Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Supercharge SQLite with Ruby Functions

2025-01-27

This article demonstrates how to enhance SQLite's capabilities by integrating Ruby functions. The author creates User-Defined Functions (UDFs) to directly call Ruby code within SQL queries, enabling features like generating time-ordered UUIDs, performing regex matching, and calculating statistical measures (e.g., standard deviation and percentiles). The article also explores using the SQLITE_DIRECTONLY flag to prevent issues when accessing custom functions outside the application's process. Overall, this provides a powerful way to boost SQLite's flexibility and functionality, particularly useful for data exploration and analysis.

Read more
(blog.julik.nl)
Development

Ken Thompson's Sneaky C Compiler Backdoor: A Reflection on Trust

2025-02-16

In his paper "Reflections on Trusting Trust," Ken Thompson, co-creator of UNIX, recounts a chilling tale of a self-replicating backdoor he inserted into the C compiler. This backdoor would automatically inject itself into the login program during compilation, granting him unauthorized access. The insidious part? Even removing the backdoor from the source code wouldn't stop the compiler from re-inserting it during compilation. This story serves as a stark reminder of the limitations of trusting software and the inherent difficulty in ensuring complete security, even with source code review.

Read more
(aeb.win.tue.nl)
Development C compiler backdoor

Russian Threat Actors Exploit Microsoft Device Code Authentication in Widespread Attacks

2025-02-15
Russian Threat Actors Exploit Microsoft Device Code Authentication in Widespread Attacks

Volexity has uncovered multiple Russian threat actors employing sophisticated social engineering and spear-phishing campaigns to compromise Microsoft 365 accounts via Device Code Authentication phishing. These attacks exploit the less-familiar Device Code Authentication workflow, making them difficult for users to recognize as phishing attempts. The campaigns, often politically themed (e.g., focusing on the US administration), impersonate individuals from organizations like the US Department of State and the Ukrainian Ministry of Defence, luring victims into fake Microsoft Teams meetings or application access. Volexity is tracking three threat actors, one potentially linked to CozyLarch (overlapping with DarkHalo, APT29). The effectiveness of this attack stems from exploiting users' unfamiliarity with device code authentication, bypassing traditional security measures. Volexity recommends organizations block device code authentication via conditional access policies and enhance user security awareness training.

Read more
(www.volexity.com)
Tech russian hackers microsoft 365
1 2 589 590 591 592 593 594 595 597 Next →