Discussed Articles

1) How Netflix Gives All Its Engineers SSH Access To Instances Running In Production

One of the ways Netflix enables engineering velocity is with a culture of 'freedom and responsibility' that empowers individuals with the freedom to do what is needed to get the job done. As a result, the security teams at Netflix focus on reducing developer friction, making it hard to do the wrong thing, and then rely on auditing, automated analysis, and alerting to keep things safe. Russell Lewis reviews a few approaches used in the industry to secure SSH bastions (aka jumpboxes) and evaluates them through the lens of Netflix’s security culture.

* https://speakerdeck.com/rlewis/how-netflix-gives-all-its-engineers-ssh-access-to-instances-running-in-production

* https://github.com/netflix/bless

2) Chrome Defaults To HTML5 Over Adobe Flash Starting in Q4

In which we discuss Google's continued efforts to kill off Flash and how long Google will continue to be a chaotic force for good on the Internet

* https://threatpost.com/chrome-defaults-to-html5-over-adobe-flash-starting-in-q4/118109/

3) Clearing up Some Misconceptions Around the 'ImageTragick' Bug

A discussion of the underlying issues that lead to the impact of the ImageMagick vulnerabilities and whether it's always the right choice to rely on third-party modules for basic functionality.

* https://lcamtuf.blogspot.nl/2016/05/clearing-up-some-misconceptions-around.html

* https://github.com/oneuijs/You-Dont-Need-jQuery

* http://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/

* https://github.com/rubysec/bundler-audit

* https://jenssegers.com/63/automatically-check-your-composer-file-for-security-vulnerabilities

* https://github.com/OSSIndex/DevAudit

4) Honorable Mention: 'Demonically Clever' Backdoor Hides In a Tiny Slice of a Computer Chip

* https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/

* https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf