/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

words.filippo.io
| | www.openssl.org
2.4 parsecs away

Travel
| | Today we published an advisory about CVE-2022-3786 (X.509 Email Address Variable Length Buffer Overflow) and CVE-2022-3602 (X.509 Email Address 4-
| | guidovranken.com
4.7 parsecs away

Travel
| | Larry Stefonic of wolfSSL contacted me after he'd noticed my project for fuzzing cryptographic libraries called Cryptofuzz. We agreed that I would write a Cryptofuzz module for wolfSSL. I activated the wolfSSL module for Cryptofuzz on Google's OSS-Fuzz, where it has been running 24/7 since. So far, Cryptofuzz has found a total of 8 bugs...
| | hypothesis.works
4.8 parsecs away

Travel
| | The Encode/Decode invariant One of the simplest types of invariant to find once you move past just fuzzing your code is asserting that two different operations should produce the same result, and one of the simplest instances of that is looking for encode/decode pairs. That is, you have some function that takes a value and encodes it as another value, and another that is supposed to reverse the process. This is ripe for testing with Hypothesis because it has a natural completely defined specification: Encoding and then decoding should be exactly the same as doing nothing. Lets look at a concrete example. Test faster, fix more
| | malgregator.com
14.5 parsecs away

Travel
| Dutch security researcher Victor Gevers found misconfigured MongoDB database containing facial recognition and other sensitive information about the Uyghur Muslim minority in China. Looks like the company behind the database is Chinese surveillance company SenseNets.