10 March 2020 Show Notes 00:00:29 Election Security 2020: Don't Let Disinformation Undermine Your Right to Vote 00:07:00 Announcing Remote Participation in Pwn2Own Vancouver 00:11:30 Revoking certain certificates on March 4 Additional Links: https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/3 https://bugzilla.mozilla.org/show_bug.cgi?id=1619047 00:19:48 FuzzBench: Fuzzer Benchmarking as a Service Additional Links: https://www.fuzzbench.com/reports/sample/index.html 00:29:01 Intel x86 Root of Trust: loss of trust 00:39:15 Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors 00:49:19 VU#782301 - pppd vulnerable to buffer overflow due to a flaw in EAP packet processing Additional Links: https://github.com/paulusmack/ppp/commit/8d45443bb5c9372b4c6a362ba2f443d41c5636af https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 00:55:19 MediaTek rootkit affecting millions of Android devices 01:02:04 Zoho ManageEngine RCE Additional Links: https://srcincite.io/pocs/src-2020-0011.py.txt 01:11:33 RCE Through a Deserialization Bug in Oracle's WebLogic Server (CVE-2020-2555) 01:14:30 Regex Vulnerabilities - parse-community/parse-server 01:19:05 HTTP request smuggling using malformed Transfer-Encoding header 01:27:28 [Nextcloud] Delete All Data of Any User 01:30:44 Dismantling DST80-based Immobiliser Systems 01:38:01 Exploring Backdoor Poisoning Attacks Against Malware Classifiers 01:46:07 DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier 01:55:50 Security Analysis of Memory Tagging 02:04:23 DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier