|
|
|
|
- [ Security ] -
I recently mentioned 2 security audits that was done commercially on OpenVPN and how it all looked good. Someone has since done extensive fuzzing based testing against the same and found a number of issues. The tests was done by a volunteer for free and the test suite open sourced. Interesting stuff.
There's an Apache release with 5 vulnerabilities fixed.
A very interesting read on creating a Zigbee based worm to infect Phillips Hue connected lights. The worm can jump from light to light and can even be delivered remotely - ie. war-driving or war-flying with a drone!
Work was done to trawl the entire NPM tree to find cases where there are either known leaked passwords in use (reuse), tokens in the repo, weak passwords or npm creds in the package. 13% of npm packages were infected. As if that's not bad enough thanks to the highly dependent nature of npm packages it impacts 52% of the entire npm eco system!
An interesting alternative to OpenVPN was mentioned this week called WireGuard, seems worth a look.
There's a gigantic security hole in pretty much all things Linux and it appears to be quite a old one too. It's named Stack Clash and you better get with the patching.
From the lets-rewrite-all-well-tested-code,-what-could-go-wrong? department. Systemd. If you're on recent Ubuntu's get patching.
Much like the SSL testing tools there is one for public reachable SSH servers called Rebex SSH Check, tells you some good things to fix on yours.
Microsoft has an interesting write up about their DNS Intrusion Detection System. This is amazing insight in what goes into these gigantic operations.
- [ /dev/random ] -
There's an useful global latency testing tool at latency.apex.sh.
A fascinating look at how the London Tube network has been operating so long that it's literally increased the deep ground temperature by as much as 10 degrees on average, this is staggering.
|
|
|
|
|
|
|
|
