Reducing Attack Surface & Evaluating Efficiency in Agents - Itamar Apelblat, David Goldschlag - ASW #389
30 June - 1 hour 12 minsSquidBleed reveals another vuln that's been lurking for decades, but its real lesson is in managing an attack surface. Regardless of whatever programming language you use, removing code is one of the best security steps you can take, followed by changing default configs to turn off uncommon features and ancient protocols.
The Linux kernel's removal of strncpy is another example of managing attack surface by replacing a notoriously misused and ambiguous function with more specific versions that better match the developers intent. It was a six-year journey for the kernel, but one that should remove a class of vulns and, importantly, improve performance.
Then it's on to agents with a discus...
AI Cocaine Recipes, Russian Hack, Scattered Spider, Cisco, Amazon Q – Aaran Leyland - SWN #594
35 mins
30 June Finished
Fixing pentesting, Meta is destroying its engineering org, the weekly news - Adriel Desautels - ESW #465
1 hour 40 mins
29 June Finished
AI Brain Harvest, Fortibleed, Win 10, Blacksite, Windchill, Cisco, BB-8, Josh Marpet - SWN #593
32 mins
26 June Finished
Cloud Visibility, Fortibleed, hacking things the easy way - Sandy Bird - PSW #932
2 hours 13 mins
25 June Finished