Signal App, Jenkins Servers, & WordPress – Application Security Weekly #44 | SC Media
Identity and access

Signal App, Jenkins Servers, & WordPress – Application Security Weekly #44

December 19, 2018
Facebook bug exposed private photos of 6.8 million users, thousands of Jenkins servers will let anonymous users become admins, Signal app can't include a backdoor for the Australian government, WordPress plugs bug that led to Google indexing some user passwords, and more!

News=

Bugs, Breaches, and More!
1.) Facebook bug exposed private photos of 6.8 million users 2.) Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers 3.) Thousands of Jenkins servers will let anonymous users become admins 4.) phpMyAdmin 4.8.4 is released
If you Build It, They Will Come
1.) One giant step backwards for cyber security in encryption bill fiasco 2.) Signal: We can't include a backdoor in our app for the Australian government 3.) WordPress plugs bug that led to Google indexing some user passwords 4.) Forget Shifting Security Left; It's Time to Race Left
Learning & Tools
1.) SwitfnessX: A cross-platform note-taking & target-tracking app for penetration testers 2.) The Go Programming Language 3.) Project to Product 4.) It Doesn't Have to Be Crazy at Work
Food for Thought
1.) JIRA is an antipattern 2.) We need Sustainable Free and Open Source Communities 3.) Stripe Atlas: Scaling engineering organizations 4.) CommitStrip: Security vs. Business Full Show Notes Follow us on Twitter: https://www.twitter.com/securityweekly

Hosts

[caption id="attachment_210" align="alignleft" width="120"]Keith Hoodlet Keith Hoodlet - Application Security Manager, Thermo Fisher Scientific.[/caption] [caption id="attachment_210" align="alignleft" width="120"]Paul Asadorian Paul Asadorian - CEO, Security Weekly.[/caption] [audio src="http://traffic.libsyn.com/sw-all/Signal_App_Jenkins_Servers__WordPress_-_Application_Security_Weekly_44_converted.mp3" ]
prestitial ad