1 minutes reading
Links about Security
This is going to be a collection of security related Links.
Programming
A Hearthbleed in Rust…
TL;DR
Just because you’re using a type save language don’t mean you can’t leak plaintext. This applies to Rust (Tedbleed) as Java (JetLeak).However the type safeness would reduce the impact of the vulnerability.
https://tonyarcieri.com/would-rust-have-prevented-heartbleed-another-look
How Hearthbleed would be in Rust.
http://www.tedunangst.com/flak/post/heartbleed-in-rust
Tony Arcier takes the time to disect the issue and comes to the conclution that rust would have prevented heartbleed.
Bash
https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
POC for NOT using curl $URL|bash
. This allow you alter the download code based on your system piping something.
Hardwar
Firmware
Part III https://www.youtube.com/watch?v=UqxRPLfrpfA&feature=youtu.be
Follow up in regards of ThunderStrike attack, as a presentation of coreboot payload call HEADs.
Project page: https://trmm.net/Heads_33c3
best regards Akendo