Plaintext passwords in internal logs at Twitter and Github

Two very related items this week:

  • Github notified a small subset of users that their passwords were visible in internal logs: link
  • Twitter asks for a password reset after discovering a similar issue: link
Dieter Van der Stock

Gsuite security - personal project

This is a personal one. I'm building a product that gives you a security rundown of your gsuite account, with items like:

  • accounts without 2fa enabled
  • recently failed or suspicious logins
  • publicly readable groups and documents
  • recent oauth approvals

You run it to make sure everything is peachy inside your organisation, and to see where there's work left to be done.

It will probably be self-hosted, so only you have access to your data. Although I'm eager for your feedback on that. If you're interested, let me know right here.

Dieter Van der Stock