If You Can't Trust your Certs....Tales from GitHub

Carl Ford : 4G: For Generations to Come
Carl Ford

If You Can't Trust your Certs....Tales from GitHub

Once again we have discovered that PublicKeys can be thwarted and in this case the victim was GitHub.  Now I have to tell you,  I am constantly asked to run a security event.  And the reality is that I have security training, but no one wants to admit that they need it.  Especially a place that supports open source.  I mean the very name suggests security is not an issue. 

However as the Egor Homakov point out, there is a problem in being too open.  Particularly the ability to delete and inject in other people's files.  In our case the Closing DevCon5 Session about Node.js run by Alex Cruikshank and Rudy Jachan was posted on GitHub.

The issue of Security is not set in stone yet for HTML5 and we use OWASP to keep us updated.  However, the managing of security is always dynamic and relies on open discussion.  So rather thank suspending accounts and shooting the messenger we thank Egor for his efforts, (and hope we don't hear from him again).

Tags: Related tags: ,

Related Entries TrackBacks | Comments | Tag with del.icio.us | 4G Wireless Evolution Home | Permalink: If You Can't Trust your Certs....Tales from GitHub


Copyright 4G Wireless Evolution