Weekly breakdown – 22w22d3

Security

https://kenkantzer.com/learnings-from-5-years-of-tech-startup-code-audits/
Highly distilled and valuable knowledge about security and securing software from-first person audit experience.
Anyone who is interested in improving security (and everyone should) should at least glance through.

https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results
Notable results:

Sandbox escape on Tesla Model 3 Infotainment System – Important due to fact that significant amount of car information is consumed, but also produced by the infotainment system, possibly leading to much significant compromise of safety relevant components of a car

Sandbox escape on Microsoft Teams – Important due to enormous presence of Teams in high variety of companies due to free(ish) model included in Office suite.

https://www.feistyduck.com/bulletproof-tls-newsletter/issue_89_certificate_transparency_data_is_used_to_compromise_wordpress_before_installation
How security improvement can have not-so-good side-effects when setting up your standard WordPress (or other web apps) installation.

https://www.lightbluetouchpaper.org/2022/01/19/security-engineering-course/
https://www.lightbluetouchpaper.org/2022/03/18/security-course-at-cambridge/
Free quality lectures going through fundamentals of security and hands-on approach on gaining security experience. And students from few countries can apply for course access in full and free.
Best learning is when you get your hands dirty 🙂

Funny

https://rubenerd.com/git-ignores-gitignore-with-gitignore-in-gitignore/
Sort-of-recursion 🙂