solidsnail

joined 1 year ago
[–] [email protected] 1 points 10 months ago

That is very true.
I do think that there's more depth to it than that. For example, dealing with it on the end of the terminal will probably break compatibility, and dealing with it on the app end will require every single dev to start sanitizing this. The challenges are real.

 

cross-posted from: https://infosec.pub/post/5707149

I talk about a report I've made to MSRC in the beginning of the year regarding vscode.

It's a bit different. There's no in depth technical stuff, because I basically just reported the feature, not a bug.

 

I talk about a report I've made to MSRC in the beginning of the year regarding vscode.

It's a bit different. There's no in depth technical stuff, because I basically just reported the feature, not a bug.

[–] [email protected] 1 points 1 year ago

( ͡° ͜ʖ ͡°)

[–] [email protected] 1 points 1 year ago (2 children)

Stopped you? Wdym?

 

cross-posted from: https://infosec.pub/post/2466014

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

 

cross-posted from: https://infosec.pub/post/2466014

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

 

cross-posted from: https://infosec.pub/post/2466014

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

 

cross-posted from: https://infosec.pub/post/2466014

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

 

cross-posted from: https://infosec.pub/post/2466014

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

 

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

[–] [email protected] 9 points 1 year ago (2 children)

I think they're lacking explanation of what the data means.

This can be very nuanced, and dependent on your goals.

For example, in the context of fingerprinting, sometimes it's better to provide fake data instead of no data, because that itself can be a unique characteristic.

[–] [email protected] 0 points 1 year ago (1 children)

I feel like I'm a bit lacking when it comes to finding race condition vulnerabilities. Any tips on that?

[–] [email protected] 1 points 1 year ago

Took them 5 years to fix a critical vulnerability.

Really shows their concern for security.

[–] [email protected] 2 points 1 year ago

Also interested.

Will be keeping an eye on this thread.