Worth Reading: The Rising Threat of Secrets Sprawl and the Need for Action

Regrettably, maintaining secrets has become increasingly challenging, as highlighted by the 2023 State of Secrets Sprawl report, the largest analysis of public GitHub activity.

Worth Reading: Artificial Intelligence and the Invention of Computer Science

More than commonly realized, the modern computer was itself viewed as a thinking machine within the rich stew of what was about to be branded as cybernetics.

Worth Reading: MITM attacks in public Wi-Fi networks without rogue access points

A fundamental vulnerability in the Network Processing Unit (NPU) chipset has been uncovered recently, which can be exploited by attackers to eavesdrop on data transmitted over a wireless network, affecting over 89% of real-world Wi-Fi networks.

Worth Reading: HTTP Search

HTTP SEARCH is a new HTTP method, for safe requests that include a request body. It’s still early & evolving, but it was recently adopted as an IETF draft standard, and it’s going to add some great new tools for HTTP development everywhere.

Worth Reading: Since when did my SSD need water cooling?

As the latest generation of M.2 SSDs have trickled out to consumer platforms we’ve seen some wild and wacky cooling solutions strapped to them: heat pipes, 20,000 rpm fans, even tiny liquid coolers.

Worth Reading: Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking

A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io.

Worth Reading: Understanding security risks and best practices of Open Resolvers

An ‘open resolver’ is a Domain Name System (DNS) server that accepts and resolves a domain name recursively for anyone on the Internet.

Worth Reading: A Realists Guide to AI Risks

ChatGPT has highlighted the excitement and fear about the potential consequences of AI for humanity, and in doing so has pushed forth the need to examine if and how to regulate AI.

Worth Reading: Risks and Reactions to .zip and .mov Top-Level Domains

In a developing cybersecurity concern, IT experts and researchers warn of potential misuse of Google’s new .zip and .mov top-level domains (TLDs), which they argue could be exploited for phishing attacks and malware distribution.

Worth Reading: RFC 9234 observed in the wild

Route leaks occur when Border Gateway Protocol (BGP) prefixes are propagated in a way that goes against the expected topology relationships of BGP.