Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Great Git security story and suggested work arounds

John Menerick

People wonder why Microsoft keeps their repository secured with armed guards and what not...

http://mikegerwitz.com/docs/git-horror-story.html

"...You quickly check the history. git log --patch 3bc42b. “Added missing docblocks for X, Y and Z.” You form a puzzled expression, raising your hands from the keyboard slightly before tapping the space bar a few times with few expectations. Sure enough, in with a few minor docblock changes, there was one very inconspicuous line change that added the back door to the authentication system. The commit message is fairly clear and does not raise any red flags — why would you check it? Furthermore, the author of the commit was indeed you! Thoughts race through your mind. How could this have happened? That commit has your name, but you do not recall ever having made those changes. Furthermore, you would have never made that line change; it simply does not make sense. Did your colleague frame you by committing as you? Was your colleague’s system compromised? Was your host compromised? It couldn’t have been your local repository; that commit was clearly part of the merge and did not exist in your local repository until your pull on that morning two months ago. Regardless of what happened, one thing is horrifically clear: right now, you are the one being blamed...."

 

DPAPI still applicable?

Airing one's dirty development laundry - You are doing it wrong