Broadcasts.com - "PDF Exploits, GPGME Making Mistakes EZ and Favicon Tracking" (Day[0])

Published: Feb. 23, 2021, 11 p.m.

A couple privacy violations, PDF exploits, and a complicated API being misused by developers.

\n[00:00:48] Brave browser leaks onion addresses in DNS traffic
\n

\n[00:07:05] Tales of Favicons and Caches: Persistent Tracking in Modern Browsers
\n

https://www.ndss-symposium.org/ndss-paper/tales-of-favicons-and-caches-persistent-tracking-in-modern-browsers/

\n[00:18:12] Shadow Attacks: Hiding and Replacing Content in Signed PDFs
\n

https://www.ndss-symposium.org/ndss-paper/shadow-attacks-hiding-and-replacing-content-in-signed-pdfs/

\n[00:28:20] Getting Information Disclosure in Adobe Reader Through the ID Tag
\n

https://www.thezdi.com/blog/2021/2/17/zdi-21-171-getting-information-disclosure-in-adobe-reader-through-the-id-tag

\n[00:32:42] Middleware everywhere and lots of misconfigurations to fix
\n

https://labs.detectify.com/2021/02/18/middleware-middleware-everywhere-and-lots-of-misconfigurations-to-fix/

\n[00:43:05] GPGme used confusion, it's super effective !
\n

https://www.synacktiv.com/en/publications/gpgme-used-confusion-its-super-effective.html

\n[00:51:58] Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions
\n

\n[01:01:11] Hunting for bugs in Telegram's animated stickers remote attack surface
\n

https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/

\n[01:08:03] Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits
\n

\n[01:20:27] Model Skewing Attacks on Machine Learning Models
\n

https://payatu.com/blog/nikhilj/sec4ml-machine-learning-model-skewing-data-poisoning

\n[01:21:37] Future of Exploit Development - 2021 and Beyond
\n

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)