Collaborate Disseminate
There seems to be a new trend in malware, targeting developers and their development and build processes. The appeal is obvious: rather than working to build and market a malicious …read more Continue reading This Week in Security: XcodeSpy, Insecure SMS, and Partial Redactions
Last month, large parts of the southern United States experienced their coldest temperatures since the 1899 Blizzard. Some of us set new all-time lows, and I was right in the …read more Continue reading Ask Hackaday: How Do You Prepare?
Google has been working on mitigations for the Spectre attack, and has made available a Proof of Concept that you can run in your browser right now. Spectre is one …read more Continue reading This Week in Security: Spectre in the Browser, Be Careful What you Clone, and Hackintosh
Microsoft’s Patch Tuesday just passed, and it’s a humdinger. To add the cherry on top, two seperate BSOD inducing issues led to Microsoft temporarily pulling the update.
Among the security vulnerabilities fixed is CVE-2021-26897, another remote code exploit in the …read more
Project Zero just unrestricted the details on CVE-2021-24093, a potentially nasty vulnerability in Windows 10’s DirectWrite, a text rendering library. The flaw got fixed in this month’s patch Tuesday roundup. The flaw is accessible in all the major browsers on …read more
Continue reading This Week in Security: Text Rendering on Windows, GNU Poke, and Bitsquatting
There’s a new malware strain targeting MacOS, Silver Sparrow, and it’s unusual for a couple reasons. First, it’s one of the few pieces of malware that targets the new M1 ARM64 processors. Just a reminder, that is Apple’s new in-house …read more
Let’s talk TCP. Specifically, how do the different TCP connections stay distinct, and how is a third party kept from interrupting a connection? One of the mechanisms that help accomplish this feat is the TCP sequence number. Each of the …read more
Continue reading This Week in Security: ISNs, Patch Tuesday, and Clubhouse
Code obfuscation has been around for a long time. The obfuscated C contest first ran way back in 1984, but there are examples of natural language obfuscation from way earlier in history. Namely Cockney rhyming slang, like saying “Lady from …read more
Perl has been stolen. Well, perl.com, at least. The perl.com domain was transferred to a different registrar on January 27, without the permission of the rightful owner. The first to notice the hack seems to have been [xtaran], who raised …read more
Continue reading This Week in Security: Perl.com, The Great Suspender, And Google’s Solution
Obligatory XKCD
Sudo is super important Linux utility, as well as the source of endless jokes. What’s not a joke is CVE-2021-3156, a serious vulnerability around incorrect handling of escape characters. This bug was discovered by researchers at Qualys, and …read more
Continue reading This Week in Security: Sudo, Database Breaches, and Ransomware