Posts tagged with "security"

• April 17, 2020

  Example of Why You Always Vet Dependencies

  TL;DR Read your prospective dependency’s source. You might find evals for no reason. I normally read a good chunk if, not all of the code of a dependency before I add it to my projects except in the case of community standard things such as ActiveSupport or Sequel. Going over a prospective dependency today just

• April 10, 2020

  Meltdown Spectre JavaScript Exploit Example

  Proof of concept possible on every kernel running on intel CPUs that don’t have mitigations in place. https://react-etc.net/page/meltdown-spectre-javascript-exploit-example

• August 23, 2019

  Ruby rest-client Gem Hijacked

  We stand on the shoulders of giants, but the giants don’t use two factor auth. https://github.com/rest-client/rest-client/issues/713

• April 2, 2019

  Updating your own game via exploit

  Quoted from Jonathan Garrett, Insomniac Games Ratchet and Clank: Up Your Arsenal was an online title that shipped without the ability to patch either code or data. Which was unfortunate. The game downloads and displays an End User License Agreement each time it’s launched. This is an ascii string stored in a static buffer. This buffer

• February 24, 2019

  Perceived Security, Trust, and the Ken Thompson Hack

  Correction: In the talk I mentioned Chrome has its own root ca store, which is only partly true. On macOS and Windows Chrome uses a blacklist with the underlying OS providing the root CA store. On Linux it uses NSS, which is sometimes the “system” one, but sometimes not. Root Certificate Policy Chromium Links in

• July 25, 2018

  Ken Thompson Hack

  Every few months/years I remember this happened and it scares the hell out of me. http://wiki.c2.com/?TheKenThompsonHack

• July 9, 2018

  Crooks install skimmer on POS in 2 seconds

  Wow. I knew skimmers could be installed fast but this shows just how easy it is. https://boingboing.net/2018/07/09/crooks-install-skimmer-on-poin.html