaning of PRIVATE?"
- [16] Michael Mimoso, threatpost: "GitHub Search Down After Some Credentials and Crypto Keys Exposed"
- [17] RaiderSec: "Automatically Enumerating Google API Keys from Github Search"
- [18] Melissa Elliott, @0xabad1dea: "Oh geez just found an ssh password to a production server ..."
- [19] Brian Doll (briandoll), GitHub-Blog: "Secrets in the code"
- [20] GitHub Help: "Remove sensitive data"
- [21] Dan Palmer: "GitHub's Security Vulnerabilities"
- [22] Carsten Eilers: "Websecurity: Cookie Tossing"
- [23] Egor Homakov: "Hacking Github with Webkit"
- [24] Ryan Tomayko (rtomayko), GitHub Blog: "New GitHub Pages domain: github.io"
- [25] Chris Roussel: "[Full-disclosure] GitHub Login Cookie Failure" ff
- [26] Secunia Advisories für Git 1.x
- [27] GitHub Help: "GitHub Security"
- [28] Wynn Netherland (pengwynn), GitHub Blog: "Easier builds and deployments using Git over HTTPS and OAuth"
- [29] Joshua Peek (josh), GutHub Blog: "Content Security Policy"
- [30] W3C: "Content Securityy Policy 1.0"
- [31] W3C: "Content Securityy Policy 1.1"
Trackbacks