close
  • chevron_right

    Microsoft finds TikTok vulnerability that allowed one-click account compromises

    news.movim.eu / ArsTechnica · Thursday, 1 September - 00:15

Microsoft finds TikTok vulnerability that allowed one-click account compromises

Enlarge (credit: Getty Images)

Microsoft said on Wednesday that it recently identified a vulnerability in TikTok's Android app that could allow attackers to hijack accounts when users did nothing more than click on a single errant link. The software maker said it notified TikTok of the vulnerability in February and that the China-based social media company has since fixed the flaw, which is tracked as CVE-2022-28799.

The vulnerability resided in how the app verified what's known as deeplinks, which are Android-specific hyperlinks for accessing individual components within a mobile app. Deeplinks must be declared in an app's manifest for use outside of the app so, for example, someone who clicks on a TikTok link in a browser has the content automatically opened in the TikTok app.

An app can also cryptographically declare the validity of a URL domain. TikTok on Android, for instance, declares the domain m.tiktok.com. Normally, the TikTok app will allow content from tiktok.com to be loaded into its WebView component but forbid WebView from loading content from other domains.

Read 4 remaining paragraphs | Comments

  • Wa chevron_right

    Laravel Jetstream and OpenLDAP

    pubsub.slavino.sk / warlord0blog · Saturday, 21 May - 12:53 edit

It’s been a very long time since I did anything with Laravel. I found another job around the time of Laravel 6, and today they are up to Laravel 9 – much has changed. I was keen to look at using Laravel with LDAP both for authentication and management. Building the App First, I had &ellipsisRead the full post »

Značky: #Laravel, #php, #tailwindcss, #JavaScript, #Linux, #LdapRecord, #Web

  • In chevron_right

    Deno 1.21 improves REPL, error handling

    pubsub.slavino.sk / infoworldcom · Thursday, 28 April - 19:17 edit

Deno 1.21 has been released. This latest upgrade to the JavaScript/TypeScript runtime features improvements to the REPL (read-evaluate-print loop) and a move away from default type-checking.

The Deno REPL is a tool for prototyping and trying out new things. With Deno 1.21, an -–eval-file flag can be used with the deno repl subcommand. This flag allows for passing of a list of paths or URLs to files that will be executed before the REPL starts and is useful for building custom, specialized REPLs. Also, type checking has been disabled for imported modules in the REPL, leading to faster imports. And the REPL now has a global clear() function that acts as an alias for console.clear . This aligns with what is found in REPLs in many browsers, Deno’s developers said.

To read this article in full, please click here


Značky: #JavaScript, #Node.js, #Rozne

  • In chevron_right

    The JavaScript language features roundup

    pubsub.slavino.sk / infoworldcom · Thursday, 28 April - 10:00 edit

The JavaScript language specification, also known as ECMAScript or ES, is a living document, modified every year in response to evolving needs. While JavaScript started as a scripting language, the ECMAScript specification overview notes that the language “is now used for the full spectrum of programming tasks in many different environments and scales." Because of this, JavaScript is better understood as a fully featured general-purpose programming language.

With the upcoming ECMAScript 2022 release just around the corner, let's take a look at the new JavaScript language features introduced in ECMAScript 2021.

[ Also on InfoWorld: Builder CEO: Where JavaScript is headed is super interesting ]

String.prototype.replaceAll

The replaceAll() method takes a string or regular expression, called the pattern , as its first argument. The second argument is the pattern's replacement . Given the first and second argument, replaceAll() returns a new string that will be the source string with all instances of the pattern swapped for the replacement. The source string is not affected.

To read this article in full, please click here


Značky: #Rozne, #JavaScript

  • In chevron_right

    Go serverless with Vercel, SvelteKit, and MongoDB

    pubsub.slavino.sk / infoworldcom · Thursday, 21 April - 10:00 edit

The cloud continues to evolve toward higher orders of abstraction. Automated deployment and hosting platforms, front-end frameworks, and back-end databases are increasingly powerful and sophisticated, and integrating them is easier than ever. This article shows you how to integrate Vercel , SvelteKit , and MongoDB for full-stack serverless development. Each of these technologies leads in its own domain. By using them together, developers can achieve impressive capabilities with a modest amount of work.

To read this article in full, please click here


Značky: #Rozne, #JavaScript

  • chevron_right

    Sabotage: Code added to popular NPM package wiped files in Russia and Belarus

    news.movim.eu / ArsTechnica · Friday, 18 March, 2022 - 18:31

Sabotage: Code added to popular NPM package wiped files in Russia and Belarus

Enlarge (credit: Getty Images)

The developer of a popular open source package has been caught adding malicious code to that package, which wiped files from computers located in Russia and Belarus, in a protest that has enraged many users and raised concerns about the safety of free and open source software.

The application, node.ipc, adds remote Inter Process Communication and neural networking capabilities to other open source code libraries. As a dependency, node.js is automatically downloaded and incorporated into other libraries, including ones like Vue.js CLI, which has more than 1 million weekly downloads.

A deliberate and dangerous act

Two weeks ago, the node.ipc author pushed a new version of the library that sabotaged computers located in Russia and Belarus, the countries invading Ukraine and providing support for the invasion, respectively. The new release added a function that checked the IP address of developers who used the node.ipc in their own projects. When an IP address geolocated to either Russia or Belarus, the new version wiped files from the machine and replaced it with a heart emoji.

Read 17 remaining paragraphs | Comments

index?i=HjHp359JVhY:Mp31rx5bViQ:V_sGLiPBpWUindex?i=HjHp359JVhY:Mp31rx5bViQ:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • In chevron_right

    Deno gets faster Rust calls

    pubsub.slavino.sk / infoworldcom · Friday, 18 March, 2022 - 10:00 edit

Faster calls into Rust are highlighted in the latest version of the Deno secure JavaScript/TypeScript runtime , improving performance.

The Rust enhancement pertains to communication between the Google V8 JavaScript engine leveraged by Deno and the rest of the runtime, which was written in the Rust language . With Deno 1.20, announced March 17, proponents have optimized the communication layer to be as much as 60% quicker, leveraging Rust procedural macros to generate optimized bindings for V8 from existing Rust code. The macro optimizes away deserialization of unused arguments, speeds up metric collection, and provides a base for future integration with the V8 Fast API to further boost performance between JavaScript and Rust.

To read this article in full, please click here


Značky: #Rust, #JavaScript, #Rozne

  • In chevron_right

    Vercel CEO: Deployment should be instantaneous

    pubsub.slavino.sk / infoworldcom · Thursday, 17 March, 2022 - 10:00 edit

Guillermo Rauch is the CEO and founder of Vercel , a cloud infrastructure company that offers advanced deployment capabilities for front-end JavaScript, edge, and serverless functions. Vercel is a kind of new layer on top of cloud platforms that automates a lot of the application deployment work that used to be done by hand (most of which fell under the “devops” heading).

Rauch is a longtime contributor to open source JavaScript, having also created MooTools and Mongoose . I got a chance to talk to him about some of the ground Vercel is breaking, including simplifying infrastructure and streamlining workflows for developers. Rauch also shared his insights into running a successful startup and how to approach funding.

To read this article in full, please click here


Značky: #JavaScript, #Rozne