VPCs by default use the Amazon-provided DNS which can be used to bypass some network-level protection mechanisms (e.g. NACLs or SGs) or monitoring (e.g. VPC Flow Logs). Recently a new service has been released: the Route 53 Resolver DNS Firewall which allows for blocking and…
3799
6
USA
6 Min Read
Late in 2019, I was hired at a streaming service focused on short form content to help build the data platform. One key component of this streaming service was the focus on mobile consumption, and this necessitated that our data platform handle late arriving data…
1642
2
USA
2 Min Read
Summary The REvil ransomware (a.k.a Sodinokibi) is a threat group that operates in the RaaS (Ransomware-as-a-Service) model, where the infrastructure and the malware are supplied to affiliates, who use the malware to infect target organizations. On July 2, the REvil threat group launched a supply chain ransomware…
5799
8
USA
8 Min Read
The process of writing code and delivering it to AWS Lambda is as straightforward as making a cake (depending on the type of cake). From providing to scalability, Lambda takes care of the heavy lifting. However, where is the magic taking place and how does…
6636
42
USA
42 Min Read
Programming language memory models answer the question of what behaviors parallel programs can rely on to share memory between their threads. For example, consider this program in a C-like language, where both x and done start out zeroed. // Thread 1 // Thread 2 x = 1; while(done ==…
454863
34
USA
34 Min Read
The below documentation is the latest update on the most recent updates pertaining to the massive global ransomware attack. We are tracking over 30 MSPs across the US, AUS, EU, and LATAM where Kaseya VSA was used to encrypt well over 1,000 businesses and are…
23509
13
USA
13 Min Read
The Realtek rtl8821ae Chip The wifi chip is located on a m.2 module that can be swapped out in my laptop. It has features like 2.4GHz and 5GHz wifi support and stuff. Communication with the wifi chip happens over PCIe. Finding the firmware is easy: it is…
365
2
USA
2 Min Read
A ransomware attack that disrupted computer networks forced businesses to scramble on Saturday to restore control, a situation made worse in the United States by companies working with skeleton staff in advance of the July 4th holiday weekend. Cash registers at the majority of the…
21669
6
USA
6 Min Read
When programming, the map data structure is quite handy. When I first used Perl, the thing that struck me the most was how simple it was to use hashes, as they are called. They came in handy for everything! Map is also a major element…
54969
3
USA
3 Min Read
According to a cybersecurity specialist who responded to the attack, the hack that brought down the country’s major fuel pipeline and caused shortages across the East Coast was the consequence of a single hacked password. On April 29, hackers acquired access to Colonial Pipeline Co.’s…
5903
9
USA
9 Min Read
Google is currently reworking its search algorithm to include Core Web Vitals as part of its search algorithm, which is putting a lot of pressure on web developers to improve page speeds. It’s causing a fair amount of panic, because 96% of sites fail the test. So, we…
7147
1
USA
1 Min Read
The new WebExtensions Community Group will seek to establish a similar framework for all future web extensions, and is actively seeking developers to join the project. Safari, with the release of macOS Big Sur, has a new web extension API that enables extensions created for…
35741
4
USA
4 Min Read
On October 25th, I found a bug in the Anti-Exploit driver of Malwarebytes v3.6.1.2711 that caused BSOD and finally exploited it to achieve an EoP from a standard user to SYSTEM. In short, it’s a combination of incomplete input validations and an insecure manner of accessing a…
10162
2
USA
2 Min Read
VMware is actively exploiting a vulnerability with a severity rating of 9.8 out of 10. At least one valid exploit has been made public, and successful efforts to hack servers running the vulnerable software have been made in the wild. VMware product vulnerability gets a…
4970
14
USA
14 Min Read
For companies running their own datacenter, setting up internal DNS infrastructure is essential for performance and ease of maintenance. Setting up a single DNS server for occasional requests is pretty straightforward, but scaling and distributing requests across multiple data centers is challenging. In this post,…
64892
12
USA
12 Min Read
Although the main interface between applications and a Vitess database is through the MySQL protocol, Vitess is a large and complex distributed system, and all the communication between the different services in a Vitess cluster is performed through GRPC. Because of this, all service boundaries and…
4981
6
USA
6 Min Read
It was launched in January of 2020, when we made the fly “hemibrain” connectome available on the internet — an online database that provides the morphological structure and synaptic connection of almost half of the brain of a fruit fly (Drosophila melanogaster). This database and…
7322
9
USA
9 Min Read
Released back in 2013, VeraCrypt picks up where TrueCrypt left off. Supporting more encryption algorithms, more hash functions and a variable number of hash iterations, VeraCrypt is the default choice for the security conscious. VeraCrypt has no known weaknesses except one: once the encrypted disk…
6098
12
USA
12 Min Read
Cloudflare Tunnel allows you to connect applications securely and quickly to Cloudflare’s edge. With Cloudflare Tunnel, teams can expose anything to the world, from internal subnets to containers, in a secure and fast way. Thanks to recent developments with our Terraform provider and the advent of Named Tunnels it’s…
6044
18
USA
18 Min Read
A lot of JavaScript that runs in the browser nowadays runs quicker than it did two decades ago. And so that occurred as a result of the browser makers devoting time to rigorous speed enhancements. To accomplish our goals today, we are beginning our efforts…
3739
2
USA
2 Min Read
Prosus, the company which develops online programming education programmes, said that it has inked a deal to buy Stack Overflow, an online community for software professionals, in anticipation of increased demand for online programming instruction. Stack Overflow is based in New York, though it is…
2703
107
USA
107 Min Read
The A Priori Argument (also, Rationalization; Dogmatism, Proof Texting.): A corrupt argument from logos,starting with a given, pre-set belief, dogma, doctrine, scripture verse, “fact” or conclusion and then searching for any reasonable or reasonable-sounding argument to rationalize, defend or justify it. Certain ideologues and religious fundamentalists…
3878
4
USA
4 Min Read
Writing assembly is itself an art. When C, C++, or any other language is compiled, the compiler determines the art of writing assembly. However, this time, we will some of the techniques and decisions we can make to write these ourselves. We will use RISC-V…
5828
13
USA
13 Min Read
API gateways are an integral part of microservices architecture in recent years. An API gateway provides a single point of entry for all our apps and provides an interface to access data, logic, or functionality from back-end microservices. It also provides a centralized place to…
1832
13
1849
5
USA
5 Min Read
If you’re like most people, your answer to this is… “What? Why?” When ssh was introduced back in the 1990s, its appeal was simple. Passwords are too short, too guessable, too phishable, too often stored incorrectly, too MITM-able, too brute-forceable. Also its primary competition was rsh’s classic…
1507
20
USA
20 Min Read
I recently came across Staying safe with .NET containers on Hacker News. It’s an excellent post that goes into how the .NET Docker image publishing team thinks about: The pedigree and provenance of the .NET Docker images they publish The process by which they build and publish the images Vulnerabilities (read:…
2870
11
USA
11 Min Read
Database systems typically give users the ability to trade off correctness for performance. In distributed systems, there is a whole other category for trading off correctness for performance: consistency levels. There are an increasing number of distributed database systems that are giving their users multiple…
2763
8
USA
8 Min Read
Say you run an online book store and want to build a data pipeline that figures out who the top-selling authors are. Logically, the input to the pipeline is a log of every individual book purchase on the store for all time, along with details…
4628
27