deploy: c8738c5

en/sitemap.xml

@@ -1 +1 @@
-<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xhtml="http://www.w3.org/1999/xhtml"><url><loc>https://appsec.space/</loc><lastmod>2024-03-31T08:19:06+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/"/></url><url><loc>https://appsec.space/tags/backdoor/</loc><lastmod>2024-03-31T08:19:06+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/cve-2024-3094/</loc><lastmod>2024-03-31T08:19:06+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/liblzma/</loc><lastmod>2024-03-31T08:19:06+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/posts/</loc><lastmod>2024-03-31T08:19:06+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/posts/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/posts/"/></url><url><loc>https://appsec.space/tags/security-engineering/</loc><lastmod>2024-03-31T08:19:06+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/supply-chain/</loc><lastmod>2024-03-31T08:19:06+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/</loc><lastmod>2024-03-31T08:19:06+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/tags/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/tags/"/></url><url><loc>https://appsec.space/posts/xz-backdoor/</loc><lastmod>2024-03-31T08:19:06+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/xz/</loc><lastmod>2024-03-31T08:19:06+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/categories/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/categories/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/categories/"/></url><url><loc>https://appsec.space/categories/general-knowledge/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/categories/general-knowledge/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/categories/general-knowledge/"/></url><url><loc>https://appsec.space/tags/infosec/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/tags/infosec/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/tags/infosec/"/></url><url><loc>https://appsec.space/tags/rants/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/tags/rants/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/tags/rants/"/></url><url><loc>https://appsec.space/tags/security-theatre/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/tags/security-theatre/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/tags/security-theatre/"/></url><url><loc>https://appsec.space/posts/security-theatre/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/posts/security-theatre/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/posts/security-theatre/"/></url><url><loc>https://appsec.space/categories/blog-news/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/posts/long-time-no-see/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/posts/long-time-no-see/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/posts/long-time-no-see/"/></url><url><loc>https://appsec.space/tags/updates/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/tags/updates/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/tags/updates/"/></url><url><loc>https://appsec.space/tags/ai/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/code-review/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/posts/mycroft-ai-rce/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/vocal-assistant/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/categories/vulnerability-research/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/writeup/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/about/</loc><lastmod>2023-03-21T22:11:59+01:00</lastmod><changefreq>weekly</changefreq><priority>0.5</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/about/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/about/"/></url></urlset>
+<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:xhtml="http://www.w3.org/1999/xhtml"><url><loc>https://appsec.space/</loc><lastmod>2024-03-31T08:30:01+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/"/></url><url><loc>https://appsec.space/tags/backdoor/</loc><lastmod>2024-03-31T08:30:01+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/cve-2024-3094/</loc><lastmod>2024-03-31T08:30:01+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/liblzma/</loc><lastmod>2024-03-31T08:30:01+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/posts/</loc><lastmod>2024-03-31T08:30:01+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/posts/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/posts/"/></url><url><loc>https://appsec.space/tags/security-engineering/</loc><lastmod>2024-03-31T08:30:01+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/supply-chain/</loc><lastmod>2024-03-31T08:30:01+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/</loc><lastmod>2024-03-31T08:30:01+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/tags/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/tags/"/></url><url><loc>https://appsec.space/posts/xz-backdoor/</loc><lastmod>2024-03-31T08:30:01+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/xz/</loc><lastmod>2024-03-31T08:30:01+02:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/categories/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/categories/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/categories/"/></url><url><loc>https://appsec.space/categories/general-knowledge/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/categories/general-knowledge/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/categories/general-knowledge/"/></url><url><loc>https://appsec.space/tags/infosec/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/tags/infosec/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/tags/infosec/"/></url><url><loc>https://appsec.space/tags/rants/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/tags/rants/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/tags/rants/"/></url><url><loc>https://appsec.space/tags/security-theatre/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/tags/security-theatre/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/tags/security-theatre/"/></url><url><loc>https://appsec.space/posts/security-theatre/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/posts/security-theatre/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/posts/security-theatre/"/></url><url><loc>https://appsec.space/categories/blog-news/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/posts/long-time-no-see/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/posts/long-time-no-see/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/posts/long-time-no-see/"/></url><url><loc>https://appsec.space/tags/updates/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/tags/updates/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/tags/updates/"/></url><url><loc>https://appsec.space/tags/ai/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/code-review/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/posts/mycroft-ai-rce/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/vocal-assistant/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/categories/vulnerability-research/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/tags/writeup/</loc><lastmod>2024-03-30T22:00:02+01:00</lastmod><changefreq>weekly</changefreq><priority>1</priority></url><url><loc>https://appsec.space/about/</loc><lastmod>2023-03-21T22:11:59+01:00</lastmod><changefreq>weekly</changefreq><priority>0.5</priority><xhtml:link rel="alternate" hreflang="it" href="https://appsec.space/it/about/"/><xhtml:link rel="alternate" hreflang="en" href="https://appsec.space/about/"/></url></urlset>

index.xml

@@ -23,7 +23,7 @@ As soon as I will find a complete analysis on that matter I will link it.</p>
         </div>
     </div>
 <ul>
-<li><strong>Apr 2022</strong>:
+<li><strong>2023</strong>:
 <ul>
 <li>A new maintainer shows up in the <code>xz</code> project.</li>
 </ul>
@@ -140,6 +140,8 @@ And also are less likely to be completely abandoned.</p>
     <a href="#resources" class="header-mark"></a>5 Resources</h2><ul>
 <li>OSS-Security List: <a href="https://www.openwall.com/lists/oss-security/2024/03/29/4" target="_blank" rel="noopener noreferrer">https://www.openwall.com/lists/oss-security/2024/03/29/4</a></li>
 <li>Comprehensive timeline: <a href="https://boehs.org/node/everything-i-know-about-the-xz-backdoor" target="_blank" rel="noopener noreferrer">https://boehs.org/node/everything-i-know-about-the-xz-backdoor</a></li>
+<li>Compromise link roundup: <a href="https://shellsharks.com/xz-compromise-link-roundup#title" target="_blank" rel="noopener noreferrer">https://shellsharks.com/xz-compromise-link-roundup#title</a></li>
+<li>Obfuscatio Analysis: <a href="https://gynvael.coldwind.pl/?lang=en&amp;id=782" target="_blank" rel="noopener noreferrer">https://gynvael.coldwind.pl/?lang=en&id=782</a></li>
 </ul>]]></description></item><item><title>Security Theatre? More like Security Circus</title><link>https://appsec.space/posts/security-theatre/</link><pubDate>Mon, 13 Feb 2023 20:20:00 +0100</pubDate><author><name>himazawa</name></author><guid>https://appsec.space/posts/security-theatre/</guid><description><![CDATA[<div class="featured-image">
                 <img src="/posts/security-theatre/cargocult.jpg" referrerpolicy="no-referrer">
             </div><p>I have seen many companies invest significant time and resources into security measures that have little to no actual effect on security. This is commonly referred to as &ldquo;security theater&rdquo;.</p>

posts/index.xml

@@ -23,7 +23,7 @@ As soon as I will find a complete analysis on that matter I will link it.</p>
         </div>
     </div>
 <ul>
-<li><strong>Apr 2022</strong>:
+<li><strong>2023</strong>:
 <ul>
 <li>A new maintainer shows up in the <code>xz</code> project.</li>
 </ul>
@@ -140,6 +140,8 @@ And also are less likely to be completely abandoned.</p>
     <a href="#resources" class="header-mark"></a>5 Resources</h2><ul>
 <li>OSS-Security List: <a href="https://www.openwall.com/lists/oss-security/2024/03/29/4" target="_blank" rel="noopener noreferrer">https://www.openwall.com/lists/oss-security/2024/03/29/4</a></li>
 <li>Comprehensive timeline: <a href="https://boehs.org/node/everything-i-know-about-the-xz-backdoor" target="_blank" rel="noopener noreferrer">https://boehs.org/node/everything-i-know-about-the-xz-backdoor</a></li>
+<li>Compromise link roundup: <a href="https://shellsharks.com/xz-compromise-link-roundup#title" target="_blank" rel="noopener noreferrer">https://shellsharks.com/xz-compromise-link-roundup#title</a></li>
+<li>Obfuscatio Analysis: <a href="https://gynvael.coldwind.pl/?lang=en&amp;id=782" target="_blank" rel="noopener noreferrer">https://gynvael.coldwind.pl/?lang=en&id=782</a></li>
 </ul>]]></description></item><item><title>Getting "Zero Click" Remote Code Execution in Mycroft AI vocal assistant</title><link>https://appsec.space/posts/mycroft-ai-rce/</link><pubDate>Sun, 10 Jun 2018 20:59:09 +0200</pubDate><author><name>himazawa</name></author><guid>https://appsec.space/posts/mycroft-ai-rce/</guid><description><![CDATA[<div class="featured-image">
                 <img src="/posts/mycroft-ai-rce/mycroft.png" referrerpolicy="no-referrer">
             </div><h2 id="introduction" class="headerLink">