Gwern visits BAIR – Yuxi on the Wired
Gwern’s lunchtime visit to the Berkeley AI Research (BAIR).
Unexpected security footguns in Go's parsers
blog.trailofbits.comFile parsers in Go contain unexpected behaviors that can lead to serious security vulnerabilities. This post examines how JSON, XML, and YAML parsers in Go handle edge cases in ways that have repeatedly resulted in high-impact security issues in production systems. We explore three real-world attack scenarios: marshaling/unmarshaling unexpected data, exploiting parser differentials, and leveraging data format confusion. Through examples, we demonstrate how attackers can bypass authentication, circumvent authorization controls, and exfiltrate sensitive data by exploiting these parser behaviors.
Bookmarks
Design [Aresluna] The hardest working font in Manhattan [Matthew Ström] How to generate color palettes for design systems [Scott Smitelli] Et tu, Panera? ...