miniblog.

← Back to all posts
Mar 4, 2014 at 15:18
Downloading software securely is nearly impossible: http://t.co/8bgFvzLU3u App stores and Linux package managers do a somewhat better job.

Related Posts

Jun 8, 2024 at 02:48
It is remarkably hard to escape command line arguments safely on Windows, and the standard libraries of multiple languages have needed patching:
BatBadBut: You can't securely execute commands on Windows
BatBadBut: You can't securely execute commands on Windows
Introduction Hello, I’m RyotaK ( @ryotkak ), a security engineer at Flatt Security Inc. Recently, I reported multiple vulnerabilities to several programming languages that allowed an attacker to perform command injection on Windows when the specific conditions were satisfied. Today, affected vendors published advisories of these vulnerabilities , so I’m documenting the details here to provide more information about the vulnerabilities and minimize the confusion regarding the high CVSS score. TL;DR The BatBadBut is a vulnerability that allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
Jun 26, 2019 at 22:00
If a user types hUNTER2 and your service corrects it to Hunter2, have you reduced security? How much will it help? This fun paper explores this Q, finding you can preserve security and fix 10% of logins: pASSWORD tYPOS and How to Correct Them Securely https://www.ieee-security.org/TC/SP2016/papers/0824a799.pdf
May 26, 2014 at 11:30
"both proving that mental poker is impossible, and then giving a protocol to do it securely"! http://t.co/yXBRLHY4Ox