Experimental News Clipping Site

Tag: coding practices

  • Hacker News: Python’s official documentation contains textbook example of insecure code (XSS)

    by

    Kurt Seifried
    in

    Source URL: https://seclists.org/fulldisclosure/2025/Feb/15 Source: Hacker News Title: Python’s official documentation contains textbook example of insecure code (XSS) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text highlights a critical security issue within Python’s documentation related to Cross-Site Scripting (XSS) vulnerabilities stemming from examples in the CGI module. This poses significant risks for web…

  • The Register: Check out this free automated tool that hunts for exposed AWS secrets in public repos

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/19/automated_tool_scans_public_repos/ Source: The Register Title: Check out this free automated tool that hunts for exposed AWS secrets in public repos Feedly Summary: You can find out if your GitHub codebase is leaking keys … but so can miscreants A free automated tool that lets anyone scan public GitHub repositories for exposed AWS credentials…

  • The Register: The Feds want developers to stop coding ‘unforgivable’ buffer overflow vulns

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/13/fbi_cisa_unforgivable_buffer_overflow/ Source: The Register Title: The Feds want developers to stop coding ‘unforgivable’ buffer overflow vulns Feedly Summary: FBI, CISA harrumph at Microsoft and VMware in call for coders to quit baking avoidable defects into stuff US authorities have labelled buffer overflow vulnerabilities “unforgivable defects”, pointed to the presence of the holes in…

  • Simon Willison’s Weblog: Using pip to install a Large Language Model that’s under 100MB

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Feb/7/pip-install-llm-smollm2/ Source: Simon Willison’s Weblog Title: Using pip to install a Large Language Model that’s under 100MB Feedly Summary: I just released llm-smollm2, a new plugin for LLM that bundles a quantized copy of the SmolLM2-135M-Instruct LLM inside of the Python package. This means you can now pip install a full LLM! If…

  • Hacker News: How to prove false statements? (Part 1)

    by

    Kurt Seifried
    in

    Source URL: https://blog.cryptographyengineering.com/2025/02/04/how-to-prove-false-statements-part-1/ Source: Hacker News Title: How to prove false statements? (Part 1) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text delves into the implications of theoretical models in cryptography, particularly focusing on the random oracle model (ROM) and its impact on the practical security of cryptographic schemes. It emphasizes the…

  • Krebs on Security: Experts Flag Security, Privacy Risks in DeepSeek AI App

    by

    Kurt Seifried
    in

    Source URL: https://krebsonsecurity.com/2025/02/experts-flag-security-privacy-risks-in-deepseek-ai-app/ Source: Krebs on Security Title: Experts Flag Security, Privacy Risks in DeepSeek AI App Feedly Summary: New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many…

  • CSA: Ensure Secure Software with CCM Application Security

    by

    Kurt Seifried
    in

    Source URL: https://cloudsecurityalliance.org/blog/2025/02/05/implementing-ccm-ensure-secure-software-with-the-application-and-interface-security-domain Source: CSA Title: Ensure Secure Software with CCM Application Security Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses the Cloud Security Alliance’s (CSA) Cloud Controls Matrix (CCM), specifically focusing on the Application & Interface Security (AIS) domain. It outlines the importance of securing applications and interfaces in cloud environments…

  • Cloud Blog: CVE-2023-6080: A Case Study on Third-Party Installer Abuse

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/cve-2023-6080-third-party-installer-abuse/ Source: Cloud Blog Title: CVE-2023-6080: A Case Study on Third-Party Installer Abuse Feedly Summary: Written By: Jacob Paullus, Daniel McNamara, Jake Rawlins, Steven Karschnia Executive Summary Mandiant exploited flaws in the Microsoft Software Installer (MSI) repair action of Lakeside Software’s SysTrack installer to obtain arbitrary code execution. An attacker with low-privilege access…

  • Hacker News: Solving key challenges in AI-assisted code reviews

    by

    Kurt Seifried
    in

    Source URL: https://www.qodo.ai/blog/qodo-merge-solving-key-challenges-in-ai-assisted-code-reviews/ Source: Hacker News Title: Solving key challenges in AI-assisted code reviews Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text introduces Qodo Merge, an AI-driven code review tool that automates various aspects of the code review process. It highlights new features aimed at optimizing feedback relevance, ensuring compliance with project…