twitter facebook github google-plus xing linkedin instagram

MoR: IT-Security - Data Breaches and Package Manager

MoR: IT-Security - Data Breaches and Package Manager

Each last Thursday of the month, Münster’s developers and tech enthusiasts come together for Monster on Rails (MoR). MoR is an ongoing community event, hosted at the zweitag office. Last Thursday it was time for another MoR event, this time with two talks covering the topic „IT-Security“. A particularly hot topic, due to intelligence agencies like the NSA collecting a ton of data, and large companies in fear of possible data thefts.

First on stage was Jan, starting with an introduction into IT-Security and how and why developers should care. He pointed out that IT-Security has to be implemented at many levels, as it takes more than a secure password to protect a system well. Showing us why you should enable Perfect Forward Secrecy and use Transport Layer Security all-over your users connections. He also gave advice about secure emailing with PGP and S/MIME. In addition, he explained how harmful the Sony data breach has been for the company—shockingly harmful. Bottom line Jan told us to use encryption over all levels: connections, storages, etc.

Our second session, held by Johannes, addressed the Security of Package Managers. Even though package managers are our friends and facilitate to our workflows tremendously their use can harm us. Johannes brought the audience to think about their habits—are they secure enough? With the question of whether or not everyone knows: How are the utilized open source packages implemented? In addition he showed, hands on, how easily it is to implement hidden malicious source code into pre and post hooks of common package installers like NPM,RubyGems or pip. Furthermore Johannes told witty anecdotes about big security breaches from all sorts of companies. Last but not least he introduced us to RubberDuckyUSB. A security-awareness-thingy showing us how easy it is to break into someone’s system while having physical access to it.

We’re looking forward to our next meeting on 2014-04-24. Upcoming Monster on Rails in April we’ll be talking about Docker and mobile app development with Phonegap.

You are looking for the right partner for successful projects?
We'd love to help – let's get in touch!
Contact us