‘Security’ Archive

Expat 2.2.2 released 2017-07-14 No Comments

Includes security fixes, a short article about the release is up here: Expat 2.2.2 released (XML.com)  

Expat 2.2.1 with security fixes has been released 2017-06-18 No Comments

Expat 2.2.1 has been released. It’s a security release with a variety of security fixes, for instance: An infinite loop denial-of-service fix (that Rhodri James wrote more about), introduction of SipHash against sophisticated hash flooding, use of OS-specific high quality entropy providers like getrandom, integer overflow fixes, and more. We also got better code coverage, […]

Fwd: Issues with window.opener (HTML, not just JavaScript) 2017-06-11 No Comments

About rel=noopener (mathiasbynens.github.io)

Disqus(ting) / Fwd: What’s Wrong with Disqus? 2017-05-08 No Comments

What’s Wrong with Disqus? / Replacing Disqus with Github Comments (donw.io)

Fwd: Security (or lack of) at Number26 2017-01-09 No Comments

Hi! I would like to share a talk that I attended at 33c3. It’s about a company with a banking license and accounts with actual money. Some people downplay these issues as “yeah, but the issues were fixed” and “every major bank probably has something like this”. I would like to reply: With a bit […]

Fwd: (German) Telefónica verkauft Bewegungsdaten seiner O2/E-Plus-Kunden (auch blau.de) No Comments

Telefónica verkauft jetzt Bewegungsdaten seiner O2/E-Plus-Kunden http://winfuture.de/news,94116.html Widersprechen auf: https://www.telefonica.de/dap/selbst-entscheiden.html

arc4random_uniform and avoiding modulo bias when using a random number generator 2016-07-30 No Comments

Using the arc4random_uniform function is recommend over using arc4random: Former is advertised as not having “modulo bias” issues, see man arc4random. (So I got curious, searched the web a bit, found this blog post, this answer and this link to the source code of one version used by Apple’s. It took me a bit to […]

Disable Komodo IDE debugger (bound to 0.0.0.0, run by default) 2016-03-14 No Comments

Komodo IDE starts a debugger bound to 0.0.0.0, by default. Maker ActiveState’s reaction was rather irritating to me at the time when I asked for an option to bind to 127.0.0.1, instead (update: page offline by now). I can no longer add links to that post, but I can link to my demo Komodo IDE […]

Fwd: The Case of the Modified Binaries / Downloading binaries through plain http:// 2015-08-24 No Comments

It seems I forgot to forward this when it blew my mind the first time. If you still need a reason to not download binaries from http:// URLs, this is it: The Case of the Modified Binaries http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/ While SourceForge is another story, they are an example of a website offering binaries through plain http://, […]

Fwd: One in every 600 websites has .git exposed 2015-07-27 No Comments

One in every 600 websites has .git exposed http://www.jamiembrown.com/blog/one-in-every-600-websites-has-git-exposed/