Author: Dwayne McDaniel

You probably are here because you leaked a secret somewhere and want to get straight to rotating the secret. If you are a solo developer or you know for sure you are the only user of the secret and understand what rotating the secret might disrupt, start here: Rotate the secret and store the new credential safely.

If you work in a team and are not sure who uses this secret, what it gives access to, or what outages might occur from rotating it, then please read on.

If you have ever heard of Wilmington, North Carolina, it might be because the WW2 battleship North Carolina is moored there, or that it is a historically significant shipping town, or because of its role in the US-British Revolutionary War. But starting in 2023, it is also known as the East Coast home for the Techno Security and Digital Forensics Conference, which was previously held in Myrtle Beach. 2023 also marked the 23rd year of the conference and community, this year bringing together just over 1,000 total participants.

Many of the sessions were directed at law enforcement officers, leaning into the digital forensics side of the conference, and a lot of the attendees worked with various government agencies. There were also plenty of sessions for the general security community as well. Here are just a few of the highlights from this enlightening cybersecurity event.

Austin, Texas, is a city filled with music, vibrant nightlife, and some legendary BBQ. It is also one of the great tech hubs of the southern United States, home to a wide variety of tech innovators like Indeed, SolarWinds, and Amazon's Whole Foods. It is simultaneously home to one of the largest tech events in the world, SXSW, as well as many smaller tech events, including BSides Austin 2023.

Like other BSides, Austin had informative sessions, a number of training opportunities, and several villages, including capture the flag, lockpicking, and more. Here are just a few of the highlights from this year's excellent event.

Secrets leakage is a growing problem affecting companies of all sizes, including GitHub. They recently made an announcement on their blog regarding an SSH private key exposure:

[Last week, GitHub] discovered that GitHub.com’s RSA SSH private key was briefly exposed in a public GitHub repository.

The company reassured the public explaining that the key was only used to secure "Git operations over SSH using RSA," meaning that no internal systems, customer data, or secure TLS connections were at risk. They reacted immediately by detecting the incident and changing the key:

The Javits Center in NYC opened its doors to hundreds of security experts from all around the world on November 15th and 16th, 2022. Over those two info-packed days, attendees participated in panels and presentations and shared their knowledge about enterprise security. Here are just some of the highlights from CyberTech NYC 2022

The Larger the Organization, the More Turtles to Corral

Early in the conference, CyberTech Co-Founder Amir Rapaport shared a very good analogy for how large enterprises have transformed, corralling turtles.

Turtles move slowly, akin to how fast we adopt new tech or modify existing systems. If you only have a few turtles, keeping up with them and making sure they are safe is pretty straightforward. But when you add more and more turtles, it becomes increasingly difficult to manage them. When you get to hundreds or thousands of turtles, or IT services, manually chasing them and keeping them safe becomes overwhelming.

Unfortunately, there is no silver bullet to this problem of herding turtles; it just takes staying vigilant and aware of newly emerging threats. This introductory session set the tone of the event, and his message of staying on top of new trends was echoed throughout the rest of CyberTech.

Most developers love working in the terminal, tying together all sorts of tools with command line interfaces, CLIs, via scripting. Working with CLIs is powerful, but it can be challenging to initially learn all the ways a tool can help you do your work. While the only real way to learn any tool is by using it, one time-tested method to get over the learning curve is to keep a short list of common commands, as well as concept recaps, on hand for using the tools.

At the same time, it is pretty common to adopt a tool for one or two specific functions, without investigating what other commands a tool offers. For example, just think about how many Git commands you use regularly out of the 164 currently available commands. Getting a holistic view of how a command line tool is structured and the possible commands can help you make better use of the platform.