Github   155655

« earlier    

Man gets threats—not bug bounty—after finding DJI customer data in public view | Ars Technica
DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.

Finisterre found the security error after beginning to probe DJI's systems under DJI's bug bounty program, which was announced in August. But as Finisterre worked to document the bug with the company, he got increasing pushback—including a threat of charges under the Computer Fraud and Abuse Act (CFAA). DJI refused to offer any protection against legal action in the company's "final offer" for the data. So Finisterre dropped out of the program and published his findings publicly yesterday, along with a narrative entitled, "Why I walked away from $30,000 of DJI bounty money."
dji  cybersecurity  amazon  bugbounty  pki  github 
yesterday by bwiese
https://github.com/berlam/github-bucket
Deploy public or private GitHub repositories automatically to S3 buckets using Git and deploy keys.
deployment  s3  github 
yesterday by john_oshea
Fast path finding library ngraph.path
Check out this super fast path finding library on ! Perfect for a map 🎮
GitHub  game  Dev  from twitter_favs
yesterday by codepo8
Twitter
Check out this super fast path finding library on ! Perfect for a map 🎮
GitHub  game  Dev  from twitter_favs
yesterday by codepo8
BurntSushi/ripgrep: ripgrep combines the usability of The Silver Searcher with the raw speed of grep.
ripgrep is a line-oriented search tool that recursively searches your current directory for a regex pattern while respecting your gitignore rules. To a first approximation, ripgrep combines the usability of The Silver Searcher (similar to ack) with the raw speed of GNU grep. ripgrep has first class support on Windows, macOS and Linux, with binary downloads available for every release.
macosx  linux  windows  grep  textprocessing  tool  github  license.mit  opensource  cli  performance  rust 
yesterday by ezequiel

« earlier    

related tags

3ds  a11y  accessibility  adafruit  aggregator  amazon  article  autolayout  automation  bestpractices  boilerplate  bugbounty  checklist  chef  chrome  cli  cocoa  code  coding  commandline  container  cordova  css  cv  cybersecurity  deployment  design  dev  develop  developer  development  devops  diff  discussion  diy  dji  docker  documentation  duplicate  education  engineering  ethereum  favorite  feed  framework  from:ifttt  ftp  funding  game  geek  generalization  generate  generator  geo  geojson  gis  gist  git  github  googledocs  grep  homebrew  html  ifttt  important  ingress  ingresscontroller  ios  javascript  js  kubernetes  lang:en  learn  library  license.mit  linux  logging  logs  machine  machine_learning  macosx  makecode  management  manager  mapping  maps  markdown  microsoft  mock  monitoring  needs-tags  nginx  node  nodejs  observable  opensource  pandoc  pdf  performance  pipelines  pki  plugin  plugins  processing  producthunt  productivity  programming  project  publishing  push-notification  python  readme  reference  repo  repos  reproducible  research  resource  rmarkdown  rss  rust  s3  scripting  search  security  selenium  service  serviceworker  sftp  shapefile  shorteners  simplify  software  spaces  ssh  starred  stars  study  swift  sysadmin  tabs  task  tech  testing  textprocessing  tool  tools  tutorial  unit-testing  universal  url  utility  vim  vue.js  warelogging  web  webapp  webfonts  wifi  windows  writing 

Copy this bookmark:



description:


tags: