@sleevi_ @kebesays @AlecMuffett and the corresponding analogue for ASN.1 is RCE?
-
-
Replying to @bascule
@bascule@kebesays@AlecMuffett With DER parsing, a little fuzzing and ASAN goes a long way. With JSON, it's logic bugs all the way down.2 replies 0 retweets 0 likes -
Replying to @sleevi_
@sleevi_@kebesays@AlecMuffett we've been systematically replacing CMS with JWE/JWS throughout our infrastructure and it feels great2 replies 0 retweets 0 likes -
Replying to @bascule
@bascule@sleevi_@kebesays@AlecMuffett I go for CSV, and if there's a new field conflict we sort it out with rock-paper-scissors1 reply 0 retweets 0 likes -
Replying to @mik235
@mik235@sleevi_@kebesays@AlecMuffett that particular property of JSON is definitely a LANGSEC violation...1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@sleevi_@kebesays@AlecMuffett arguing XML vs JSON vs ASN.1 is a stupid argument. They all do too much AND not enough.1 reply 0 retweets 0 likes -
Replying to @mik235
@bascule@sleevi_@kebesays@AlecMuffett but sometimes you just need to pick a winner, make it work and move on. Life's too short.2 replies 0 retweets 0 likes -
Replying to @mik235
@mik235@sleevi_@kebesays@AlecMuffett XML and ASN.1 seem to be frequently associated with remote code execution or severe parsing bugs1 reply 0 retweets 0 likes -
Replying to @bascule
@bascule@sleevi_@kebesays@AlecMuffett that's more about the code. Look at libxml2 bugs vs Chrome/Firefox bugs.2 replies 0 retweets 0 likes -
Replying to @mik235
@mik235@sleevi_@kebesays@AlecMuffett I'm sure Chrome and Firefox do a great job, but XML is everywhere and extremely dangerous2 replies 0 retweets 0 likes
@mik235 @sleevi_ @kebesays @AlecMuffett two words: SAML XXE
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.