telemetry
2 posts
Article
DuckDB trusts persisted blocks attackers control
DuckDB runs in-process as a C++ library. Its immutability and checksum assumptions create a quiet memory-corruption surface that host EDR never sees.
Article
Heartbleed was a C bug, not a web bug
CVE-2014-0160 was an out-of-bounds read in OpenSSL C, not a JavaScript flaw. The real mechanism, the network-only telemetry gap, and what survived the patch.