Let’s take a look at Devskim. Microsoft owned Devskim was released almost unnoticed to the public amid-december 2016.
The idea behing DevSkim is to help developers spot code errors that could be a security problem. It flags “potentially dangerous calls”, and “gives in-context advice” about how to fix them.
Take for instance, if a developer defined MD5 as a hash, DevSkim would show a pop-up telling the user they're making a critical error, and suggest they change SHA-256 or SHA-512.
Microsoft's also been crafting plug-ins to add DevSkim to various development environments. Since DevSkim first landed, it's dropped repos for Visual Studio 2015 (on Windows 7 or later), Sublime Text (Windows, Mac OS and Linux), and VS Code (Windows, Mac OS and Linux).
A penguin PA
If you want to run a nothing-like-Siri personal assistant from the Linux command line, right? Right. So if you want to type “Hotels in Chicago” at the CLI rather than in Google – and have the CLI open a suitable Google Maps page for you – That is Jarvis.
The video above tells all you need to know, and in the interests of authenticity, developer Sukeesh even retains his typos.
Brick your USB
In the best traditions of CIA-style up-close-and-personal human intelligence, some of the hacks pushed out in Wikileaks' latest press release depended on physical access: to make them work you needed to get at the USB port, for instance.
Robert Fisk has a contribution to the problem. While his “firewall for USB” won't help if you're being hit with a spanner, it could save you from a device that's got malware on it while it's still bubble-wrapped.
The project is called "USG" and is simple enough: a USB device plugs into and gets scanned for stuff like BadUSB. If you don't want to buy Fisk's hardware (NZ$80, US$60 or AU$74), there are DIY instructions for working with Olimex development boards.
As he notes in the technical discussion here, some of his functionality is still under active development.
As always, feel free to bring interesting repositories to our attention, be they useful, amusing or just plain evil.
You may also be interested in 2016 Cyber-Security Lessons
No comments:
Post a Comment