Application Security This Week for August 12

Interesting idea - introducing bugs to make software more difficult to attackers to navigate.  Seems risky to me; I would rather see self-reporting software.

https://arxiv.org/pdf/1808.00659.pdf

 

Cloudflare has a really really good writeup on TLS 1.3.

https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/

 

Questionably ethical hacker steals credentials from the Homebrew repo and makes a commit.

https://medium.com/@vesirin/how-i-gained-commit-access-to-homebrew-in-30-minutes-2ae314df03ab

 

Viral tweet thread on the "voatz" software that WVa is planning on using for midterm elections. Vulnerabilityapalooza.

https://twitter.com/GossiTheDog/status/1026603800365330432

 

Portswigger posted a nice primer on cache poisoning.

https://portswigger.net/blog/practical-web-cache-poisoning

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList