Looks like you have a bad case of embedded libraries

A long time ago pretty much every application and library carried around its own copy of zlib. zlib is a library that does really fast and really good compression and decompression. If you’re storing data or transmitting data, it’s very likely this library is in use. It’s easy to use and is public domain. It’sContinue reading “Looks like you have a bad case of embedded libraries”

Can’t Trust This!

Last week saw a really interesting bug in TCP come to light. CVE-2016-5696 describes an issue in the way Linux deals with challenge ACKs defined in RFC 5961. The issue itself is really clever and interesting. It’s not exactly new but given the research was presented at USENIX, it suddenly got more attention from the press. The researchersContinue reading “Can’t Trust This!”

glibc for humans

Unless you’ve been living under a rock, you’ve heard about the latest glibc issue.CVE-2015-7547 – glibc stack-based buffer overflow in getaddrinfo() It’s always hard to understand some of these issues, so I’m going to do my best to explain it using simple language. Making security easy to understand is something I’ve been talking about for a longContinue reading “glibc for humans”