Tech

Travis CI flaw exposed secrets of thousands of open source projects

Posted on Author admin Comments Off on Travis CI flaw exposed secrets of thousands of open source projects
Travis CI flaw exposed secrets of thousands of open source projects

Enlarge (credit: Getty Images)

A security flaw in Travis CI potentially exposed secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. However, a vulnerability in the tool made it possible for secure environment variables—signing keys, access credentials, and API tokens of all public open source projects—to be exfiltrated.

Worse, the dev community is upset about the poor handling of the vulnerability disclosure process and a thinly worded “security bulletin” it had to force out of Travis.

Environment variables injected into PR builds

Travis CI is a popular choice of software-testing tool among developers due to its seamless integration with GitHub and Bitbucket. As the makers of the tool explain:

Read 16 remaining paragraphs | Comments

Related Articles
Tech

Recent Ebola outbreak emerged from someone infected 5 years earlier

Posted on Author admin

Enlarge / Health care workers don protective equipment before working with Ebola patients. (credit: Bloomberg / Getty Images) A large international research group released a paper today suggesting that Ebola viruses can emerge from five years of dormancy to start off a new outbreak of infections. While this isn’t the first instance in which Ebola re-emerged […]
Tech

Apple turns post-lawsuit tables on Epic, will block Fortnite on iOS

Posted on Author admin

Enlarge / A Fortnite loading screen displayed on an iPhone in 2018, when Apple and Epic weren’t at each other’s legal throats. (credit: Andrew Harrer | Bloomberg | Getty Images) Weeks after Epic’s apparent “win” against Apple in the Epic Games v. Apple case, Apple issued a letter denying Epic’s request to have its developer […]
Tech

FBI sold phones to organized crime and read 27 million “encrypted” messages

Posted on Author admin

Enlarge / A digital Trojan horse. (credit: Getty Images | posteriori) The Federal Bureau of Investigation created a company that sold encrypted devices to hundreds of organized crime syndicates, resulting in 800 arrests in 16 countries, law-enforcement authorities announced today. The FBI and agencies in other countries intercepted 27 million messages over 18 months before […]