- Apr 2021
-
-
Shows that there is a balance to be found between keeping everything secrets and giving some insight.
Some information are more useful for security than for attackers
-
OAuth access tokens are now 178
The 40 characters were all random, but now:
- 4 first characters are "ghX_"
- 6 last are the CRC32
Total: 10 non-random characters.
But they allowed uppercase characters in the random string, hence the total entropy is higher, even if only 30 characters are random instead of 40.
-
-
blog.assetnote.io blog.assetnote.io
-
Data collection
How they collected the API definitions over the Web is impressive. Big data at play.
-
found that it was actual a local file read vulnerability
A HTTP 301 indicating local file read vulnerability. Good point.
-
Mostly Blackbox testing, where you do not already have the API definition. (or you do not trust that your documents match what is really implemented).
-
content discovery tooling
All the tools relate to fuzzing
-
ffuf with a large wordlist
Fast web Fuzzer
-
-
inthesetimes.com inthesetimes.com
-
Via https://www.densediscovery.com/issues/133 Not the best article on the subject.
-
2014 study found that one in 10 people in the United Kingdom did not have a close friend; in a 2019 poll in the United States, one in five of the millennials surveyed reported being friendless
Does not seem very scientific ...
-
-
www.noemamag.com www.noemamag.com
- Apr 2020
-
github.com github.com
-
Only providing shortcuts is not really useful. Better remember the true command.
-
- Jan 2019
-
programminghistorian.org programminghistorian.org
-
Interesting resource.
-
-
mermaidjs.github.io mermaidjs.github.io
-
Generation of diagrams and flowcharts from text in a similar manner as markdown. PlantUML equivalent in Javascript
-
- Jun 2016
-
bitcoinmagazine.com bitcoinmagazine.com
-
We see plans like the R3 Consortium as a counter-productive grab to maintain centralized control. There are already reports and rumors that things aren't going according to plan.
-
As a conclusion, it's better to rely on a private blockchain than no cryptographic system at all. It has merits and pushes the blockchain terminology into the corporate world, making truly public blockchains a bit more likely for the future.
-
Bitcoin Magazine spoke with some well-known blockchain thinkers on their opinions of what the uses for a private blockchain might be.
No use cases, but conflicting opinions from experts
-
they are totally orthogonal, both can coexist in the same time, and therefore there is no need to oppose them as we can often see it.
-
The consortium or company running a private blockchain can easily, if desired, change the rules of a blockchain, revert transactions, modify balances, etc. In some cases, e.g. national land registries, this functionality is necessary
-