Experimental News Clipping Site

Tag: JavaScript

  • Hacker News: Shifting Cyber Norms: Microsoft security POST-ing to you

    by

    Kurt Seifried
    in

    Source URL: https://berthub.eu/articles/posts/shifting-cyber-norms-microsoft-post/ Source: Hacker News Title: Shifting Cyber Norms: Microsoft security POST-ing to you Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the increasing intrusion of email security scanners, particularly by Microsoft, which now not only performs GET requests but also executes JavaScript and sends POST requests on behalf of…

  • Hacker News: Fun with Timing Attacks

    by

    Kurt Seifried
    in

    Source URL: https://ostro.ws/post-timing-attacks Source: Hacker News Title: Fun with Timing Attacks Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides an in-depth examination of a potential vulnerability within a simple JavaScript function used to compare user input against a secret value. It emphasizes how timing attacks can exploit non-constant-time comparison functions like…

  • Hacker News: A New type of web hacking technique: DoubleClickjacking

    by

    Kurt Seifried
    in

    Source URL: https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html Source: Hacker News Title: A New type of web hacking technique: DoubleClickjacking Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text introduces the concept of “DoubleClickjacking,” a sophisticated web vulnerability that builds upon traditional clickjacking techniques by exploiting event timing between double clicks. This novel approach allows attackers to bypass…

  • Google Online Security Blog: OSV-SCALIBR: A library for Software Composition Analysis

    by

    Kurt Seifried
    in

    Source URL: https://security.googleblog.com/2025/01/osv-scalibr-library-for-software.html Source: Google Online Security Blog Title: OSV-SCALIBR: A library for Software Composition Analysis Feedly Summary: AI Summary and Description: Yes Summary: The article discusses the launch of OSV-SCALIBR, an extensible library for software composition analysis (SCA) and file system scanning. It highlights its capabilities, including vulnerability scanning and Software Bill of Materials…

  • Cloud Blog: Your Single-Page Applications Are Vulnerable: Here’s How to Fix Them

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/single-page-applications-vulnerable/ Source: Cloud Blog Title: Your Single-Page Applications Are Vulnerable: Here’s How to Fix Them Feedly Summary: Written by: Steven Karschnia, Truman Brown, Jacob Paullus, Daniel McNamara Executive Summary Due to their client-side nature, single-page applications (SPAs) will typically have multiple access control vulnerabilities By implementing a robust access control policy on supporting APIs,…

  • Unit 42: One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks

    by

    Kurt Seifried
    in

    Source URL: https://unit42.paloaltonetworks.com/graph-neural-networks/ Source: Unit 42 Title: One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks Feedly Summary: Graph neural networks aid in analyzing domains linked to known attack indicators, effectively uncovering new malicious domains and cybercrime campaigns. The post One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery…

  • Simon Willison’s Weblog: Codestral 25.01

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Jan/13/codestral-2501/ Source: Simon Willison’s Weblog Title: Codestral 25.01 Feedly Summary: Codestral 25.01 Brand new code-focused model from Mistral. Unlike the first Codestral this one isn’t (yet) available as open weights. The model has a 256k token context – a new record for Mistral. The new model scored an impressive joint first place with…

  • Hacker News: The Canva outage: another tale of saturation and resilience

    by

    Kurt Seifried
    in

    Source URL: https://surfingcomplexity.blog/2024/12/21/the-canva-outage-another-tale-of-saturation-and-resilience/ Source: Hacker News Title: The Canva outage: another tale of saturation and resilience Feedly Summary: Comments AI Summary and Description: Yes Summary: The incident at Canva, detailed by Brendan Humphries, highlights a series of interconnected failures that led to a significant service outage. Notably, a CDN misconfiguration and an API gateway performance…

  • Simon Willison’s Weblog: My AI/LLM predictions for the next 1, 3 and 6 years, for Oxide and Friends

    by

    Kurt Seifried
    in

    Source URL: https://simonwillison.net/2025/Jan/10/ai-predictions/#atom-everything Source: Simon Willison’s Weblog Title: My AI/LLM predictions for the next 1, 3 and 6 years, for Oxide and Friends Feedly Summary: The Oxide and Friends podcast has an annual tradition of asking guests to share their predictions for the next 1, 3 and 6 years. Here’s 2022, 2023 and 2024. This…

  • Simon Willison’s Weblog: What we learned copying all the best code assistants

    by

    system automation
    in

    Source URL: https://simonwillison.net/2025/Jan/4/what-we-learned-copying-all-the-best-code-assistants/ Source: Simon Willison’s Weblog Title: What we learned copying all the best code assistants Feedly Summary: What we learned copying all the best code assistants Steve Krouse describes Val Town’s experience so far building features that use LLMs, starting with completions (powered by Codeium and Val Town’s own codemirror-codeium extension) and then…