Recent searches

No recent searches

Search options

Only available when logged in.
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Administered by:

Server stats:

483
active users

101010.pl: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.5.0-alpha.2

#sanitizing

0 posts0 participants0 posts today
Susan Larson ♀️🏳️‍🌈🏳️‍⚧️🌈<p>The <a href="https://mastodon.online/tags/NewYorkTimes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NewYorkTimes</span></a> Faces <a href="https://mastodon.online/tags/Backlash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backlash</span></a> After <a href="https://mastodon.online/tags/Sanitizing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sanitizing</span></a> <a href="https://mastodon.online/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trump</span></a> <a href="https://mastodon.online/tags/Eugenics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Eugenics</span></a> <a href="https://mastodon.online/tags/Claim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Claim</span></a>. </p><p>What was The New York Times thinking <a href="https://mastodon.online/tags/whitewashing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>whitewashing</span></a> Trump’s <a href="https://mastodon.online/tags/racist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>racist</span></a> <a href="https://mastodon.online/tags/remarks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>remarks</span></a>?</p><p><a href="https://newrepublic.com/post/187039/new-york-times-nyt-trump-eugenics-claim" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">newrepublic.com/post/187039/ne</span><span class="invisible">w-york-times-nyt-trump-eugenics-claim</span></a></p>
Harry Sintonen<p>The <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> report on the technical investigations for <a href="https://infosec.exchange/tags/Storm0558" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Storm0558</span></a> key acquisition is a rather interesting read.</p><p>They of course can't and don't go into specifics about the nature of the key leakage. I'm totally guessing here, but it might be that the tooling Microsoft used to detect and sanitize the <a href="https://infosec.exchange/tags/keymaterial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keymaterial</span></a> didn't identify the key in the specific key schedule form. Maybe a new <a href="https://infosec.exchange/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> cipher was used that uses a new key schedule format that the tooling didn't support, or the cipher implementation started to store the key schedule in a new, different way.</p><p>This incident is a good example on how attempts of <a href="https://infosec.exchange/tags/sanitizing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanitizing</span></a> logs, memory dumps and similar of sensitive information are a losing game. At best it can be considered best effort, there's always ways information can end up leaking out despite your best efforts in trying to identify it.</p><p>For critical systems the encryption key should only ever exists in a security enclave or HSM. That'd be the only way to ensure that the key cannot leak: It's nowhere in the memory to begin with.</p><p>ref: <br><a href="https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">msrc.microsoft.com/blog/2023/0</span><span class="invisible">9/results-of-major-technical-investigations-for-storm-0558-key-acquisition/</span></a></p>
IT News<p>The Big List of Naughty Strings Helps Find Those User Input Problems - Any software that accepts user input must take some effort to sanitize incoming da... - <a href="https://hackaday.com/2022/09/10/the-big-list-of-naughty-strings-helps-find-those-user-input-problems/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackaday.com/2022/09/10/the-bi</span><span class="invisible">g-list-of-naughty-strings-helps-find-those-user-input-problems/</span></a> <a href="https://schleuss.online/tags/biglistofnaughtystrings" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>biglistofnaughtystrings</span></a> <a href="https://schleuss.online/tags/softwaredevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>softwaredevelopment</span></a> <a href="https://schleuss.online/tags/sanitizing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanitizing</span></a> <a href="https://schleuss.online/tags/userinput" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>userinput</span></a> <a href="https://schleuss.online/tags/strings" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>strings</span></a> <a href="https://schleuss.online/tags/testing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>testing</span></a> <a href="https://schleuss.online/tags/xss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>xss</span></a> <a href="https://schleuss.online/tags/qa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>qa</span></a></p>
TrendingLive feeds
About