Tag Archives: Security

AWS Secrets… Yes!!

YES! ! AWS Secrets!!

https://aws.amazon.com/blogs/aws/aws-secrets-manager-store-distribute-and-rotate-credentials-securely/

I’d say secrets in parameter store are like Serverless credentials in Jenkins while secrets in secrets manager are like Serverless hashicorp vault. The difference for now is in the limits of use – SSM is free but would not work well when saturated with many calls – you are expected to use it moderately, while in AWS secrets you are not limited cause you pay. I believe in the future AWS secrets will be more feature-rich.

Open Source Security Validation Plug-in [Cool!]

WhiteSource’s New Selection Tool Helps Developers Choose Better Open Source Components

OS X and iOS Unauthorized Cross Application Resource Access (XARA)

This is about rouge apps that preset the environment that other mass used apps will need once activated. Those rouge apps can later hook to those resources, having unauthorized access due to the fact they initiated the creation of the place holder for those resources.

The iOS sandbox protection mechanism can’t yet block this vulnerability.

This becomes very unsettling if you consider your iOS and OSx keychain password store can be exposed as well…

Read more on how this works and how to mitigate the risk. Basically avoid installing apps from

https://isc.sans.edu/diary/OS+X+and+iOS+Unauthorized+Cross+Application+Resource+Access+%28XARA%29/19815