This event is in collaboration with The Yorkshire Cyber Security Cluster.
SPEAKER
Ben Sloan, Lead Engineer in the UK Civil Service, helping the government to build interesting things at scale
AGENDA
17:30 - Light refreshments
18:30 - Talk starts
19:30 - Event ends
SYNOPSIS
Have you ever upgraded a nuget package, then later found out that it almost led to the breach of millions of records of customer data? I have, and I’d like to tell you about it... Welcome to ‘The domino effect’.
This is an experience report / postmortem detailing how updating one of the most popular and common nuget packages in the world (probably in use in almost every .net project everywhere - Newtonsoft.Json) sparked a somewhat unpredictable chain of events which ultimately led to a customer database of millions of customers at a major e-commerce retailer becoming public, which could have been a major incident impacting peoples’ lives.
A thorough forensic investigation followed, and fortunately we were able to prove no data had been stolen or lost but only just by the skin of our teeth. This was the near-miss of all near-misses.
This talk looks at the ‘domino effect’ that happened from updating the package to data being left on a public and unprotected instance for almost two weeks.
