-
Security, privacy and resilience are very important topics for the Web of Things. We need to build upon best practices for the underlying protocols and for end to end systems. Some of the consideratio…
-
symmetric key authentication using sha256. Required to use NIST to provide NTP time at the moment (they don't do NTS)
-
https://bellard.org/jslinux/ - yes curl works. Need to re-package so WASM GPU LLM can talk to jslinux all browser side.
100% should run in the browser.
If you want CodeInterpereter parity it sho…
-
Vulnerable Library - bootstrap-3.3.7.min.js
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/lib…
-
Since comin can update it's own configuration from a git repository, trust in the repository seems absolute and a compromise of the forge could lead to a compromise of the machine.
Requiring the la…
-
TLS 1.1 is not secure. Please drop support for it. Continued support exposes us all to the risk of a downgrade attack (i.e. a hacker might be able to force someone, who would otherwise use TLS 1.2, us…
-
TFLint installed with this action has not been verified for checksums/signatures. This action is typically performed on the GitHub infrastructure, and binaries are distributed under the organization w…
-
Your plugin hardcodes the table name for the wp_users table. Since most security standards suggest changing your default table prefix to avoid injection attacks, this should be a configurable option. …
-
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
Please …
-
Would you consider adding blind signing capabilities as mentioned in the paper (from the readme). A nice & concise overview here https://crypto.stackexchange.com/a/12832/10693