HackerTrans
トップ新着トレンドコメント過去質問紹介求人

lumberjack24

no profile record

投稿

[untitled]

1 ポイント·投稿者 lumberjack24·4 年前·0 コメント

[untitled]

1 ポイント·投稿者 lumberjack24·4 年前·0 コメント

Ggcanary – detect compromised DevOps environments with exposed AWS secrets

blog.gitguardian.com
3 ポイント·投稿者 lumberjack24·4 年前·0 コメント

Song predicted the rise of smartphones back in 2002

open.spotify.com
1 ポイント·投稿者 lumberjack24·4 年前·3 コメント

Surviving the GitHub OAuth hack – remediating thousands of hardcoded credentials

3 ポイント·投稿者 lumberjack24·4 年前·1 コメント

[untitled]

1 ポイント·投稿者 lumberjack24·4 年前·0 コメント

[untitled]

1 ポイント·投稿者 lumberjack24·5 年前·0 コメント

コメント

lumberjack24
·3 年前·議論
Forest Admin's out-of-the-box admin panel + the convenience of the cloud, this is all developers ever wanted for their internal tools!
lumberjack24
·3 年前·議論
To Casablanca, Morocco.
lumberjack24
·3 年前·議論
Hey, maybe try running a GitGuardian [1] scan on all those repositories to look for hardcoded secrets. GitGuardian can also test in some cases if the secrets are valid or not, meaning you have to revoke and rotate them asap. I hope this helps.

[1] https://www.gitguardian.com/monitor-internal-repositories-fo...

Disclaimer: I work for GitGuardian.
lumberjack24
·4 年前·議論
geez.
lumberjack24
·4 年前·議論
“dark matter” sounds like marketing speak.
lumberjack24
·4 年前·議論
well, they haven’t turned my building’s heating on yet.
lumberjack24
·4 年前·議論
Here's a checklist [1] (again, from gitguardian) of steps to follow before open-sourcing projects and [2] a guide on how to remediate hardcoded/exposed secrets.

[1] https://blog.gitguardian.com/safely-open-source-software-bes... [2] https://blog.gitguardian.com/leaking-secrets-on-github-what-...
lumberjack24
·4 年前·議論
Great idea, but hard to enforce. Just use a scanning CLI like TruffleHog, Gitleaks, or ggshield from GitGuardian to catch all sorts of hardcoded secrets.
lumberjack24
·4 年前·議論
GitGuardian actually does this, it monitors an extended perimeter of devs and their personal/open-source repos for corporate secrets or keywords – https://www.gitguardian.com/monitor-public-github-for-secret...
lumberjack24
·4 年前·議論
In the meantime, try ggshield cli https://github.com/GitGuardian/ggshield
lumberjack24
·4 年前·議論
The access model on platforms like GitHub is flawed, a single account can be used for both professional and personal projects/repositories, leading to “fat finger” errors like this one here...
lumberjack24
·4 年前·議論
I can’t help but wonder why qursān ended up being the final form instead of qursāl.
lumberjack24
·4 年前·議論
That hardcoded secret in the powershell script really was the key to the Uber ride-hailing kingdom – https://blog.gitguardian.com/uber-breach-2022.
lumberjack24
·4 年前·議論
open to referrals?
lumberjack24
·4 年前·議論
lumberjack24
·4 年前·議論
show me the mrr
lumberjack24
·4 年前·議論
Photos don’t load on mobile :/
lumberjack24
·4 年前·議論
These folks must be retired by now and they have lived enough to find out they lost their crusade against computers.
lumberjack24
·4 年前·議論
Try https://www.specifyapp.com and thank me later!
lumberjack24
·4 年前·議論
Just like shrimps are sea cockroaches.