This Week In Security: Npm Timing Leak, Siemens Universal Key, And PHP In PNG
First up is some clever wizardry from the [Aqua Nautilus] research team, who discovered a timing attack that leaks information about private npm packages. The setup is this, npm hosts both public a…