aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Duncan <pabs@pablotron.org>2022-06-08 18:05:05 -0400
committerPaul Duncan <pabs@pablotron.org>2022-06-08 18:05:05 -0400
commit6a08bb4c6d4dcc4da5f9a2ca7a5a35d84d218734 (patch)
treed20a50fbc68113318e32019700d5541b53fb1d0b
parentb7c6be69d5d1bef40ac0e4b469a3b51ef926c630 (diff)
downloadpablotron.org-6a08bb4c6d4dcc4da5f9a2ca7a5a35d84d218734.tar.bz2
pablotron.org-6a08bb4c6d4dcc4da5f9a2ca7a5a35d84d218734.zip
TODO.md: add ideas
-rw-r--r--TODO.md7
1 files changed, 7 insertions, 0 deletions
diff --git a/TODO.md b/TODO.md
index 8a29649..08e1022 100644
--- a/TODO.md
+++ b/TODO.md
@@ -73,6 +73,7 @@ this stuff may not make any sense.
https://thecorrespondent.com/655/blockchain-the-amazing-solution-for-almost-nothing/86714927310-8f431cae (not great technically)
https://www.usenix.org/publications/loginonline/web3-fraud
https://web3isgoinggreat.com/
+ https://www.schneier.com/blog/archives/2022/04/de-anonymizing-bitcoin.html
* syzkaller/syzbot:
https://www.youtube.com/watch?v=YwX4UyXnhz0
* bpf:
@@ -147,7 +148,13 @@ this stuff may not make any sense.
- organizational namespacing
- signing and/or global subdb
- declarative install
+ - typosquatting (see sqo vulns from may email)
+ - starsquatting (requests, phpass): https://medium.com/checkmarx-security/typosquatting-attack-on-requests-one-of-the-most-popular-python-packages-3b0a329a892d
- ref: https://kerkour.com/rust-crate-backdoor
+ - (related, semver is garbage)
+ <https://www.linode.com/blog/security/linode-security-digest-rubygems-and-rsyslogs-vulnerabilities/>
+ - (problems w/ go modules)
+* radare2, ghidra
## done
* add project folders