Experimental News Clipping Site

Tag: hashing

  • Hacker News: Okta Bcrypt incident lessons for designing better APIs

    by

    Kurt Seifried
    in

    Source URL: https://n0rdy.foo/posts/20250121/okta-bcrypt-lessons-for-better-apis/ Source: Hacker News Title: Okta Bcrypt incident lessons for designing better APIs Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a security incident involving Okta and the vulnerabilities associated with the Bcrypt hashing algorithm when utilized improperly. It highlights how the lack of input validation in some cryptographic…

  • Bulletins: Vulnerability Summary for the Week of January 27, 2025

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/bulletins/sb25-034 Source: Bulletins Title: Vulnerability Summary for the Week of January 27, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 0xPolygonZero–plonky2  Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always…

  • Hacker News: Sei (YC W22) Is Hiring

    by

    Kurt Seifried
    in

    Source URL: https://www.ycombinator.com/companies/sei/jobs/LeAtLYf-full-stack-engineer-typescript-react-gen-ai Source: Hacker News Title: Sei (YC W22) Is Hiring Feedly Summary: Comments AI Summary and Description: Yes Summary: The text describes Sei, an AI-powered regulatory compliance platform targeting enterprise customers, which underscores its rapid growth and need for skilled engineers. Notably, it highlights the importance of secure systems and familiarity with Generative…

  • Hacker News: Fun with Timing Attacks

    by

    Kurt Seifried
    in

    Source URL: https://ostro.ws/post-timing-attacks Source: Hacker News Title: Fun with Timing Attacks Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides an in-depth examination of a potential vulnerability within a simple JavaScript function used to compare user input against a secret value. It emphasizes how timing attacks can exploit non-constant-time comparison functions like…

  • Hacker News: Botan: Crypto and TLS for Modern C++

    by

    system automation
    in

    Source URL: https://github.com/randombit/botan Source: Hacker News Title: Botan: Crypto and TLS for Modern C++ Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The provided text details the Botan C++ cryptography library, emphasizing its capabilities in cryptographic protocols like TLS and various security features relevant to modern applications. This information is particularly significant for security…

  • NCSC Feed: Three random words or #thinkrandom

    by

    system automation
    in

    Source URL: https://www.ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0 Source: NCSC Feed Title: Three random words or #thinkrandom Feedly Summary: Ian M discusses what makes a good password AI Summary and Description: Yes Summary: The provided text discusses password security, specifically the process of hashing passwords to protect them from unauthorized access. It highlights the methods cybercriminals might use to compromise…

  • Cloud Blog: XRefer: The Gemini-Assisted Binary Navigator

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/xrefer-gemini-assisted-binary-navigator/ Source: Cloud Blog Title: XRefer: The Gemini-Assisted Binary Navigator Feedly Summary: Written by: Muhammad Umair Here at Mandiant FLARE, malware reverse engineering is a regular part of our day jobs. At times we are required to perform basic triages on binaries, where every hour saved is critical to incident response timelines. At…

  • Hacker News: Compromising OpenWrt Supply Chain

    by

    system automation
    in

    Source URL: https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/ Source: Hacker News Title: Compromising OpenWrt Supply Chain Feedly Summary: Comments AI Summary and Description: Yes Summary: This text presents a comprehensive security analysis regarding vulnerabilities in the OpenWrt firmware supply chain, detailing how command injection and SHA-256 collisions can be exploited. It emphasizes the importance of secure coding practices and robust…

  • Hacker News: Child safety org launches AI model trained on real child sex abuse images

    by

    system automation
    in

    Source URL: https://arstechnica.com/tech-policy/2024/11/ai-trained-on-real-child-sex-abuse-images-to-detect-new-csam/ Source: Hacker News Title: Child safety org launches AI model trained on real child sex abuse images Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the development of a cutting-edge AI model by Thorn and Hive aimed at improving the detection of unknown child sexual abuse materials (CSAM).…