Posts tagged with "security"

  • Example of Why You Always Vet Dependencies

    TL;DR Read your prospective dependency’s source. You might find evals for no reason. I normally read a good chunk if, not all of the code of a dependency before I add it to my projects except in the case of community standard things such as ActiveSupport or Sequel. Going over a prospective dependency today just

  • Meltdown Spectre JavaScript Exploit Example

    Proof of concept possible on every kernel running on intel CPUs that don’t have mitigations in place.

  • Ruby rest-client Gem Hijacked

    We stand on the shoulders of giants, but the giants don’t use two factor auth.

  • Updating your own game via exploit

    Quoted from Jonathan Garrett, Insomniac Games Ratchet and Clank: Up Your Arsenal was an online title that shipped without the ability to patch either code or data. Which was unfortunate. The game downloads and displays an End User License Agreement each time it’s launched. This is an ascii string stored in a static buffer. This buffer

  • Perceived Security, Trust, and the Ken Thompson Hack

    Correction: In the talk I mentioned Chrome has its own root ca store, which is only partly true. On macOS and Windows Chrome uses a blacklist with the underlying OS providing the root CA store. On Linux it uses NSS, which is sometimes the “system” one, but sometimes not. Root Certificate Policy Chromium Links in

  • Ken Thompson Hack

    Every few months/years I remember this happened and it scares the hell out of me.

  • Crooks install skimmer on POS in 2 seconds

    Wow. I knew skimmers could be installed fast but this shows just how easy it is.