What We Know About The xz Utils Backdoor That Almost Infected The World
- Dan Goodin tl;dr: “A lone Microsoft developer rocked the world when he revealed a backdoor had been intentionally planted in xz Utils, an open source data compression utility available on almost all installations of Linux and other Unix-like operating systems. The person or people behind this project likely spent years on it. They were likely very close to seeing the backdoor update merged into Debian and Red Hat, the two biggest distributions of Linux, when an eagle-eyed software developer spotted something fishy.”featured in #503
Are You Ready For PCI DSS 4.0?
- Robert Curlee tl;dr: If your organization handles or processes card payment data, an important milestone is upon you with the coming retirement of PCI DSS 3.2.1 and the following adoption of the new PCI DSS 4.0 standard. SonarQube can help you prepare for the new PCI DSS 4.0 requirements by identifying vulnerabilities, automating standards enforcement, conducting regular code reviews, and training developers on secure coding practices.featured in #498
Why Passkeys Improve User Security & How to Implement Them.
tl;dr: Passwords are a headache for users and a security risk for organizations. Passkeys, a cutting-edge solution rooted in public key cryptography, are poised to revolutionize authentication, improving security and usability for all. This paper talks about how they work and how to implement them into your ecosystem.featured in #487
Keep Your Secrets From Leaking
- Alexandre Gigleux tl;dr: Secrets in your source code, when leaked, expose you to a security vulnerability due to illicit access to your private data. Sonar can find secrets in source code in your IDE using SonarLint and also detect them in your CI/CD pipeline using SonarQube and SonarCloud.featured in #484
Keep Your Secrets From Leaking With Sonar
- Alexandre Gigleux tl;dr: Secrets in your source code, when leaked, expose you to a security vulnerability due to illicit access to your private data. Sonar can find secrets in source code in your IDE using SonarLint and also detect them in your CI/CD pipeline using SonarQube and SonarCloud.featured in #483
Common Authentication Implementation Risks And How To Mitigate Them
- James Hickey tl;dr: Data breaches are more common than ever. Ensuring a secure authentication system is critical to your trust with customers. Whether you build or buy your auth solution, this article offers insights into secure practices that can help keep you and your customers safe.featured in #467
What Is Aleo, The Privacy-First Blockchain?
- Brenner Schlueter tl;dr: Aleo's data security uses zero-knowledge tech to keep information safe while enabling seamless online services. It's a game-changer for developers.featured in #460
How I Made A Heap Overflow in Curl
- Daniel Stenberg tl;dr: Daniel discusses a significant security flaw in curl, which he describes as the "worst security problem found in curl in a long time." The vulnerability stems from a heap overflow issue related to how curl handles SOCKS5 proxy connections with overly long hostnames. Daniel explains the technical intricacies of the flaw, its origins, and the subsequent fix.featured in #456
featured in #436
featured in #435