Last week I wrapped up the chapter on the crypto package in Go, The Standard Library Within the crypto package we have the crypto/subtle package. This package contains functions for doing constant time operations which are an important part of cryptography. Constant time functions help prevent timing attacks which are caused when operations take different amounts of time to complete a task based on some input. When the time something takes leaks…
I continue the look at 5 more of the Top 25 Most Dangerous Programming Errors. Here's part 1 (25-21) 20. Download of Code Without Integrity Check You might not think of this at first, but it's a doozy. If you are downloading things, like files, code, updates, whatever, they could be compromised. DNS poisoning or redirects could make your request for a file go to a different location. There could be a man in the middle messing with your data, or …
The Common Weakness Enumeration posted their Top 25 Most Dangerous Programming Errors last month. Most everything in the list is completely avoidable, but most new programmers, and especially those without real world experience (as opposed to trivial classroom projects), fall victim to at least some of them. A lot of them bit me in university and I still get nipped by some of them today. Proper education is the first step, and the CWE have done …
Cool talk about Xbox hardware security.