OK, rebuild bash and deploy Florian's unofficial patch or its now-upstream version now. If you're a distro maintainer, please consider doing the same.My previous post has more information about the original vulnerability (CVE-2014-6271). It also explains Tavis' and my original negative sentiment toward...
Quick notes about the bash bug, its impact, and the fixes so far
We spent a good chunk of the day investigating the now-famous bash bug (CVE-2014-6271), so I had no time to make too many jokes about it on Twitter - but I wanted to jot down several things that have been getting drowned out in the noise earlier in the day.Let's start with the nature of the bug. At...
Who's Afraid of Deflation?
Everyone knows that deflation is bad. Bad, bad, bad. Why is it bad? Well, we learned it in school. We learned it from the pundits on the news. The Great Depression. Japan. What, are you crazy? It's bad. Here, let Ed Castranova...
Useriøs kritikk
Oljefondet slik det forvaltes i dag har en nærmest uendelig tidshorisont. Den siste ukes debatt om oljepengebruken viser imidlertid hvor stor politisk betydning kortsiktige svingninger kan ha. Politiske hensyn kan derfor...
CVE-2014-1564: Uninitialized memory with truncated images in Firefox
The recent release of Firefox 32 fixes another interesting image parsing issue found by american fuzzy lop: following a refactoring of memory management code, the past few versions of the browser ended up using uninitialized memory for certain types of truncated images, which is easily measurable with...
Some notes on web tracking and related mechanisms
Artur Janc and I put together a nice, in-depth overview of all the known fingerprinting and tracking vectors that appear to be present in modern browsers. This is an interesting, polarizing, and poorly-studied area; my main hope is that the doc will bring some structure to the discussions of privacy...
