@bascule wouldn't cbc-mac, even a correct-aside-from-that impl, be similarly vulnerable? @mstthew_d_green
-
-
-
@namelessjon@bascule yes, they screwed up MAC verification, not HMAC -
@jtdowney@namelessjon confirm. just scary we then go from that to RCE -
@bascule such is the power of marshal ;)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.