Group items tagged

Learn how security is designed into Google's technical infrastructure. Google uses this infrastructure to build its internet services, including both consumer and enterprise services.

How secure are your Ruby projects? Scan Gemfile.lock for vulnerabilities, take action, and ship secure apps!

The first metric I was wondering about is the distribution of gems in Gemfiles. How many gems does a common Ruby developer use in their projects? The numbers are somewhat expected: the average number of gems per Gemfile is 113.08 with the standard deviation of 52.19.... The next question I had was how many of those gems contain at least one vulnerability? The numbers are staggering! 1,333 Gemfiles, or 66% of the total, are affected! I definitely didn't expect that two thirds of all projects would contain at least one publicly known vulnerability.

zajtra (v sobotu) sa vo Viedni chysta BSides - zaujimava security konferencia, tak ak nahodou nemate co robit, mozete ist zadarmo rozsirovat security obzory :) http://bsidesvienna.at/talks/

AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards.

jedna pekna prednaska z 2015 len pre pripomenutie, ze fingerprinty ani ine casti biometrie nie je vhodne pouzivat na autentifikaciu

Presne tak, ja som sa to este na skole u doc Jana Hudeca ucil. Ten vzdy srandoval ze ako presvedcit pouzivatelov, aby to neakceptovali je strasit ich moznostou odseknutia prstov. Len ked chce niekto nieco kupit tak to niekto vyroby a preda.

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

su tam fajn informacie, napriklad: "With one finger enrolled, the chance of a random match with someone else is 1 in 50,000. ". (to je FAR).

+ part 2 http://erenyagdiran.github.io/I-was-just-asked-to-crack-a-program-Part-2/ zaujimavy kratky clanok o crackovani neznameho programu.

zaujimava comicsans prezentacia o OpenSSL a potencialnom nastupcovi LibreSSL.

So what have we learnt today? I think the main thing to take away from this is you shouldn't use public services such as Pastebin to post internal source code. Some creepy guy like me is going to collect it all and write about it. Another thing is to make sure debug information is never pushed to production. I didn't put much effort in to this but there will be more of Facebook's source code floating around out there.

Unicode has always been a bit misunderstood even by professionals. This is why several years ago we pulled these slides together to clear things up. The presentation is a bit old but still relevant. You may still learn a few things about Unicode that you did not know.

mozno trosku bulvarny titulok tykajuci sa beznej http komunikacie, ale je zaujimave to vidiet, ako lahko sa da v tomto svete modulov prist k nestastiu :) myslim,ze sa to rovnako tyka ruby gemov, chef receptov a vsetkeho dalsieho, co obycajne automatizovane tahame cez http..

Need-to-know (like other security measures) can be misused by persons who wish to refuse others access to information they hold in an attempt to increase their personal power or prevent unwelcome review of their work.

As of today, all support for Ruby 1.9.3 has ended. Bug and security fixes from more recent Ruby versions will no longer be backported to 1.9.3.

necakane skoro :| som zvedavy, pri ktorej verzii zakotvia nase projekty. Ruby v2.1 ma nejake problemy s GC http://stackoverflow.com/questions/27102565/memory-usage-increase-with-ruby-2-1-versus-ruby-2-0-or-1-9 a webafis uz podporuje Ruby 2.0+ ?