PyPI’s Quarantine, Phishing & Awareness, Porting Fishshell to Rust, Cyber Trust Mark – ASW #313
Design lessons from PyPI's Quarantine capability, effective ways for appsec to approach phishing, why fishshell is moving to Rust component by component (and why that's a good thing!), what behaviors the Cyber Trust Mark might influence, and more!
Hosts
- 1. Project Quarantine – The Python Package Index Blog
Lessons in security by design from implementing defenses again malware on the PyPI repo.
- 2. Top 10 web hacking techniques of 2024: nominations open | PortSwigger Research
Nominations are about to close and voting to begin this week!
We covered a few from last year. Two of my favorites were HTTP parsing inconsistencies and PHP filter chains.
Looking back at the list from 2015, we haven't come too far from web timing, SSRF, XXE, and XSS -- just (thankfully!) a lot less Flash.
- 3. A Day in the Life of a Prolific Voice Phishing Crew – Krebs on Security
An appsec look at phishing, specifically about how product features can be abused. It's also a chance for us to talk about poor security awareness that's focused on jargon vs. helpful education that improves how they use and configure their devices and accounts.
- 4. Consumer products to get ‘Cyber Trust’ marks in 2025, White House says
- 1. Fish 4.0: The Fish Of Theseus
A year has gone by - and recently the Fish shell team released Fish 4.0 - the first release of the shell after porting it to Rust from C++. As this was on my list last year of things to keep tabs on, I was excited to find their blog post detailing the process, the hits and the misses.
