Links about Security

This is going to be a collection of security related Links.

Programming

A Hearthbleed in Rust…

TL;DR

Just because you’re using a type save language don’t mean you can’t leak plaintext. This applies to Rust (Tedbleed) as Java (JetLeak).However the type safeness would reduce the impact of the vulnerability.

https://tonyarcieri.com/would-rust-have-prevented-heartbleed-another-look

How Hearthbleed would be in Rust.

http://www.tedunangst.com/flak/post/heartbleed-in-rust

Tony Arcier takes the time to disect the issue and comes to the conclution that rust would have prevented heartbleed.

Bash

https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/

POC for NOT using curl $URL|bash. This allow you alter the download code based on your system piping something.

Hardwar

Firmware

Part III https://www.youtube.com/watch?v=UqxRPLfrpfA&feature=youtu.be

Follow up in regards of ThunderStrike attack, as a presentation of coreboot payload call HEADs.

Project page: https://trmm.net/Heads_33c3

best regards Akendo