"No way to prevent this" say users of only language where this regularly happens

from blog Xe Iaso's blog, | ↗ original
In the hours following the release of CVE-2024-5535 for the project OpenSSL, site reliability workers and systems administrators scrambled to desperately rebuild and patch all their systems to fix a memory safety vulnerability allowing 255 bytes of the client's heap to be sent to the server when using Next-Protocol-Notifications (commonly...
This is a short summary. ↗ Open original to view full content

Related

Vale's Fearless FFI, for Safer Dependencies and Supply-Chain Attack Mitigation
Languages and Architecture | original ↗
Memory Safety is a Red Herring
Steve Klabnik | original ↗
"No way to prevent this" say users of only language where this regularly happens
Xe Iaso's blog | original ↗
Rust doesn't solve the CrowdStrike outage
Julio Merino (jmmv.dev) | original ↗
"No way to prevent this" say users of only language where this regularly happens
Xe Iaso's blog | original ↗
Defend Your Cookies with Essential Web Security Tactics
Maggie Appleton | original ↗
How a broken memory module hid in plain sight
Christian Hollinger | original ↗
On responsible vulnerability disclosure
Federico's Blog | original ↗
You're probably not vulnerable to the CUPS CVE
Xe Iaso's blog | original ↗
Why Rust and Its Memory Safety Lulls Developers Into a False Sense of Security, Leading to More Serious Bugs
The Angry Dev | original ↗

More from Xe Iaso's blog

Follow me on Bluesky!
13 Nov 2024 | original ↗

tl;dr: Follow @xeiaso.net on Bluesky

Nomadic Infrastructure Design for AI Workloads
12 Nov 2024 | original ↗

Taco Bell is a miracle of food preparation. They manage to have a menu of dozens of items that all boil down to permutations of 8 basic items: meat, cheese, beans, vegetables, bread, and sauces. Those basic fundamentals are combined in new and interesting ways to give you the crunchwrap, the chalupa, the doritos ...

Hello again, Kubernetes
9 Nov 2024 | original ↗

Yeah, yeah, we know; freight train to mail a letter, etc.

My first deploys for a new Kubernetes cluster
3 Nov 2024 | original ↗

This is documentation for myself, but you may enjoy it too

"No way to prevent this" say users of only language where this regularly happens
29 Oct 2024 | original ↗

In the hours following the release of CVE-2024-9632 for the project X.org, site reliability workers and systems administrators scrambled to desperately rebuild and patch all their systems to fix a buffer overflow that allows an attacker with access to raw X client calls to arbitrarily read and write memory, allowing for privilege...