Big named company's course code leaked according to news reports
Several big-name companies haven’t been putting enough protection around some of their source code, according to news reports.
According to Blipping Computer, a security researcher named Tilly Kottman assembled a GitLab repository of source code from dozens of companies including Microsoft, Adobe, Lenovo, AMD, Qualcomm, Motorola, Hyalicon (owned by Huawei, Medtech, GE Appliance, Nintendo Roblox, Disney and Johnson Controls because of misunderstandings in their infrastructure.
Kottman told the news site that some companies are contacted before posting the code. When asked, the source code is removed from the repository. Furthermore, because some code originally included hardcoded credentials where possible, these have been removed before being posted to the repository to avoid security issues.
Bleeping Computer said it is unclear how much code is owned by Kottmann's servers and should be kept private. After looking at some code it is believed that some projects have been made public by their original developer, while others are outdated that they have not been updated in a while.
This is the first time the corporate source code has not been found to have adequate security. In January a Canadian security developer and researcher found two open Gibb accounts with application source code, internal usernames and passwords, and Rogers Communications' private keys. Rogers said the code was obsolete. Last year the same researcher found the source code related to Scotiabank on Github.
"From a technical standpoint, these leaks are not dramatic," Ilya Kolochenko, founder and CEO of web security company Immuniveb, said in an email. “Unless you have other pieces of technology, most of the source code is useless, and the important thing is to get complex systems to work properly. In addition, the source code rapidly depreciates without daily support and improvement. Thus, unscrupulous competitors are unlikely to receive much value, unless they are demanding very specific software. In addition, the illegal use of source code can prove to be quite easy and trigger several million lawsuits. "
But, he said, researchers posting the code could be prosecuted for a variety of reasons, including copyright infringement, conspiracy and computer crime laws. Larger companies are unlikely to go to court, he said, preferring to quickly remove source code from the repository and resume their internal DevOps security processes.
To prevent loss of source code, organizations should modify and continuously monitor their DevOps operations, converting them to agile DevSecOps, he said.
I want to learn hacking ....
ReplyDeleteLand chooos mera lovde hacker banna hain to yaha kyu machudaraha hain lovda
Deletebina lund wale aise baate ni kara karte madarchod... randi k beej
Delete