18 Matching Annotations
  1. Apr 2021
    1. Shows that there is a balance to be found between keeping everything secrets and giving some insight.

      Some information are more useful for security than for attackers

    2. OAuth access tokens are now 178

      The 40 characters were all random, but now:

      • 4 first characters are "ghX_"
      • 6 last are the CRC32

      Total: 10 non-random characters.

      But they allowed uppercase characters in the random string, hence the total entropy is higher, even if only 30 characters are random instead of 40.

    1. Data collection

      How they collected the API definitions over the Web is impressive. Big data at play.

    2. found that it was actual a local file read vulnerability

      A HTTP 301 indicating local file read vulnerability. Good point.

    3. Mostly Blackbox testing, where you do not already have the API definition. (or you do not trust that your documents match what is really implemented).

    4. content discovery tooling

      All the tools relate to fuzzing

    5. ffuf with a large wordlist

      Fast web Fuzzer

    1. Via https://www.densediscovery.com/issues/133 Not the best article on the subject.

    2.  2014 study found that one in 10 people in the United Kingdom did not have a close friend; in a 2019 poll in the United States, one in five of the millennials surveyed reported being friendless

      Does not seem very scientific ...

  2. Apr 2020
    1. Only providing shortcuts is not really useful. Better remember the true command.

  3. Jan 2019
    1. Generation of diagrams and flowcharts from text in a similar manner as markdown. PlantUML equivalent in Javascript

  4. Jun 2016
    1. We see plans like the R3 Consortium as a counter-productive grab to maintain centralized control. There are already reports and rumors that things aren't going according to plan.
    2. As a conclusion, it's better to rely on a private blockchain than no cryptographic system at all. It has merits and pushes the blockchain terminology into the corporate world, making truly public blockchains a bit more likely for the future.
    3. Bitcoin Magazine spoke with  some well-known blockchain thinkers on their opinions of what the uses for a private blockchain might be. 

      No use cases, but conflicting opinions from experts

    4. they are totally orthogonal, both can coexist in the same time, and therefore there is no need to oppose them as we can often see it.
    5. The consortium or company running a private blockchain can easily, if desired, change the rules of a blockchain, revert transactions, modify balances, etc. In some cases, e.g. national land registries, this functionality is necessary