今日已更新 233 条资讯 | 累计 20205 条内容
关于我们

标签:#SEC

找到 671 篇相关文章

AI 资讯

Gate the Statement, Not the Tool Name

The original safety gate on the Dolt-over-MCP plugin tried to keep a Claude Code agent harmless by excluding "history-affecting tools" from its MCP grant. It was the wrong granularity, and it did nothing. MCP exposes the entire database through one tool — query / exec — and that tool carries every SQL verb. SELECT rides it. So does CALL DOLT_PUSH , CALL DOLT_RESET('--hard') , DROP DATABASE , and CALL DOLT_BRANCH('-D', 'main') . Excluding "dangerous tools" from the grant accomplishes nothing, because the dangerous verbs live inside the one tool you already granted. The destructive operations were never separate tools to exclude. This is the reframe the whole Phase 0 hardening pass turned on: a tool-name allowlist is meaningless for any tool that carries a sub-language. SQL is a sub-language. So is the shell behind a Bash tool. So is anything behind an eval . If the tool can run arbitrary statements in some grammar, the only boundary that means anything is one that reads the statement. It is the move from tool-name allowlisting to capability-based security: the grant stops being "you may call the query tool" and becomes "you may run these statement classes inside it." Why not just allowlist the safe tools? Because there is exactly one tool, and it is not safe or unsafe — it is whatever statement you hand it. You cannot partition a single door into a safe door and a dangerous door by naming. The same logic kills the next-obvious fix: a denylist of dangerous verbs. Blacklist DOLT_PUSH , DOLT_RESET , DROP ... and miss DOLT_REBASE , or the proc Dolt ships next quarter, or a CALL whose name your regex didn't anticipate. A denylist is only as good as your imagination on the day you wrote it. The fix inverts that. You add safety by enumerating what is safe, not by blacklisting what is dangerous. Anything you cannot positively classify as safe is treated as the most dangerous thing it could be. Default-deny the unknown. It's least privilege applied to a grammar: the agent get

2026-07-03 原文 →
AI 资讯

Cloud KMS and Bring-Your-Own-Key: What You're Actually Trusting

Every major cloud provider sells a key management service, and most sell a "bring your own key" option layered on top, marketed as the difference between trusting the provider and trusting yourself. The pitch is clean. The mechanics underneath are not, and the part that actually determines who can read your data is rarely the part the sales page shows you. If you've provisioned storage on AWS, Google Cloud, or Azure in the last few years, you've seen the encryption-at-rest checkbox: "encrypt with a key you manage." It sounds like a meaningful control. In practice it's three different architectures wearing the same marketing label, and they don't provide the same guarantee. What a KMS Actually Does A cloud Key Management Service is a hosted service that generates, stores, and performs operations with cryptographic keys on your behalf. When you ask a KMS to encrypt something, in most cases the plaintext key material never leaves the service's boundary. What you get back is a ciphertext blob and, for envelope encryption schemes, a wrapped data key you can use locally. The design goal is real: keys shouldn't sit in application memory or config files where a compromised host can grab them. The question that matters is not "does a KMS exist in this architecture" but "who can invoke it, and under what legal or operational conditions." That's where customer-managed keys and bring-your-own-key start to diverge in ways the naming doesn't make obvious. Customer-Managed Keys vs Bring-Your-Own-Key Customer-managed keys (CMK) means the key was generated inside the provider's KMS, under your account, and you control the access policy: who can use it, when it rotates, whether it can be disabled. The key material itself still lives entirely inside the provider's infrastructure. You never see the raw bytes. You're managing permissions on a key you didn't generate and can't export. Bring-your-own-key (BYOK) means you generate the key material yourself, outside the provider's environme

2026-07-02 原文 →
AI 资讯

Cybersecurity Mission Creep in the US

Interesting paper: “ Cybersecurity Mission Creep .” Abstract: Cybersecurity is experiencing mission creep. Policymakers are casting more and more problems as issues of cybersecurity. So reframed, wildly different policy issues, from misinformation, to child social media safety laws, to antitrust regulations, to alleged journalist misconduct, to anti-sex trafficking statutes become what this Article calls “cybersecuritized.” Before this reframing, these issues present as important but not existential. But once cybersecuritization positions the issues as threats intensified by their technological nature, they gain access to the politics and law of urgency and exceptionalism and invite troubling governance responses...

2026-07-02 原文 →
AI 资讯

An SBOM Proves What You Installed. It Can't Prove You Should Have.

A pre-install supply-chain gate returns ALLOW or DENY for each package your AI agent proposes, before npm install runs, keyed on provenance: is the name in a vouched snapshot or a popular baseline, and is the .npmrc registry trusted. An SBOM taken after resolve cannot answer that question. In this post's attack manifest, supply_chain_gate.py returns 2 DENY and exits 1. AI disclosure: I wrote supply_chain_gate.py with an AI assistant and ran it myself, offline, before publishing. Every number in the output blocks below is pasted from a real local run on Python 3.13.5, standard library only, no network. I checked the exit codes (0 / 1 / 2), hashed the STDOUT twice to confirm it is byte-for-byte deterministic, and edited every line. The external figures I cite (the USENIX 2025 package-hallucination study) are the researchers' numbers, not mine, and I link the source and say how they measured. I keep their numbers and my run's numbers in separate paragraphs on purpose. In short: An SBOM and a CVE scan run after npm install . They record what resolved and whether it has a known CVE. Neither can say whether your agent should have proposed that name in the first place. A coding agent recommends a dependency with the same flat confidence whether the name is real, hallucinated, or one letter off a real one. That confidence is exactly what a post-resolve scan cannot see through: a name registered yesterday has no CVE yet, so a known-CVE scan lists it as clean. supply_chain_gate.py reads a manifest (the packages the agent proposed, your vouched snapshot, and your .npmrc ) and returns ALLOW or DENY per package against a bundled popular baseline, before install. The result that carries the argument: the same 277-name baseline that ALLOWs express (exact match) DENYs expresss in a sibling manifest. One letter flips the verdict. What flips it is default-deny against a vouched baseline, not a static blocklist of known-bad names; the edit-distance check only labels the DENY ( TYPOSQU

2026-07-02 原文 →
AI 资讯

Self healing and secure. Good combo.

Build software that heals itself in the agentic era Bucabay Bucabay Bucabay Follow Jul 1 Build software that heals itself in the agentic era # ai # agents # architecture # security 13 reactions 3 comments 10 min read

2026-07-02 原文 →
AI 资讯

Why block.timestamp Is an NFT Mint Exploit Waiting to Happen (And What VRF Actually Does Instead)

The $765K NFT exploit nobody using block.timestamp thinks about In May 2021, an attacker exploited the Meebits NFT mint, one of Larva Labs' projects, by taking advantage of its predictable randomness mechanism. Meebits used on-chain inputs including block timestamp, nonce, and difficulty to generate the token ID for each newly minted NFT. Different token IDs had different rarities, and rarer IDs were worth significantly more on the secondary market. The attacker figured out the generation formula, simulated the outcome before committing, and repeatedly rerolled mints within the same transaction until hitting a rare NFT. They walked away with a Meebit later sold for roughly 200 ETH, worth approximately $765K at the time. The contract did exactly what it was programmed to do. The problem was the inputs it trusted as "random" were never actually random at all. This is day 7 of the 28-day Chainlink architecture series. Today covers Chainlink VRF: why on-chain randomness is a fundamentally hard problem, how VRF solves it cryptographically, and a detail most explainers skip entirely: why even a fully compromised node operator can't bias a VRF output. Why blockchains can't generate real randomness natively Smart contracts are deterministic. Every node in the network runs the same code on the same inputs and must arrive at the same result, every single time, or consensus breaks. That determinism is what makes blockchains trustworthy. It also makes native randomness structurally impossible. Any value a smart contract can read mid-execution: block.timestamp , blockhash , block.difficulty , block.prevrandao is visible to validators and miners before the block is finalized. That visibility creates a manipulation window block.timestamp : validators can manipulate this within roughly a 15-second window on Ethereum. Small enough that nobody notices, large enough to flip a coin-flip lottery in your favor repeatedly. blockhash : if a validator is about to mine a block where the hash

2026-07-02 原文 →
AI 资讯

We thought our devs were using AI. We were wrong.

We did what most engineering teams do. Bought an OpenAI API key. Shared it on Slack. Told everyone to start using AI in their workflow. It felt like the right move. Productivity went up. Developers were happy. Managers were impressed. Then the invoice arrived. Nobody could explain it. We could not tell which team spent what, which model was being used, or whether anyone had accidentally sent customer data to an external provider. We had full AI adoption and zero visibility. That is when we realized we had confused access with governance. The problem is not the AI. It is the missing layer between your team and the API. Most teams operate with raw provider keys floating around in .env files, Slack messages, and IDE configs. When someone leaves, you hope they did not take the key with them. When a pipeline misbehaves overnight, you find out from the billing alert, not from your own monitoring. We started asking ourselves some uncomfortable questions: Who on the team is using GPT-4o versus a cheaper model? Is anyone sending PII to an external provider without knowing it? What happens if our OpenAI key gets exposed in a public repo? Can we switch to Anthropic without rewriting half our tooling? None of these are exotic concerns. They are the natural consequences of scaling AI access without an infrastructure layer to govern it. What actually helped We needed something that sat between our developers and every AI provider, handling authentication, enforcing limits, logging every request, and letting us swap providers without touching application code. Think of it the way an API gateway manages microservices. Same idea, but for LLM traffic. Developers point their tools like Cursor, Continue.dev,...at a single endpoint. Two environment variables. Nothing else changes. Behind the scenes, every request is logged, every token counted, every provider key protected. Governance without friction. That is the only kind developers will actually tolerate. If your team is using AI wit

2026-07-02 原文 →
AI 资讯

From Passwords to Token-based Authentication

Every authentication mechanism in use today emerged to address a specific set of constraints the previous one wasn't designed for. This article walks through that chain — not as a list of definitions, but as a sequence of problems and the constraints that shaped each solution. 1. The Problem With Sending Passwords Every Request The earliest widely used approach, HTTP Basic Authentication, is also the simplest to understand. The client sends the username and password, base64-encoded, on every single request: GET /api/data Authorization: Basic dXNlcjpwYXNzd29yZA== Base64 is not encryption — it's just a reversible encoding. Anyone who intercepts this header has the raw credentials. This approach has three structural problems. First, the password is transmitted on every request, which means every request is a new opportunity for it to leak — through logs, proxies, or a compromised network. Second, the server has to validate credentials against the database on every single call, since there's no concept of an established session; that's a database hit for every API request, which doesn't scale. Third, there's no way to limit what the credentials can do or for how long. The password grants full access until it's changed, and changing it is the only way to revoke access — there's no way to invalidate just one client's access without affecting every other client using the same password. 2. Sessions Try to Fix It, But Introduce New Problems The next evolution moved the credential check to a single moment: login. After verifying the password once, the server creates a session, stores it (in memory or a database), and gives the client a session ID, usually via a cookie. Every subsequent request just sends that ID, not the password. The user logs in by submitting their username and password. Browser ───────────────▶ Server Login Request The server validates the credentials. Server ── checks username/password ──▶ Database If the credentials are valid, the server creates a new se

2026-07-02 原文 →
AI 资讯

glasp v0.3.0 & v0.4.0 — PKCE Support, Timeouts, and Retries

Last time I wrote about using glasp, a Go-based, npm-free CLI for Google Apps Script (GAS), in GitHub Actions. Previous post: Lean, Fast, Simple — npm-free GAS Deployment on GitHub Actions with glasp This time, a quick rundown of what landed in v0.3.0 and v0.4.0 . v0.3.0: PKCE support glasp login now supports PKCE (RFC 7636) as an opt-in. glasp login --pkce # or GLASP_USE_PKCE = 1 glasp login Each login generates a code_verifier and sends an S256 code_challenge to Google. It's a defense against authorization code interception, and it coexists fine with the existing client_secret flow. It only applies to the interactive login — --auth / GLASP_AUTH for CI is untouched. Off by default. Worth turning on if you're in a stricter security environment. v0.4.0: Timeouts and retries The focus here is basically "can this run unattended in CI/CD without falling over." Timeouts Script API requests previously had no timeout — a stuck request could hang the job indefinitely. v0.4.0 adds a 180s default. glasp push --timeout 60 # set to 60s glasp push --no-timeout # disable Also configurable via GLASP_TIMEOUT / GLASP_NO_TIMEOUT env vars or timeoutSeconds in .glasp/config.json . Priority: --no-timeout > flag/env > config > default. If the config file is broken, it warns instead of silently falling back. Retries Transient failures (5xx, 429) now get retried automatically. glasp push --max-retries 5 glasp push --no-retries 3 retries by default (up to 4 attempts total) Only applies to idempotent commands: push , pull , clone , list-deployments Commands with side effects ( create-script , run-function , etc.) are never retried Exponential backoff with jitter, respecting Retry-After It's implemented as a single http.RoundTripper wrapper, so the Google SDK itself isn't touched — same pattern as the timeout implementation. retryTransport → oauth2.Transport → http.DefaultTransport Some refactoring, too Internal packages got reorganized ( #107 ), and the hand-rolled retry transport was swappe

2026-07-02 原文 →
AI 资讯

CVE-2026-8037: Critical RCE Vulnerability in Progress Kemp LoadMaster Requires Immediate Patching

Introduction: Unveiling the Critical Vulnerability The recently identified CVE-2026-8037 vulnerability in Progress Kemp LoadMaster represents a critical threat to enterprise infrastructure. This remote code execution (RCE) flaw, stemming from an uninitialized heap issue , enables pre-authentication exploitation, allowing attackers to bypass initial security barriers without valid credentials. The root cause lies in the failure to initialize dynamically allocated memory regions, creating an exploitable condition where untrusted input can corrupt critical data structures. Attackers leverage this memory corruption to redirect program execution to malicious payloads, achieving full system compromise—from data exfiltration to operational disruption. Technically, the vulnerability arises during the software’s handling of untrusted input. When memory chunks in the heap are allocated but not properly initialized, they retain residual data or undefined states. Attackers exploit this oversight by crafting inputs that overwrite function pointers or control-flow structures, hijacking the program’s execution path. The causal sequence is precise: uninitialized heap → memory corruption → arbitrary code execution → system compromise. The pre-authentication nature of the exploit exacerbates the risk, as attackers require no prior access to execute their payload, rendering perimeter defenses ineffective. The implications are severe for enterprises relying on Kemp LoadMaster for load balancing and application delivery. Unpatched systems are exposed to infiltration, data theft, and ransomware deployment. Beyond the technical failure, CVE-2026-8037 exposes systemic deficiencies: insufficient input validation in software design and inadequate security testing during development. Organizations further amplify risk through delayed patch management , creating a critical window of opportunity for attackers. Immediate remediation is imperative to prevent catastrophic breaches that could under

2026-07-02 原文 →
AI 资讯

Using AI to find authorization bugs — and to prove the ones that aren't real

Using AI to find authorization bugs — and to prove the ones that aren't real Draft flagship post. Safe to publish now (no undisclosed vulnerabilities). The production case study referenced at the end is withheld pending coordinated disclosure. In 2026, bug bounty programs started closing their doors. Nextcloud suspended paid rewards, citing a flood of AI-generated, low-quality reports. Mattermost ended its program. The Internet Bug Bounty cut payouts by roughly 80%. The common thread isn't that AI can't find bugs — it's that most AI-assisted "findings" are plausible but wrong , and triage teams are drowning in them. That reframes the problem. The scarce skill in 2026 isn't generating candidate vulnerabilities — a language model will hand you fifty before lunch. It's refuting the forty-nine that don't hold . The differentiator is a method whose primary output is correct negatives . Here's the method I use for source-available targets, and a worked example where the honest result was "there's no bug here." The method: fan out to find, converge to refute Two stages, two different cost tiers: Fan-out (cheap models). Split the target's authorization surface into subsystems and read each in parallel. Each reader's only job is to surface candidate broken invariants — places where an object is loaded by ID without an owner check, where a protected action might skip a re-auth gate, where two code paths authorize the same thing differently. Optimize for recall. Expect mostly false positives. Adversarial verification (an expensive, high-reasoning model). Take each candidate and try to kill it. Default to REFUTED. A candidate survives only if you can cite the specific source lines proving the guard is absent and the dangerous path is reachable and nothing upstream already blocks it. Frame every survivor as a broken invariant — a one-sentence statement of the rule the system must never violate — and classify it as core versus config-dependent. The output that matters most is the

2026-07-02 原文 →
AI 资讯

I built a browser-only HTTP Cookie Inspector — parse Set-Cookie, security score, XSS/CSRF flags, 84 tests

HTTP cookies are everywhere in authentication, sessions, and tracking — but reading Set-Cookie headers manually is tedious. I built a free, browser-only HTTP Cookie Inspector that parses cookie strings and gives you a security analysis. Live Tool 👉 https://devnestio.pages.dev/cookie-inspector/ What it does Parse Set-Cookie strings — extract all attributes at a glance Attribute cards — name, value, expires/max-age, domain, path, Secure, HttpOnly, SameSite Security score (0–100) — +25 for Secure, +25 for HttpOnly, +25 for SameSite≠None, +25 for expiry XSS/CSRF risk flags — warns when HttpOnly or SameSite is missing Syntax highlighted raw header — color-coded by attribute type Presets — session, persistent, secure+httponly, SameSite=Strict, minimal 100% client-side — no data leaves your browser Cookie security flags explained Flag Missing risk Present benefit Secure Cookie sent over HTTP Only sent over HTTPS HttpOnly JS can steal it (XSS) Inaccessible via document.cookie SameSite=Strict CSRF attacks possible Never sent on cross-site requests SameSite=Lax Partial CSRF risk Sent on top-level nav only SameSite=None Always cross-site Requires Secure flag SameSite values Set-Cookie: session=abc123; SameSite=Strict; HttpOnly; Secure # Best practice for auth cookies Set-Cookie: prefs=dark; SameSite=Lax # OK for non-sensitive preferences Set-Cookie: embed=true; SameSite=None; Secure # Cross-site embeds (e.g. payment widgets) Testing 84 tests, all passing ✅ Tests cover: Parsing all standard attributes Boolean flags (Secure, HttpOnly) detection SameSite value classification Max-Age duration calculation Security score computation XSS/CSRF warning logic All preset templates HTML escaping in output UI elements and copy functionality All tools at devnestio.pages.dev — free browser-only developer utilities.

2026-07-02 原文 →
AI 资讯

I built a browser-only JWT Creator & Signer — HS256/384/512, verify, expiry check, 77 tests

Debugging JWT authentication usually means copying tokens between tabs and tools. I built a free, browser-only JWT Creator & Signer — create, sign, and verify JWTs entirely in your browser using the Web Crypto API. Live Tool 👉 https://devnestio.pages.dev/jwt-creator/ What it does Create JWTs — edit header (alg, typ) and payload (any JSON) Sign with HMAC — HS256, HS384, or HS512 Quick claim buttons — insert sub , name , exp (+1h), iss with one click Generate random secrets — 256-bit hex secret via crypto.getRandomValues() Verify existing JWTs — paste any token and verify signature + expiry Color-coded output — header in red, payload in green, signature in blue 100% client-side — Web Crypto API, no server, your secrets stay local How signing works (Web Crypto API) const key = await crypto . subtle . importKey ( " raw " , new TextEncoder (). encode ( secret ), { name : " HMAC " , hash : " SHA-256 " }, false , [ " sign " ] ); const sig = await crypto . subtle . sign ( " HMAC " , key , new TextEncoder (). encode ( header + " . " + payload ) ); The output is base64url-encoded (replacing + → - , / → _ , stripping = padding) to form the final JWT. Why browser-only matters for a JWT tool JWT secrets are sensitive. Any tool that sends your signing secret to a server is a liability. This tool never sends anything — the Web Crypto API runs entirely inside your browser tab. Testing 77 tests, all passing ✅ Tests cover: Base64url encoding edge cases JWT structure (3-part dot-separated) HMAC algorithm mapping (HS256 → SHA-256 etc.) Expiry check (expired vs. valid tokens) Error states: invalid JSON payload, malformed JWT UI: claim insertion, secret toggle, copy, clear Web Crypto API usage verification All tools at devnestio.pages.dev — free browser-only developer utilities. Feedback welcome!

2026-07-02 原文 →
AI 资讯

Apple Hide My Email Vulnerability, GitHub Hardening Guide, and Advisory Database Trends

Apple Hide My Email Vulnerability, GitHub Hardening Guide, and Advisory Database Trends Today's Highlights This week, we delve into a critical Apple 'Hide My Email' vulnerability leaking user addresses and a practical guide for GitHub maintainers to enhance project security. We also examine the record-breaking surge in vulnerability disclosures and how the GitHub Advisory Database manages this growing volume. Apple 'Hide My Email' vulnerability reveals peoples' real email addresses (Hacker News) Source: https://easyoptouts.com/guides/apple-hide-my-email-is-leaking-email-addresses This report details a critical vulnerability discovered in Apple's "Hide My Email" service, designed to protect user privacy by providing unique, randomly generated email addresses that forward to their real inbox. The flaw allows an attacker to bypass this privacy mechanism and reveal a user's actual email address. This is a significant concern for user privacy, as it undermines the core purpose of a feature intended to prevent spam and tracking. The article provides examples of how the leak can occur, often involving specific scenarios where the "Hide My Email" alias is used in conjunction with other services, allowing for correlation back to the original address. The vulnerability highlights the challenges in maintaining privacy-preserving features across a complex digital ecosystem. While Apple provides this service, its interaction with third-party applications or specific email processing methods can inadvertently expose the underlying data. Users are advised to be aware of this limitation and consider their risk tolerance when relying on such privacy features. The full technical details of the bypass and the specific conditions that trigger it are explained, offering insights into the potential attack vectors. Comment: This is a serious privacy breach for a feature designed explicitly for privacy. It reminds us that even robust privacy tools can have subtle flaws in complex usage pat

2026-07-02 原文 →