urn:uuid:c9e6cf53-c741-5de5-89b5-5cd48df7a6ce Topic: Security – Ctrl blog Daniel Aleksandersen https://www.daniel.priv.no/ Copyright © 2021 Daniel Aleksandersen. https://www.ctrl.blog/assets/favicon/favicon.svg 2021-09-22T10:09:00Z weekly 10 urn:uuid:bb458e03-cd63-4de0-8ff3-4f5276c3f631 2021-09-22T10:09:00Z 2021-09-22T10:09:00Z Patch origin trust vs GitHub’s URL hierarchy Opening a pull request is all it takes to get a GitHub patch URL that’s indistinguishable from patches/commits that are a part of an open-source GitHub project. <p>Attentive readers may have noticed something a bit weird with the GitHub patch links in my last article. I shared links to two patches for Ruby's Rake build system which I also said hadn't yet been accepted into Rake. Yet, the patches looked like they came directly from the Rake project's official code repository at <code>https://github.com/ruby/rake/</code>. So, how did I get a patch URL that’s indistinguishable from commits/patches that are part of a project?</p> <p><a href="https://www.ctrl.blog/entry/github-patch-url-trust.html">Read more …</a></p> urn:uuid:30538782-c9dd-44a6-9818-157aeeefcea4 2021-05-14T10:11:00Z 2021-05-14T10:11:00Z Your clipboard is only as secure as your device A review/critique of the complexity, security, and unpredictable user experience of modern feature-laden copy–paste clipboards in today’s operating systems. <p>The system clipboard is part of every modern operating system. It lets us copy and paste text, images, files, and data between different applications. Like everything else these days, it’s increasingly getting tied up with other people’s servers (“the cloud.”) So, what does that mean for your clipboard privacy?</p> <p><a href="https://www.ctrl.blog/entry/clipboard-security.html">Read more …</a></p> urn:uuid:8b5d6a2e-74b8-4c41-b2a6-a0e4f4b1e9ee 2021-04-22T01:55:00Z 2021-04-24T00:59:00Z Superfeedr sends logins in plain-text (a HSTS case study) Superfeedr sends logins in plain-text (a <abbr title="HTTP Strict Transport Security">HSTS</abbr> case study) Superfeedr tried securing its website with HTTPS and HSTS, but failed to apply it correctly. User emails and credentials are sent in plain-text on the first login. <p>I recently signed up for an account with Superfeedr (a WebSub Hub provider). I noticed a security issue in the sign-up process, and thought it would make an excellent case study for HTTP Strict Transport Security (HSTS). Here’s what Superfeedr did wrong, why they probably didn’t realize it, and how you can avoid making the same mistake in the future.</p> <p><a href="https://www.ctrl.blog/entry/superfeedr-hsts-oopsie.html">Read more …</a></p> urn:uuid:17b6eb65-ca02-4f99-8988-6bfbc3dabff7 2020-11-04T09:27:00Z 2020-11-04T09:27:00Z The entirely predictable problems with the Vulnonym naming scheme An automated naming scheme intended to rid the security research field of “sensational names” predictably creates sensational, ambiguous, and suggestive names. <p>Security researchers increasingly give security vulnerabilities they discover a unique and memorable name and logo. Names (and cute logos) generate more exposure for the vulnerability and the researchers who found it. The Computer Emergency Response Team Coordination Center (CERT/CC) believes this naming trend invokes “fear, uncertainty, and doubt for vendors, researchers, and the general public.” To address the situation, it has introduced Vulnonyms: a system for automatically naming vulnerabilities. What could possibly go wrong?</p> <p><a href="https://www.ctrl.blog/entry/sensational-vulnonym.html">Read more …</a></p> urn:uuid:7b2cbb43-ea0c-4d8e-84a0-a47c6dd87146 2020-11-02T15:50:00Z 2020-11-02T15:50:00Z TeamViewer RPM repo left door open for malicious packages A configuration error made the TeamViewer RPM repository vulnerable to an attacker-in-the-middle substituting TeamViewer with its own GPG keys and software. <p>Three months ago, I discovered a security vulnerability in TeamViewer RPM auto-updates on Linux. The vulnerability allowed an attacker-in-the-middle (AITM) to subvert the TeamViewer RPM package repository to install and execute arbitrary software with root permissions.</p> <p><a href="https://www.ctrl.blog/entry/teamviewer-rpm-repo-security.html">Read more …</a></p>