01 December 2020 Show Notes 55 - Bad Blocklists, Legal News, and Windows Vulns 00:00:27 Congress unanimously passes federal IoT security law 00:06:52 The Supreme Court will hear its first big CFAA case 00:13:35 How much is unauthorized access sold for? 00:20:10 Getting Banned for Security Research 00:33:11 SD-PWN Part 3 - Cisco vManage 00:36:10 SD-PWN Part 4 - VMware VeloCloud 00:40:39 CVE-2020-7378: OpenCRX Unverified Password Change (FIXED) Additional Links: https://github.com/opencrx/opencrx/commit/389ff0e22851407560091dfd25b25fee0b384eed?branch=389ff0e22851407560091dfd25b25fee0b384eed&diff=split#diff-2bb58016ce7d5cdb2f11bdb60d4aa7dd5c2e2cb816c9120a7f36ac93d0b64f33L702 00:43:54 Multiple vulnerabilities through filename manipulation (CVE-2020-28948 and CVE-2020-28949) Additional Links: https://www.drupal.org/sa-core-2020-013 00:47:14 SSRFs caused by bad RegEx in "private-ip" 00:53:13 [SnapChat] Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata 00:57:50 Serious flaws in Tesla Model X keyless entry system 01:03:48 Windows Print Spooler Vulnerability 01:08:30 Exploiting a “Simple” Vulnerability - In 35 Easy Steps or Less! Additional Links: https://twitter.com/gabe_k/status/1330966182543777792 01:17:55 Hitcon2020 Challenge Files + Solutions