Source code leak: Code leaked from public repositories of large companies

[ad_1]

The Swiss Android developer Till Kottmann has discovered a number of data leaks that unintentionally disclose access to source code through his own research into incorrectly configured DevOps tools – including SonarQube server, for example – as well as various other sources. The vulnerabilities affected around 50 companies from a wide range of industries, such as finance, technology, retail, manufacturing and eCommerce. According to Bank Security researchers, the data leaks are found not only at some banks and providers of identity and access management, but also well-known companies such as Microsoft, Lenovo, Nintendo, AMD, Motorola, Disney and the Huawei subsidiary Hisilicon.

Detect data leaks, close data leaks

Kottmann has collected the leaked code of around 50 companies, which can obviously be classified as “Confidential & Proprietary”, in a publicly accessible GitLab repository. It is still unclear to which parts the disclosed code of affected companies is proprietary. Sometimes the code also contains hard-coded access data – the companies concerned were not always contacted in advance, as the Swiss admitted to the online portal Bleeping Computer on request, but he strives to “minimize the negative impact of the publication”.

Apparently Kottmann offers affected companies as a service to close the leaks. So far, however, not all of those contacted by him have decided to seal the leaks. In addition, however, some of the developers behind the source codes published in Kottmann’s GitLab repository have now informed about the data leaks.

According to Kottmann, one of the most common reasons for data leaks is a poorly or even incorrectly configured infrastructure. In particular, DevOps tools such as the open source platform SonarQube, whose services for automated debugging and static code analysis are used by many developers to identify vulnerabilities, could themselves be the cause of a data leak. If the installation is not configured securely, it can also make proprietary code accessible, explains Kottmann.

The developer reports on his website, on a Telegram channel and on Twitter under his pseudonym deletescape regularly about leaks. Among other things, he also explained a major leak at Nintendo called Gigaleak, which made the source code and development repositories of some classic games accessible.


(sih)

To home page

[ad_2]

Share:

Facebook
Twitter
Pinterest
LinkedIn

Leave a Reply

Related Posts

Can You Snort Marijuana

Can You Snort Marijuana Simply put, snorting marijuana is not a smart or safe way to use it. Most people smoke, vape, or eat edibles

Can Marijuana Cause Diarrhea

Can Marijuana Cause Diarrhea Simply put, using marijuana can sometimes cause stomach problems like diarrhea, but it’s not completely clear if one directly causes the

Drying Marijuana in Paper Bags

Drying Marijuana in Paper Bags Key Takeaways Discover why using paper bags is advantageous for drying marijuana Learn essential steps and expert techniques for efficiently

Can You Vacuum Seal Marijuana

Can You Vacuum Seal Marijuana You can totally vacuum seal your weed, no problem. Vacuum sealing helps keep your stash fresh and potent by getting

Need help? Want to talk?
Simply reach out through out contact page

Weed and gaming…
It’s what we do, and it’s what we talk about.

News

  • Marijuana developments
  • CBD + Health
  • Gaming news
  • MODs and hacks

About us

Location

1931 Red Maple Drive
Los Angeles,
CA 90017

Contact No: 973-787-7847

hello@marijuanapy.com