04 February 2020 Show Notes 27 - Ok Google, sudo ./hacktheplanet 00:00:30 Charges Dismissed Against Coalfire Employees 00:06:28 Avast to Commence Wind Down of Subsidiary Jumpshot 00:21:49 Say hello to OpenSK: a fully open-source security key implementation 00:28:04 Kraken Identifies Critical Flaw in Trezor Hardware Wallets 00:33:34 Zoom-Zoom: We Are Watching You 00:38:47 TeamViewer using encrypted passwords 00:47:22 Buffer overflow [in sudo] when pwfeedback is set in sudoers (CVE-2019-18634) Additional Links: https://github.com/sudo-project/sudo/commit/fa8ffeb17523494f0e8bb49a25e53635f4509078 https://github.com/sudo-project/sudo/blob/0fcb6471609969b5911db0b2917ced16c913676f/src/tgetpass.c#L413 01:01:02 Opkg susceptible to MITM (CVE-2020-7982) Additional Links: https://git.openwrt.org/?p=project/opkg-lede.git;a=commitdiff;h=54cc7e3bd1f79569022aa9fc3d0e748c81e3bcd8 01:06:57 LPE and RCE in OpenSMTPD (CVE-2020-7247) 01:13:52 PHP 7.0-7.4 disable_functions bypass 0day PoC Additional Links: https://github.com/mm0r1/exploits/blob/master/php7-backtrace-bypass/exploit.php 01:28:32 Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part I) Additional Links: https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii/ 01:40:01 OK Google: bypass the authentication!