The policies states it’s not allowed to use automated tools, not to submit report using automated tools alone. Human review does not really change that.
«XBOW submitted nearly 1,060 vulnerabilities. All findings were fully automated, though our security team reviewed them pre-submission to comply with HackerOne’s policy on automated tools»
That seems a bit unethical. I’ve thought companies specifically deny usage of automated tools. A bit too late ey…?
I looked through most of the charts, and I it seems like you cannot get the best of two worlds. Can you get good edge retention, ease of sharpening and toughness at the same time?
It would be nice with an example on how knife steel properties work. I assume there are balanced tradeoffs.
Tarlogics blog post, it is mentioned “modifying chips arbitrarily”, “infecting chips with malicious code”, “obtain confidential information stored on them”.
Even though they rephrased the backdoor wording, the remaining statements make me believe the undocumented functions can be used to gain code execution on the main cpu.
It it possible to create firmware that is encrypted and cannot be read out. Espressif state there is no security issues, but I have a feeling that these debug commands may be used to read out the flash of a properly secured esp32 that otherwise would not be possible…
There was someone that figured out how to detect if the output was piped or not to bash on the webserver, can consider the fact and chose to be malicious or not
My understanding of the article is that it was about shutting down the program that keeps the nuclear navy afloat, not about a backdoor with a switch to turn off the arsenal
Yeah, it says it will create an SVG in seconds, but seconds later, there is no SVG. Did not occur to me that I had to log in, but probably won’t as I cannot be bothered to follow black patterns…
I feel that dockerhub no longer can be the steward for the default docker repo because of this and the limitations they previously have implemented. It is time for them to hand over the baton stick to someone else, or that the notion of a default repo is removed all together
It is not immediately clear to me if the limit is per repo/package or globally in the hub. For instance, I fear it will not be possible to add a new kubernetes node to my cluster without hitting the limit as it would need to pull all the individual images.