Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

In a previous attack of fwupd, an S3 bucket was used to add files and signature bypass for the uploaded files. However, the signature validation vulnerability was expected behavior according to the developers, as the devs of the project (not the library) were claimed to be at fault for improper usage.

When checking for detached PGP signatures, the function can return a non-NULL pointer that contains a list of 0 signatures. In practice, the non-NULL value may be interpreted as a valid signature.

After seeing this, the author of this paper decided that this mistake must have been made in other places as well. So, they took to an open source code query engine to help find potential vulnerable cases of this being used.

With the search engine, they found at least 6 other cases of this function being used in an insecure way including in PhotonOS. This signature bypass could have been serious!

Overall, developers of the library re responsible for making code secure out of the box and not requiring expansive security knowledge. There is a reason that React and other frontend frameworks block XSS by default now-a-days.