Application Security This Week for August 12

Interesting idea – introducing bugs to make software more difficult to attackers to navigate.  Seems risky to me; I would rather see self-reporting software.

https://arxiv.org/pdf/1808.00659.pdf

Cloudflare has a really really good writeup on TLS 1.3.

https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/

Questionably ethical hacker steals credentials from the Homebrew repo and makes a commit.

https://medium.com/@vesirin/how-i-gained-commit-access-to-homebrew-in-30-minutes-2ae314df03ab

Viral tweet thread on the “voatz” software that WVa is planning on using for midterm elections. Vulnerabilityapalooza.

https://twitter.com/GossiTheDog/status/1026603800365330432

Portswigger posted a nice primer on cache poisoning.

https://portswigger.net/blog/practical-web-cache-poisoning