What is the term for data leaking from one HTTP request to another and how to prevent it?


Context

We recently added a feature that used a library whose API we misunderstood. Long story short, if user A sends a request to our web application, the library caches some result, and that result may show in a response to user B’s request. Needless to say, this is a security bug, specifically, data from user A leaks to user B.

Although it is well-known that web application should be stateless, the long dependency graph of such application makes the likelihood of some downstream library (or its bad usage) accidentally leaking data between requests non-zero. I can imagine this bug is possible with a wide range of web frameworks and environments (e.g., Django, .NET, NodeJS, AWS Lambda), since they all reuse the application between request to avoid cold starts.

Questions

  1. What is the proper term for data leaking server-side between HTTP requests, due to an honest developer mistake? Terms such as session hijacking and session fixation seem to refer exclusively to malicious attacks.

  2. Are there tools and method to test for such mistakes or detect them in production?

Use Custom Post Type archive page for the taxonomies term archive page

In my wordpress theme I created a new custom post type ‘books’ with 2 taxonomies (‘series’, ‘genres’). when I visit the archive of the cpt ‘books’ (site.com/books), I list all the books.

I added a custom frontend filter to get in this archive page books by taxonomy terms by passing an argument to the url with the name of the taxonomy and the terme (like this: site.com/books/?genres=action). Like a book browser.

But wordpress is by default creating the link for my taxonomies like this (site.com/genres/action/) and i want it to be "redirected" to the books post type with the taxonomy argument (site.com/books/?genres=action).

Is it possible to achieve that ? Thank you

What’s the term for a hash sent early and plain text revealed later?

I think there is a known pattern where you post the hash of a document, e.g. on Twitter, in order to have its time registered. You could then later publish the document and have it accredited for the time of the hash.

I’m sure someone gave this procedure a name. What is that name?

I found trusted timestamping, but that is a thing for digital certificates, which do not come into play here.

Generalization of The Term “Insider Threat”

A definition of an Insider Threat in enterprises/organizations context is: "A current or former employee or business associate who has access to sensitive information or privileged accounts within the network of an organization, and who misuses this access."

I would like to know if such a threat can be generalized in a broader context so I can say that: "An Insider Threat refers to any user or entity that misuses the delegated access by taking the privilege that it is already authenticated and authorized to the system. The misuse of delegated access can be unintentional such as program flaws and failure, or intentional such as user account compromise."

Is my generalization of the term "Insider Threat" correct?

If it is not, what term is used to designate the type of threat that I defined in my generalization (2nd paragraph)?

[ Politics ] Open Question : Why would anyone vote to give Trump another term when things have gotten so much worse under him already in less than four years?

Just look at the state of the country today: Massive protests in the streets. 40 million+ people out of work. 100,000+ people dead from coronavirus. Racial relations badly strained.

Why is the term “nation state” used to refer to a government-sponsored effort in infosec, and is it accurate?

I work in infosec and as such, have read many whitepapers and been to many conference talks. I hear all the time, especially in conversation and literature about malware, the term “nation state” used to refer to a government entity or government-sponsored activity. The term “state actor” is also used.

My question is, why? According to Wikipedia:

A nation state is a state in which a great majority shares the same culture and is conscious of it. The nation state is an ideal in which cultural boundaries match up with political boundaries.1 According to one definition, “a nation state is a sovereign state of which most of its subjects are united also by factors which defined a nation such as language or common descent.” It is a more precise concept than “country”, since a country does not need to have a predominant ethnic group.

According to Merriam-Webster, the definition is:

a form of political organization under which a relatively homogeneous people inhabits a sovereign state

Is there some inherent need for the government sponsor to be primarily of one ethnic background in infosec literature? I just don’t understand why this term in particular is so frequently used, when there are many forms of states, such as a federated state, multinational state, or even more general terms such as “government” or “country,” all of whom would likely be capable of and do participate in infosec activities.

Display list of posts from taxonomy term, but display the latest post featured image

I’m trying to do a page where all posts from a custom post type list, divided by their taxonomy terms and having a big photo on top of the list (latest featured image from said term). Right now I have the following code, but it displays the wrong images (each term should show latest post’s featured image, and I’m not even sure why the images are just random, even in the wrong term):

<section id="" class="">  <?php      }     wp_reset_query();   $  tax = 'technology-category';      $  terms = get_terms( $  tax ,array(          'orderby'    => 'ID',         'order'      => 'ASC',         'hide_empty' => 0,     ));      //Loop throug each taxonomy terms,      foreach ( $  terms as $  term ) {          //Query argument for post     $  args = array(              'post_type' => 'technology', // Or Custom Post Type,              'order' => 'DESC',              'orderby' => 'date',             'taxonomy' => $  tax,             'term' => $  term->slug, // Query posts for each term based on term slug         );         $  query = new WP_Query( $  args );          $  posts = $  query->get_posts();          ?>  <div class="container-fluid tech-cat-item py-5">     <div class="container">     <div class="row align-items-center pb-3">     <div class="col-1">     <img class="img-fluid" src="<?php echo z_taxonomy_image_url($  term->term_id); ?>"> </div> <div class="col-11">     <h3><?php echo $  term->name;?></h3> </div> </div> <?php //Do query to get image?        $  ga_item = array(             'post_type' => 'technology',               'order' => 'DESC',              'orderby' => 'date',             'taxonomy' => $  tax,             'term' => $  term->slug,              'posts_per_page' => '1', //just one because only need the latest post's featured image );        $  ga_query = new WP_Query( $  ga_item );         $  ga_posts = $  query->get_posts();     if ( $  ga_query->have_posts() ) {     while ( $  ga_query->have_posts() ) { $  ga_query->the_post(); ?>     <div class="row ga-panel py-5">     <div class="col-12">         <?php          $  ga_url = get_the_post_thumbnail_url($  post->ID,'full'); ?>         <img class="img-fluid ga-img" src="<?php echo esc_url($  ga_url);?>">     </div>     </div> <?php } } wp_reset_query(); ?>     <div class="row">         <?php          if ( $  posts ) {          foreach ( $  posts as $  post ) { ?>              <div class="col-4 ga-links">                 <a href="<?php the_permalink( $  post->ID ); ?>" data-swap="<?php echo esc_url($  ga_url);?>" > <?php echo $  post->post_title; ?></a>             </div>          <?php                     }         }        ?> </div> </div> </div>   <?php  }  wp_reset_query(); ?>                      </section> 

Advantage of saving term translations with polylang?

Ok, so I’m trying to automate the generation of posts and custom taxonomies in different languages, and it’s all working.

What I did (summary):

  • create posts with wp_insert_post()
  • set language of posts with pll_set_post_language(), for each
  • associate respective post translations with pll_save_post_translations()
  • create taxonomy terms with wp_insert_term()
  • set language of terms with pll_set_term_language(), for each
  • Associate custom taxonomy terms to custom post types with wp_set_object_terms(), for each

I completely see the use of these six functions.

Now, what I wonder is: What would be the advantage of additionally associating taxonomy term translations with pll_save_term_translations()? Given that, when you switch the website’s language, the posts will be displayed in the according language, with this also comes the switch of their taxonomy terms to the corresponding language, simply because it’s another post. So, in this case, what’s the benefit of using pll_save_term_translations()? I only see benefits in associating translated taxonomy terms with each other if you want to display their name separately and indepently from other wordpress objects which carry them language – specifically, such as posts. Is that the sense of it, or am I missing something, and pll_save_term_translations() is indeed mandatory for what I want to do? (which is programmatically prepare posts and their taxonomies, such that a post gets always displayed with its taxonomy terms in the right language, which is currently chosen by the language switcher)

What is the origin of the term ‘quantum ogre’?

As I understand it, a ‘quantum ogre’ is a piece of game content that the party will be unable to avoid encountering. It’s a way of saving on prep time for the game master but that subtly removes player agency.

For example: when the party comes to a fork in the road, will they go left or right? This provides the players with the illusion that there is a meaningful choice to be made. However, the reality is that, whichever direction the party chooses the game master will decide that the ogre is (and has effectively always been) lying in wait on that path.

How long has the term ‘quantum ogre’ been in use and from where did it originate?