October 2017

CommonMark

It turns out having 20+ Markdown implementations with no spec is a bad idea. Let's see how long before there's a competing spec ;-)
http://commonmark.org/

dnsmasq RCEs

Wouldn't it be nice if we stopped writing critical system services in C? Nah.
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

Google teapot

https://www.google.com/teapot

Macro-less code exec in MS Word

https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/

A2 Analog Attack

An older one, but a great read.
https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/

The Pathologies of Big Data

http://queue.acm.org/detail.cfm?id=1563874
"In designing applications to handle ever-increasing amounts of data, developers would do well to remember that hardware specs are improving too, and keep in mind the so-called ZOI (zero-one-infinity) rule, which states that a program should “allow none of foo, one of foo, or any number of foo.” That is, limits should not be arbitrary; ideally, one should be able to do as much with software as the hardware platform allows."

"... big data should be defined at any point in time as “data whose size forces us to look beyond the tried-and-true methods that are prevalent at that time.”

KRACK Attack

WPA2 is broken, hum-de-dum
https://www.krackattacks.com/
https://github.com/vanhoefm/krackattacks