Backdoor discovered in Ruby "strong password" library, takes your "strong passwords" and uploads them into a pastebin

Hi, do you believe me when I say we need ocap security yet


@cwebber You definitely make me think I should read up on ocap.

@liw Here's a good start:

Imagine if instead of (solitaire) running with your full authority, you passed in the authority you need, eg (solitaire get-input write-to-screen read-write-score-file)

Instead of solitaire being able to exfiltrate your private keys and cryptolocker your data, now solitaire doesn't even have network and general file access (only to the one file), you simply didn't pass access to it.

Lambda is your new security model now.

@cwebber Thanks, saved to my already long list of important things to read. At least that's not a 600-page textbook on software architecture.

@phoe @cwebber @liw pledge is kind of a self-imposed ocap, but that helps too.
Sign in to participate in the conversation

Lars and friends