Firdaus Safari

Vulnerabilities in Dependencies - A Lesson from 4Chan Case Study: The 4Chan Security Breach The Neglect 4Chan had not updated its project dependencies since 2009. The Vulnerability One specific dependency was publicly known to have multiple critical vulnerabilities: Ghostscript.  Ghostscript Vulnerability Reports (Snyk) Attack Vectors: Local File Inclusion (LFI): The system processed PDF files without verifying if the uploaded file was actually a PDF. Remote Code Execution (RCE): After a successful injection, attackers could run malicious scripts directly on the server. The Wake-Up Call This event serves as a modern reminder of the critical importance of keeping dependencies up to date. Dependencies Audit & Status These are some of the dependencies commonly used. mPDF (Fixed) Vulnerability: Deserialization of untrusted data (similar to the 4Chan/Ghostscript exploit). Risk: Affects all versions lower than 7.1.8. aws/aws-sdk-php (Fixed) Path Traversal Affects versions lower t...

Sebagai leader, jangan sesekali assume orang lain faham komunikasi kita. Kita boleh cakap pasal performance , tapi tak semua orang tahu context perbualan. Orang lain mungkin assume perbualan performance tu pasal kereta instead of application .  Bahaya salah komunikasi dengan teammates, boleh rosak project. Aku dah senarai ciri-ciri komunikasi yang berkesan di bawah: Jelasan Pastikan objektif tercapai. Gunakan konsep MRT (Measurable, Realistic, Timebound). Lengkap Gunakan formula 5W1H (Why, When, Where, Who, What, How). Contoh: "Tolong buat report tentang umur pengguna sistem A dari tarikh B ke C, dalam bentuk excel, submit by Isnin pukul 4. Data ni nak guna untuk marketing ke pengguna." Ringkas Jangan terlalu panjang; elakkan ayat berbunga. Straight to the point. Kukuh & Konkrit Berdasarkan bukti atau data yang spesifik (bukan general). Contoh Teruk: "Ramai kata sistem slow." Contoh Baik: "17 user dari Semenanjung dah komen yang sistem slow pada puku...