Bugout: Browser-to-browser networking built on WebTorrent
{{ message }} This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. You can’t perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to […]
We found critical vulnerabilities in Hive Social
Dieser Artikel ist auch auf deutsch erschienen. Following the Twitter takeover, a number of services promising to be an alternative gained traction. One of those is “Hive Social”, which reached more than a million users in the last weeks. Of course, we were interested and took a look at Hive from a security standpoint. We […]
Meticulous (YC S21) Is Hiring #3 Founding Engineer in London
Hey HN, I’m Gabriel, founder of Meticulous. Our mission is to make the world’s code safe, performant and reliable. We’re starting with a tool to catch JavaScript regressions in web applications with zero-effort from developers. How it works: Insert a single line of JavaScript onto your site, and we record thousands of real user sessions. […]
FTX’s collapse was a crime, not an accident
FTX, like other crypto platforms and some conventional equity or commodity services, offered users “margin,” or loans, that they could use to make trades. However, these loans are generally collateralized – that is, users put up other funds or assets to back their borrowing. If the value of that collateral drops, or a margin trade […]
New details on commercial spyware vendor Variston
Stage 1: Remote code execution The infection chain starts with a client visiting the landing page URL defined in the configuration file. If the validation checks succeed, the landing page is served and 2 cookies are set: A cookie with name wp_blog and value 1 to detect and redirect recurring visitors. A “client identifier” cookie […]
Lastpass Security Incident
Update as of Wednesday, November 30, 2022 To All LastPass Customers, In keeping with our commitment to transparency, I wanted to inform you of a security incident that our team is currently investigating. We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate, GoTo. […]
Switching to AWS Graviton slashed our infrastructure bill
When we started our analytics company, we knew that closely monitoring and managing our infrastructure spending was going to be really important. The numbers started out small, but we’re now capturing, processing, and consuming a lot of data. On a recent search for new cost-saving opportunities, we came across a straightforward but substantial win, so […]
Google Details Tools of Commercial Spyware Vendor Variston
Google’s Threat Analysis Group has published details about a trio of newly discovered exploit frameworks that likely were used to exploit Chrome, Firefox, and Microsoft Defender vulnerabilities as zero days in the last few years. The TAG team became aware of the frameworks when someone submitted three separate bugs to Google’s Chrome bug reporting system. […]
pup: Parsing HTML at the Command Line
{{ message }} This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. You can’t perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to […]
How much does Rust’s bounds checking cost?
Recently, a pair of critical vulnerabilities were reported in the OpenSSL project. Surprising absolutely nobody, the root cause of both vulnerabilities turned out to be a buffer overrun, which could be triggered by an attacker with a malicious payload to cause a crash and denial of service. Predictably, many Rust advocates (of which I am […]