The Weekly Accountability 6

Security

News

• A path traversal vulnerability has been identified in the Arcadyan firmware which is used by millions of routers from popular ISPs and manufacturers worldwide. It is tracked as CVE-2021-20090. Source
• Multiple vulnerabilities which allow an unauthenticated users to gain control of the systems via the Internet and steal the credentials of the users were found in Swisslog Healthcare’s pneumatic tube system which is used by thousands of hospitals worldwide. Source

Write Ups

• The author shares an analysis of Keepa, an Amazon price tracker. It’s an interesting read and made me uninstall the extension. Source
• An analysis of Steam’s login method which uses a RSA key encryption on top of HTTPS. Source
• An interview with BlackMatter: A new ransomware group that’s learning from the mistakes of DarkSide and REvil. Source
• A funny and realistic take on how security in real world is different from all the movies and TV shows. Source

Engineering

Write Ups

• Philip Zimmerman’s reasoning behind writing PGP. Source
• Zerodha’s CTO shares lessons learned from scaling Zerodha. For context, they were handling 2+ million trades in January 2020, it grew to 7+ million in April 2020 and it is 12+ million now. Source
• MDN’s write up on how their docs autocomplete works with implementation details. Source
• An interview with Tam Adams, the single developer of Dwarf Fortress, a popular game about his experiences from creating a complex system from scratch and, developing and maintaining a large codebase as a single person. Source
• Microsoft’s blog on spotting brand impersonation using Siamese Neural Networks. Source
• A primer on interesting mathematical functions and their use cases in system design. Source

Tools

• Systemizer - A tool for representing system design
• A (very confusing) Distributed Consensus Visualiser
• DataHen Till is a standalone tool that makes your existing web scraper scalable, maintainable, and more unblockable, with minimal code changes on your scraper
• Growthbook: The Open Source A/B Testing Platform

Technology

News

• SenpAI is a new company that aims to help gamers get better by providing real time inputs, feedback and a lot of game information and suggestions. Source
• Apple is releasing a new tool to scan images that are uploaded to iCloud for Child Sexual Abuse Material before being uploaded. It has faced extreme opposition from security and privacy experts. Source