~lobsters | Bookmarks (161)
-
CHERIoT and the supply chain
Late last week we learned that much of the world narrowly avoided a backdoor in SSH,...
-
Putting an xz Backdoor Payload in a Valid RSA Key
Last week, a backdoor was discovered in xz-utils. The backdoor processes commands sent using RSA public...
-
Kobold letters – Lutra Security
Anyone who has had to deal with HTML emails on a technical level has probably reached...
-
Attacker Techniques: Gesture Jacking
A few years back, I wrote a short explainer about User Gestures, a web platform concept...
-
False security: Dashy's client-side authentication
Update 3/28: The devs have announced that the auth system is to be deprecated. See details...
-
Introducing Ruzzy, a coverage-guided Ruby fuzzer
By Matt Schwager Trail of Bits is excited to introduce Ruzzy, a coverage-guided fuzzer for pure...
-
Flatpak Permission Survey | Eric Anderson
When working through yesterday’s post, half-way through I found the 2020 flatkill.org post and the TheEvilSkeleton...
-
How secure are passwords stored in Chrome or Firefox? | Lobsters
(I thought I’d ask here rather than stackoverflow or reddit because I trust people here more,...
-
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own
Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited...
-
Arch Linux minimal container userland 100% reproducible - now what? - Arch-dev-public - lists.archlinux.org
hello, in last week's email to the reproducible-builds email list[1] about reproducible Arch Linux I mentioned...