Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
ioc.exchange is one of the many independent Mastodon servers you can use to participate in the fediverse.
INDICATORS OF COMPROMISE (IOC) InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

Administered by:

Server stats:

1.2K
active users

ioc.exchange: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.9

#rust

320 posts261 participants38 posts today
Curated Hacker News<p>Rust in Android: move fast and fix things</p><p><a href="https://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security.googleblog.com/2025/1</span><span class="invisible">1/rust-in-android-move-fast-fix-things.html</span></a></p><p><a href="https://mastodon.social/tags/android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>android</span></a> <a href="https://mastodon.social/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rust</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Zack Weinberg<p>I feel like a whole bunch of <a href="https://masto.hackers.town/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rust</span></a>'s syntactic awkwardnesses would have been avoided if it had originally been designed with Lisp-1 rather than Lisp-several namespace rules.</p>
OTX Bot<p>New Phishing Campaign Uses Email Spoofing to Steal Login Credentials</p><p>Spoofs email delivery notices to mimic legitimate internal spam-filter alerts<br>exploiting trust in an organization’s security systems.</p><p>Pulse ID: 691629b38b076dcba9b71498<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/691629b38b076dcba9b71498" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/69162</span><span class="invisible">9b38b076dcba9b71498</span></a> <br>Pulse Author: cryptocti<br>Created: 2025-11-13 18:55:47</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Email</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Mimic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mimic</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rust</span></a> <a href="https://social.raytec.co/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptocti</span></a></p>
nullagent<p>I've coded in C / C++ / Java / Python / JS and anything else needed to get the job done.</p><p>I have never heard any group of devs so quickly dismiss security concerns about their ecosystem as rapidly as Rust devs.</p><p>YES the language IS type safe and that's a big value add.</p><p>But that value add can quickly be cancelled out without significant attention to detail.</p><p>The EXACT same attention to detail I code with in C / C++ / Java / Python / JS etc.</p><p>This time, is not different.</p><p><a href="https://partyon.xyz/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rust</span></a></p>
Continued thread
Public
nullagent

So what were my cautions about Rust?

1. Be careful re-writing old stuff. You will repeat all the 30yr old logic bugs bc Rust is memory safe NOT provable correct.

2. Ppl-power. Lots of rewrites IS dividing our ppl-power. Be mindful of unmaintained core components

3. Vibe coded Rust is just as dangerous as any other language

4. Rust still can be used in memory unsafe ways. You actually have to audit the code to know if they did Rust right.

#Rust
Public *
nullagent

Was just going on a grey-beard rant about how Rust give developers a false sense of security.

I didn't even notice the TARMageddon vulnerability until now and well this grey beard really only can say "told you so".

This is -precisely- the class of bugs I was describing, and -exactly- due to the reasons I outlined.

The blast radius of this thing is also freaking epic, almost anything that used tar in Rust is vulnerable to possible RCEs lmao.

edera.dev/stories/tarmageddon

EderaTARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source AbandonwareEdera uncovers TARmageddon (CVE-2025-62518), a Rust async-tar RCE flaw exposing the real dangers of open-source abandonware and supply chain security.
#Rust#Cybersecurity#tar
Public
AA

" Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in new code quickly yields durable and compounding gains. This year we look at how this approach isn’t just fixing things, but helping us move faster."

Google: Rust in Android: move fast and fix things security.googleblog.com/2025/1 #Google #Rust #Android

@mttaggart

Google Online Security BlogRust in Android: move fast and fix thingsPosted by Jeff Vander Stoep, Android Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in ...
Public
PostgreSQL
Think. Update. Automate — PostgreSQL with Rust (Part 2) 💡 What if your database could think for itself? In Level 3 – Part 2 of PostgreSQL with Rust, the database is no longer passive — it ...

#rust #postgres #triggers #techn0tz

Origin | Interest | Match
DEV CommunityThink. Update. Automate — PostgreSQL with Rust (Part 2)In Level 3 – Part 2 of PostgreSQL with Rust, the Teacher Assistant App database now reacts instantly through automation and triggers.
ExploreLive feeds
About