On Dec 17, 2015, at 8:22 AM, Andromeda Yelton <[log in to unmask]> wrote:
> I strongly recommend this hilarious, terrifying PyCon talk about
> vulnerabilities in yaml, xml, and json processing:
>
> https://www.youtube.com/watch?v=kjZHjvrAS74
>
> If you process user-submitted data in these formats and don't yet know why
> you should be flatly terrified, please watch this ASAP; it's illuminating.
> If you *do* know why you should be terrified, watch it anyway and giggle
> along in knowing recognition, because the talk is really very funny.
Obviously, the sorts of things outlined in the presentation above are real, and they are really scary. Us developers need to take note: getting input from the ‘Net can be a really bad thing. —Eric Lease Morgan
|