8 min read
0
1Password CLI Adds Risk
In October of 2023, I reported a vulnerability to 1Password regarding their op (a.k.a. 1password-cli) program. In my report I detailed that their approach to…
Tag: security
3 min read
0
Introducing the Poison-Pillminder
Do you manage a GitHub org with a bunch of repositories? Do you have a hard time scrambling when the latest NPM supply-chain attack hits,…
4 min read
0
Secrets in Lambda Env Vars
Hello, friends! I’m here on this fine Thursday with some low-key advice on a very serious problem: you—or someone you know—has been putting secrets into…
5 min read
0
How to Cheat in JS Object Manipulation
Often in JavaScript, we’ve got to manipulate JavaScript Objects in order to serve a purpose. Today I’m going to cover a quick way to cheat…
4 min read
0
String Manipulation of URLs is an Anti-Pattern.
Quick note before we get started: this piece is Node-centric in its examples, but this anti-pattern is polyglottal. As with most anti-patterns, this isn’t about…
5 min read
0
Warning: Elaborate Scams Abound!
Hey all! This post won’t be long, and I’m sorry but it won’t be terribly technical either. Tonight I had an encounter with a scam…