Building pymssql (FreeTDS) for Lambda

As I discussed in a previous post, connecting to MSSQL with Python in Lambda can be tricky. While I had solved this earlier with pyodbc, using pymssql / FreeTDS is an another option and I wanted to similarly share the build process for creating its respective Lambda layer. Here’s the multi-stage Dockerfile: FROM public.ecr.aws/lambda/python:3.9 as …

Event-Driven Access to My Home After a Run

I always run with my phone on me, so accessing my home afterward has been convenient since installing MyQ W-Fi connected garage doors several years ago. No need to remember to carry a separate house key anymore and getting into my house is (usually) an app launch away. It has worked great, until one day …

Mystery Timeouts with MS Graph API Webhook Subscriptions and AWS API Gateway

Microsoft Graph API supports a Subscription Resource type that manages their webhook implementation for delivering change notifications to clients. Subscriptions are enabled for several resources, including Outlook messages — this was a perfect fit for my need to manage incoming messages to a shared inbox in O365. At a high-level, an implementation looks like this: …

A Closer Look at Recent HTTP/2 Vulnerabilities Affecting K8s and Other Implementations

A couple of weeks ago, Netflix disclosed a number of resource exhaustion vulnerabilities (identified by Jonathan Looney) present in many third party HTTP/2 implementations. Notably, this directly affected h2 endpoints in Kubernetes (GoLang libraries net/http, x/net/http2) as well as other projects like nginx. Yes, it even has a logo. Though DoS weaknesses usually aren’t particularly …

Compromising OpenDrive’s Cloud Storage Accounts – Or How Not to Design Session Management

While recently comparing cloud storage solutions, I was surprised to learn there are still companies offering unlimited storage plans. OpenDrive is one such company — not to be confused with the OpenDRIVE format specification — offering unlimited options for personal, business, and enterprise customers. In addition to traditional cloud storage, they also offer backup and content …

Persistent XSS in PNC’s Secure Email System

PNC is a large financial services company with operations in both consumer and corporate sectors, predominantly located in the eastern and central United States. While making some account changes with them a few months ago, I had to exchange numerous sensitive documents with various employees within the organization. While most of the process was pretty …