Episode 25 - Project Verona, CurveBall, CableHaunt, and RCEs-a-plenty
Start off with some discussions about Google, privacy, Rust, and entitlement within open-source software. Then we look at some of the big vulns of the past week including CurveBall, CabelHaunt, and an RDP RCE.
Watch the DAY podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
- [00:00:35] Chromium Blog: Building a more private web: A path towards making third party cookies obsolete
- [00:07:13] WeLeakInfo.com Domain Name Seized
- [00:13:46] A sad day for Rust
- [00:25:46] GitHub - microsoft/verona: Research programming language for concurrent ownership
- [00:47:23] Control Flow Integrity (CFI) in the Linux kernel
- [00:54:01] ADV200001 | Microsoft Guidance on Scripting Engine Memory Corruption Vulnerability (CVE-2020-0674)
- [00:57:26] Netgear TLS Private Key Disclosure through Device Firmware Images
- [01:17:47] Cable Haunt
- [01:27:26] RDP to RCE: When Fragmentation Goes Wrong
- [01:31:54] Critical Auth Bypass Vulnerability In InfiniteWP Client And WP Time Capsule
- [01:37:56] cuck00 | Twenty-twenty, bugs aplenty!