今日已更新 80 条资讯 | 累计 20052 条内容
关于我们

标签:#security

找到 652 篇相关文章

AI 资讯

Control before, proof after: an accountability primitive for AI agents

There's a pattern I kept seeing. A team gives an agent real capability, like moving money, shipping a change, or resolving a ticket that touches a customer's account. For a while it's great. Then the agent does one thing nobody can explain or defend after the fact, and the entire program snaps back to a human clicking approve on everything. The blocker was almost never the model. It was that there was no clean way to do two things at once. You couldn't bound what the agent was allowed to do before it acted, and you couldn't prove what it did after, in a form that survives contact with an auditor, a regulator, or a customer dispute. You can assemble that from parts today. Use a policy engine to authorize, and an audit log to record. The problem is they're two systems, and two systems drift. Six months later, when someone is actually asking "was this action allowed, and can you prove it," the policy engine and the log disagree about what the policy even was at the time. Now you're reconstructing intent from two sources that were never the same object. That's the gap. Not authorization by itself, and not observability by itself. The thing that authorizes an action and the thing that proves it should be the same object, bound to the exact policy version in force when the decision was made. The primitive Two verbs, one primitive. Control before. You mint a capability, which is a policy scoped to one agent: a spend cap, a counterparty allowlist, an expiry, whatever the action needs. Every consequential action the agent takes gets checked against the committed policy state and returns an allow or deny in the request path. An over-budget or out-of-policy action is refused before it happens, not flagged after. Refused is the operative word. The enforcement point commits no state change for a denied action, no matter how the agent reasons, how it's prompted, or whether it's been compromised. You've turned unbounded irreversible harm into bounded irreversible harm. Prove after

2026-07-10 原文 →
AI 资讯

Microsoft’s patch Tuesdays are about to get bigger

Windows 11 updates could soon include fixes for more security issues at once. Microsoft said in a blog post on Thursday that it's now using AI to "identify potential issues earlier," which means "customers will see a higher volume of security updates included in each security release." Hackers, even amateurs, have increasingly been using AI […]

2026-07-10 原文 →
开源项目

How GitHub gave every repository a durable owner

GitHub had over 14,000 repositories. Fewer than half had clear ownership. Here's how we gave every active repository a validated owner in under 45 days, archived the rest, and made ownership the foundation for everything that followed. The post How GitHub gave every repository a durable owner appeared first on The GitHub Blog .

2026-07-10 原文 →
AI 资讯

RLS recursion infinite loop: why I gave up policies and bet everything on a JWT custom claims hook

Episode 1/4 — 3 incidents, one root: default GRANTs open more than you think — [CANONICAL URL EPISODE 1: fill in after push] Episode 2/4 — await mutation() lies when nobody opens the { error } envelope — [CANONICAL URL EPISODE 2: fill in after push] The morning Françoise sees zero rows, again It's a Tuesday in April 2026. I've just added the agent_readonly role to the authenticated membership — a one-liner, meant to share a GRANT for a reporting job. First SELECT on cours , Sentry receives infinite recursion detected in policy for relation "user_roles" , code 42P17 . From the office next door, Françoise is already on the phone with the Maisons-Laffitte branch: "So they can't see anything over there — is that normal?" Foreman tone, not really a question. I read the error on my screen. The difference from episode 1: this time Postgres is talking. What came out of Sentry was no longer a silent empty set — it was an explicit error. That difference saved me two days. When Postgres shouts, you listen. The trap is that what it says isn't where you're looking. I won't pretend this is obscure. A policy on user_roles that queries user_roles to decide who can read user_roles is a loop. You avoid it, you work around it with SECURITY DEFINER , you move on. The problem: my user_roles policy didn't reference user_roles . I had already cleaned it up three weeks earlier. The recursion was coming from somewhere else. The diagnostic that targets the wrong object First reflex: re-read the user_roles policy. It's clean, reads auth.email() , never calls itself. Second reflex: disable policies one by one to find the culprit. Wrong angle. -- supabase/migrations/20260420_admin_write_cours_v1.sql -- "Admin write cours" policy — original version that loops CREATE POLICY "Admin write cours" ON public . cours FOR ALL TO authenticated USING ( EXISTS ( SELECT 1 FROM public . user_roles WHERE email = auth . email () AND role IN ( 'admin' , 'super_admin' ) ) ); The recursion doesn't come from a fau

2026-07-09 原文 →
AI 资讯

When a password sync is 'partly done', it's a bug: converging on one canonical flow

TL;DR Two apps each had their own password-change/reset logic, plus config toggles to enable/disable backends. That combination quietly allowed partial syncs. Fix: one shared engine, one canonical order , backends mandatory (no config-disable), and every attempt written to an audit log. Lesson: for a write that spans several systems, "configurable steps" is a footgun. Make the flow fixed and make failure loud. The setup A user changes their password. Behind the scenes that single password has to land in several systems — a directory, an external database, and the app's own store. Two separate apps were doing this, each with slightly different code, and each with config flags like sync_oracle => true|false to turn backends on and off. Sounds flexible. It's actually a trap. Why configurable backends are a footgun TL;DR: a password that updates 2 of 3 systems is worse than one that updates none — because now the systems disagree and nobody gets an error. The moment a backend is optionally skippable, "skipped" and "failed" blur together. Someone flips a flag in one environment, forgets it in another, and now prod and staging run different flows. Debugging a login failure means first reverse-engineering which steps actually ran. Before After Each app had its own reset logic One shared engine, both apps call it Backends toggle via config Backends are mandatory, always run Order implicit / differed per app One canonical order: New directory → external DB → local app "Did it sync?" answered by guessing Every attempt logged with per-service status The canonical order The order isn't cosmetic. It runs most-authoritative-first, so if a downstream step fails you haven't already told the user their new password works. change/reset request | v [ New Directory ] --ok--> [ External DB ] --ok--> [ Local App store ] | | | fail fail fail | | | +----> stop, record per-service status, surface the failure Same engine, same order, both apps. A change API and a reset flow are just two entr

2026-07-09 原文 →
AI 资讯

Adopting Terraform Ephemeral Resources

In version 1.11, HashiCorp introduced Terraform Ephemeral resources and write-only attributes to allow for root configs that do not store secrets in the Terraform statefile. But many users ask about how they can adopt ephemerals. This blog attempts to lay out the ways secrets can be stored in state and how you should update your configurations to remove those secrets. Note: For a primer on ephemerals ( see this blog post ). Scenarios to consider: Data sources that fetch a static secret Resources that receive a secret Resources that generate a dynamic a secret Resources that fetch generated secrets to store in another 3rd party system Scenario 1: Data sources with static secrets Ephemeral resources can often be a drop-in replacement for data sources pulling static values: data "vault_kv_secret_v2" "static_kv" { mount = "kvv2" name = "my_password" } ephemeral "vault_kv_secret_v2" "static_kv" { mount = "kvv2" name = "my_password" } However, using these values has 1 specific difference. The attributes on a ephemeral resource are considered ephemeral and can only be used as ephemeral arguments. That means 2 places: Provider blocks Provider blocks are considered ephemeral, so ephemeral resources may populate arguments: provider "example" { password = tostring ( ephemeral . vault_kv_secret_v2 . static_kv . data . password ) } Write-only arguments Write-only arguments are special arguments that require the ephemeral taint for values: resource "aws_db_instance" "example" { ... password_wo = tostring ( ephemeral . vault_kv_secret_v2 . static_kv . data . password ) } If the resource you wish to pass a value to does not have an available ephemeral, open an issue with that provider. You can reference: this blog post this agent skill Scenario 2: Resources that receive a static secret Without duplicating to the section above, write-only arguments are a way to get secrets out of state. Above has guidance if the secret value comes from a data source, but what if its from a variable?

2026-07-09 原文 →
AI 资讯

Linux compliance checks with Sparrow plugin

Sparrow is Raku automation framework comes with useful plugins people can use to automate infrastructure. Scc plugin allows to check Linux essential configuration files for security compliance. Here some examples: Sysctl $ sudo sysctl -a | s6 --plg-run scc@check = sysctl 12:24:07 :: [task] - run plg scc@check=sysctl 12:24:07 :: [task] - run [scc], thing: scc@check=sysctl [task run: task.bash - scc] [task stdout] 12:24:08 :: abi.cp15_barrier = 1 12:24:08 :: abi.setend = 1 12:24:08 :: abi.swp = 0 12:24:08 :: abi.tagged_addr_disabled = 0 12:24:08 :: debug.exception-trace = 0 12:24:08 :: dev.cdrom.autoclose = 1 12:24:08 :: dev.cdrom.autoeject = 0 12:24:08 :: dev.cdrom.check_media = 0 12:24:08 :: dev.cdrom.debug = 0 12:24:08 :: dev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/17 12:24:08 :: dev.cdrom.info = 12:24:08 :: dev.cdrom.info = drive name: 12:24:08 :: dev.cdrom.info = drive speed: 12:24:08 :: dev.cdrom.info = drive # of slots: 12:24:08 :: dev.cdrom.info = Can close tray: 12:24:08 :: dev.cdrom.info = Can open tray: 12:24:08 :: dev.cdrom.info = Can lock tray: 12:24:08 :: dev.cdrom.info = Can change speed: 12:24:08 :: dev.cdrom.info = Can select disk: 12:24:08 :: dev.cdrom.info = Can read multisession: 12:24:08 :: dev.cdrom.info = Can read MCN: 12:24:08 :: dev.cdrom.info = Reports media changed: 12:24:08 :: dev.cdrom.info = Can play audio: 12:24:08 :: dev.cdrom.info = Can write CD-R: 12:24:08 :: dev.cdrom.info = Can write CD-RW: 12:24:08 :: dev.cdrom.info = Can read DVD: 12:24:08 :: dev.cdrom.info = Can write DVD-R: 12:24:08 :: dev.cdrom.info = Can write DVD-RAM: 12:24:08 :: dev.cdrom.info = Can read MRW: 12:24:08 :: dev.cdrom.info = Can write MRW: 12:24:08 :: dev.cdrom.info = Can write RAM: 12:24:08 :: dev.cdrom.info = 12:24:08 :: dev.cdrom.info = 12:24:08 :: dev.cdrom.lock = 0 12:24:08 :: dev.raid.speed_limit_max = 200000 12:24:08 :: dev.raid.speed_limit_min = 1000 12:24:08 :: dev.scsi.logging_level = 68 12:24:08 :: dev.tty.ldisc_autoload = 1 12:24:08

2026-07-09 原文 →
AI 资讯

Crushing 5GB of XML: Building a Blazing Fast Apple Health Parser with Rust and ClickHouse

We’ve all been there. You click "Export Health Data" on your iPhone, wait ten minutes, and receive a massive, bloated export.xml file. If you've tracked your fitness for years, this file can easily exceed 5GB. Try opening that in Python’s ElementTree or even pandas , and your RAM will cry for mercy. This is a classic Data Engineering challenge: transforming high-volume, semi-structured XML into actionable insights without waiting an eternity. In this tutorial, we are going to build a high-performance parser using Rust performance techniques, Rayon for parallelism, and ClickHouse for lightning-fast OLAP queries. By leveraging Rust's zero-cost abstractions, we'll turn a 20-minute Python slog into a sub-30-second sprint. 🚀 The High-Level Architecture Handling 5GB of XML requires a streaming approach. We cannot load the whole file into memory. We will stream the XML, parse segments in parallel, and ship them to ClickHouse using Protocol Buffers for maximum serialization efficiency. graph TD A[Apple Health export.xml] --> B[Streaming XML Reader] B --> C{Chunking Logic} C -->|Batch 1| D[Rayon Worker 1] C -->|Batch 2| E[Rayon Worker 2] C -->|Batch N| F[Rayon Worker N] D & E & F --> G[Protobuf Serialization] G --> H[(ClickHouse DB)] H --> I[Grafana / SQL Insights] Prerequisites To follow along, you'll need: Rust (Stable) Tech Stack : quick-xml (for streaming), serde (serialization), rayon (data parallelism), and clickhouse-rs . A running ClickHouse instance. 1. Defining the Data Schema Apple Health data (specifically Record types) consists of types, dates, and values. Since we want high performance, we'll use Protocol Buffers to define our intermediate format, ensuring minimal overhead when moving data through the pipeline. // Simplified representation of a Health Record use serde ::{ Deserialize , Serialize }; #[derive(Debug, Serialize, Deserialize, Clone)] pub struct HealthRecord { #[serde(rename = "@type" )] pub record_type : String , #[serde(rename = "@startDate" )] pub

2026-07-09 原文 →
AI 资讯

OpenBSD Privilege Escalation, GitHub AI Agent Leaks, & CDN Supply Chain Risks

OpenBSD Privilege Escalation, GitHub AI Agent Leaks, & CDN Supply Chain Risks Today's Highlights This week's top security news features a critical use-after-free vulnerability in OpenBSD, a novel prompt injection attack leading to private repo leaks from GitHub's AI agent, and an unusual case of obfuscated bash scripts delivered via a CDN on consumer products. OpenBSD has a use-after-free allowing local privilege escalation to root (Hacker News) Source: https://nvd.nist.gov/vuln/detail/cve-2026-57589 A newly disclosed vulnerability, CVE-2026-57589, impacts OpenBSD, a renowned security-focused operating system. The vulnerability is identified as a use-after-free (UAF) flaw, which typically occurs when a program attempts to use memory after it has been freed, often leading to crashes or arbitrary code execution. In this specific case, the UAF bug allows for local privilege escalation to root. This type of vulnerability is particularly critical for operating systems, as it can enable an unprivileged attacker with local access to gain complete control over the system. System administrators and users of OpenBSD are advised to monitor official channels for patches and apply them immediately to mitigate the risk of compromise. Understanding the underlying cause of such UAFs is crucial for developing more robust memory management practices and identifying similar vulnerabilities in other systems. Comment: This is a critical reminder for OpenBSD admins to patch immediately, as use-after-free exploits are a classic, dangerous route to full system compromise from local access. GitLost: We Tricked GitHub's AI Agent into Leaking Private Repos (Hacker News) Source: https://noma.security/blog/gitlost-how-we-tricked-githubs-ai-agent-into-leaking-private-repos/ Researchers have uncovered a significant AI-specific security vulnerability, dubbed 'GitLost,' demonstrating how GitHub's AI agent can be manipulated to leak sensitive information from private repositories. The attack leverag

2026-07-09 原文 →
AI 资讯

Applying SAST to Infrastructure as Code (Without TFSec)

Static analysis isn't just for application source code. Terraform, Pulumi, OpenTofu, and CloudFormation files are code too — and they get misconfigured just as often as a backend service. A public S3 bucket, a security group open to 0.0.0.0/0 , or an unencrypted RDS instance are all bugs you can catch before apply ever runs. TFSec is the tool most people reach for first, but it's not the only option on the OWASP Source Code Analysis Tools list . In this article I'll use Checkov , a free, open-source policy-as-code scanner built by Bridgecrew (now part of Palo Alto Networks), to scan a Terraform project end to end — from a local scan to a GitHub Actions gate that blocks merges on critical misconfigurations. The same approach works with OpenTofu and Pulumi projects too, since Checkov understands HCL directly and also has native support for Pulumi's rendered plan output and CloudFormation/ARM/Kubernetes manifests. Why Checkov? 100% open source (Apache 2.0), actively maintained, thousands of built-in policies. Understands Terraform, OpenTofu, CloudFormation, Kubernetes, Helm, Dockerfile, ARM, Serverless Framework, and Pulumi (via cdktf /synthesized plans) — one tool across most of your IaC surface. No account or API key required to run locally or in CI. Supports custom policies written in Python or YAML if the built-in rule set doesn't cover something specific to your org. ## 1. The sample infrastructure A small AWS setup with a few intentionally introduced misconfigurations — the kind that get merged during a rushed sprint: # main.tf provider "aws" { region = "us-east-1" } resource "aws_s3_bucket" "data" { bucket = "company-app-data-bucket" } # Vulnerable: bucket has no encryption, no versioning, and is publicly readable resource "aws_s3_bucket_acl" "data_acl" { bucket = aws_s3_bucket . data . id acl = "public-read" } resource "aws_security_group" "web" { name = "web-sg" description = "Allow web traffic" # Vulnerable: SSH open to the entire internet ingress { from_port

2026-07-09 原文 →
AI 资讯

Applying SAST to Any Application (Without Sonar, Snyk, Semgrep, or Veracode)

Most "how to add SAST to your pipeline" articles gravitate toward the same four names: SonarQube, Snyk, Semgrep, Veracode. They're solid tools, but they're not the only options, and sometimes you can't use them — budget constraints, air-gapped environments, licensing restrictions, or simply wanting something lightweight that lives entirely in your repo. The OWASP Source Code Analysis Tools page lists dozens of alternatives across every language. In this article I'll walk through applying Bandit , a free, open-source SAST tool for Python, to a real sample application — from finding vulnerabilities locally to wiring it into a CI/CD pipeline with GitHub Actions. The same workflow (install → configure → scan → fail the build on high-severity findings → track results over time) applies almost identically if you swap Bandit for other OWASP-listed tools like Brakeman (Ruby), FindSecBugs (Java), Gosec (Go), or Horusec (multi-language). Why Bandit? 100% open source (Apache 2.0), maintained under the PyCQA org. No account, no server, no license key — it runs as a CLI or a library. Understands Python's AST, so it catches real logic patterns, not just regex matches. Easy to tune with a config file and inline # nosec suppressions. ## 1. The sample application Let's use a small Flask app with a few intentionally introduced vulnerabilities — the kind of thing that slips into real codebases under deadline pressure. # app.py import subprocess import sqlite3 import pickle import yaml from flask import Flask , request app = Flask ( __name__ ) DB_PATH = " users.db " @app.route ( " /ping " ) def ping (): host = request . args . get ( " host " ) # Vulnerable: command injection via shell=True result = subprocess . run ( f " ping -c 1 { host } " , shell = True , capture_output = True ) return result . stdout @app.route ( " /user " ) def get_user (): user_id = request . args . get ( " id " ) conn = sqlite3 . connect ( DB_PATH ) cursor = conn . cursor () # Vulnerable: SQL injection via strin

2026-07-09 原文 →
AI 资讯

7 Dockerfile Mistakes That Are Quietly Costing You

Most Dockerfiles work. That's the problem — "it builds and runs" hides a lot of quiet costs in security, speed, and size that don't announce themselves until an audit, an incident, or a cloud bill does it for them. Here are seven mistakes I see constantly, and what to do instead. 1. Running as root By default, the process in your container runs as root — and if someone breaks out, they're root on a surface they shouldn't be. Add a non-root user and switch to it: RUN useradd --system --uid 10001 appuser USER appuser Cheap, and it closes off a whole category of "well, at least it wasn't root" incidents. 2. FROM some-image:latest latest is not a version — it's "whatever was newest when this happened to build." Two builds a week apart can produce different images with no diff to explain it, and a surprise base upgrade is a fun way to spend a Friday. Pin a specific tag, ideally by digest: FROM node:20.11.1-slim 3. Baking secrets into layers COPY .env . or ARG API_KEY followed by using it — and now the secret lives in an image layer forever , recoverable by anyone who pulls the image, even if a later layer deletes the file. Layers are immutable and additive; you can't delete your way out of a leak. Use build secrets ( --mount=type=secret ) or inject at runtime, never at build. 4. No .dockerignore Without one, COPY . . sweeps your .git directory, local env files, node_modules , and test data into the build context — bloating the image and, worse, potentially baking credentials and history into a layer. A five-line .dockerignore is one of the highest-leverage files in the repo. 5. Layer order that destroys your cache COPY . . RUN npm ci # ← reinstalls on EVERY code change Docker invalidates every layer after the first change. Copy the lockfile and install dependencies before copying the rest of your source, so a one-line code change doesn't trigger a full reinstall. This is a build-speed bug hiding as a style choice. 6. Leaving package manager cruft in the image RUN apt-get

2026-07-08 原文 →
AI 资讯

How Secure is Your Password? Calculating Shannon Entropy in the Browser

We've all seen password strength meters on sign-up forms. Most of them rely on simplistic, static rules: "Must contain at least 8 characters, one number, and one special character." But from a mathematical standpoint, these rules are a poor proxy for actual password security. A password like Tr0ub4dor&3 conforms to these rules but is far easier to compromise than a randomly generated four-word passphrase like correct-horse-battery-staple . To truly measure password security, we have to look at information theory and compute its Shannon Entropy . Here is how password entropy works, the math behind it, and how you can calculate it directly in the browser with 100% client-side privacy. What is Password Entropy? In cryptography, entropy is a measure of the unpredictability or randomness of a password. It is expressed in bits . An entropy of $N$ bits means there are $2^N$ possible combinations that an attacker would have to guess in a worst-case brute-force search. < 28 bits: Very weak (easily guessed in milliseconds). 28 to 35 bits: Weak (cracked in minutes or hours). 36 to 59 bits: Reasonable protection (days to months). 60 to 127 bits: Very strong (takes years to decades to crack). 128+ bits: Extremely secure (mathematically unfeasible to crack). The Mathematical Formula To calculate the entropy ($E$) of a password, we use the following equation: $$E = L \times \log_2(R)$$ Where: $L$ is the length of the password (number of characters). $R$ is the size of the pool of unique characters from which the password is drawn. $\log_2(R)$ is the binary logarithm of the pool size, representing the amount of information carried by each character. Determining Pool Size ($R$) To find $R$, we analyze which character sets are present in the password string: Lowercase letters ( a-z ): 26 characters Uppercase letters ( A-Z ): 26 characters Numbers ( 0-9 ): 10 characters Common special characters/punctuation: 33 characters (e.g., !@#$%^&*()-_=+[]{}|;:',.<>/? etc.) If a password uses ch

2026-07-08 原文 →
AI 资讯

Cybersecurity and the Gap Between Skill and Ability

Last week, national security agencies from the Five Eyes—that’s the rich, English-language-speaking countries club—jointly released a statement warning of the increasing cyber risks of AI models: in particular, their ability to autonomously hack into systems and networks. The statement was more measured than some of the breathless headlines about it, and the advice they gave is pretty much the standard advice everyone gives—albeit with newfound urgency. Internet risks are nothing new, and cyberattacks—both large and small—have been a significant issue since long before the current crop of generative AI models...

2026-07-08 原文 →