Backstop Weekly Roundup - 2018-10-17

Date 2018-10-17 00:00:00 +0000
Share this post:

Hello Backstoppers!

Welcome to this week’s issue of our weekly roundup! This is product updates, security news, and important to know information in one easy to digest email.

On the product side, we’ve been working hard on a number of infrastructure updates.

  • A few of you asked to port scan and get uptime for thousands of IP’s. We now support that, though you’ll need to use the API to add them. We’re still planning a dashboard rev to better handle large amounts.

  • We now (optionally) send a daily reminder email to those GSuite users that don’t have 2-factor authentication turned on. You can turn this on in your Google Authentication check settings.
    • If you want a specific email template to be used for this (instead of our default), contact us and we’ll set that up.

  • We’re also revving our email templates and slack messages so that you get better notifications with larger numbers of hosts. These changes are already rolling out.

  • We’re in the process of adding a minimum number of failed checks before alerting as well (another customer request)!

  • We’ll be publishing a glossary page to help clarify a bunch of devops and security terms are always thrown around without any explanation

In security news:

  • GitHub released two huge security tools
    • They’ve expanded their code CVE checker to support Java and .NET. You can enable it in the settings tab for any given repo.
      • If you’re interested in failing your build if a CVE is found in a dependency, let us know. We’ve been thinking about building this tool, but we’d love to hear from you.
    • GitHub also pushed their secret/token scanning to public beta. It only scans public repos, but it’s bad practice to have those secrets in code even in private repos. We have an alpha tool that will scan your private repos. Contact us if that’s helpful!

  • Many federal agencies missed their deadline for enabling DMARC It’s not hard to do (especially on GSuite), but it does take some setup. You also want to setup DKIM. Gsuite instructions are here, and you can use MX Toolbox to verify.

  • We’ve also been testing Google’s titan security keys. No showstoppers so far, though the NFC setup could be better. We’ll have a larger write up on the process/experience after we’ve had more time with the system.

  • The Apollo data breach hit hard. We’ve seen customers with over 1/3 of their users credentials in the breach. Change those passwords!

That’s all for now, we’ll see you next week!