Well, it’s happened before, so it was bound to happen again: a remote code execution bug was found in APT. And it’s particularly interesting in the context of an age-old debate that has been dragging on in Debian-related circles about the use of HTTPS – a question that has been asked often enough that the answer has its own website now.
How bad was it? What is there to learn from this? And what does it tell us about the importance of HTTPS in package management security?
Continue reading Lessons From the apt Remote Code Execution Vulnerability
USENIX Security may not be the most glamorous security conference today, but I cannot remember the last time I’ve looked over the proceedings and said oh well, nothing interesting happened this year. And USENIX Security ’18 is no exception.
USENIX graciously publishes all the papers presented at the conferences that it organizes, and the proceedings of USENIX Security ’18 were just published. What better to do on a hot August afternoon, right?
There is plenty of interesting reading material in there, but eight papers in particular caught my attention.
Continue reading USENIX Security ’18: Highlights