14 January 2020 Show Notes 24 - SHA-mbles, Shitrix, Responsible Disclosure, and wtf is TikTok doing. 00:00:35 SHA-1 is a Shambles Additional Links: https://www.youtube.com/watch?v=Gh6p7Y74m9A 00:14:50 Government-funded phones come pre-installed with unremovable malware 00:22:09 Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1 — Mozilla 00:27:02 CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller and Citrix Gateway Additional Links: https://github.com/projectzeroindia/CVE-2019-19781 https://www.mdsec.co.uk/2020/01/deep-dive-to-citrix-adc-remote-code-execution-cve-2019-19781/ https://twitter.com/GossiTheDog/status/1215785949709459456 00:38:20 Project Zero: Policy and Disclosure: 2020 Edition Additional Links: https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html 00:52:07 Privileged Access Never (PAN) - Another day, another broken mitigation. 00:57:43 Tik or Tok? Is TikTok secure enough? 01:18:33 Fortinet FortiSIEM Hardcoded SSH Key 01:22:58 Project Zero: Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641 01:32:00 WAF-A-MoLE: Evading Web Application Firewalls through Adversarial Machine Learning 01:36:00 QSOR: Quantum-Safe Onion Routing 01:45:09 Browser Games Aren't an Easy Target 01:46:31 Reverse engineering RNG in a GBA game Additional Links: https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use