Posts about Security

PROJECT SPACECRAB lets you build comprehensive honeytoken detecting and alerting infrastructure in AWS

Git(CVE-2017-1000117), Mercurial(CVE-2017-1000115, CVE-2017-1000116) and SVN(CVE-2017-9800) recently released fixes for vulnerabilities in their client-side applications that could lead to remote code execution on the victims machine.

Late last week, there were new releases for both Node.js and io.js that addressed a recent critical security concern. A bug in the V8 JavaScript engine was found that could cause a denial of service attack. Vendors with add-ons running Node.js or io.js in production may want to upgrade your servers.

A few weeks ago, a "vulnerability" was discovered in a new security feature that shipped in Git 2.2.0: signed pushes. No need to panic though! It is vanishingly unlikely that anyone would be able to successfully exploit this particular problem. In fact, the issue was quietly fixed a few days ago in the 2.3.7 point release.