PDF Exploits, GPGME Making Mistakes EZ and Favicon Tracking

A couple privacy violations, PDF exploits, and a complicated API being misused by developers.

[00:00:48] Brave browser leaks onion addresses in DNS traffic

• https://ramble.pw/f/privacy/2387

[00:07:05] Tales of Favicons and Caches: Persistent Tracking in Modern Browsers

• https://www.ndss-symposium.org/ndss-paper/tales-of-favicons-and-caches-persistent-tracking-in-modern-browsers/

[00:18:12] Shadow Attacks: Hiding and Replacing Content in Signed PDFs

• https://www.ndss-symposium.org/ndss-paper/shadow-attacks-hiding-and-replacing-content-in-signed-pdfs/

[00:28:20] Getting Information Disclosure in Adobe Reader Through the ID Tag

• https://www.thezdi.com/blog/2021/2/17/zdi-21-171-getting-information-disclosure-in-adobe-reader-through-the-id-tag

[00:32:42] Middleware everywhere and lots of misconfigurations to fix

• https://labs.detectify.com/2021/02/18/middleware-middleware-everywhere-and-lots-of-misconfigurations-to-fix/

[00:43:05] GPGme used confusion, it's super effective !

• https://www.synacktiv.com/en/publications/gpgme-used-confusion-its-super-effective.html

[00:51:58] Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions

• https://emvrace.github.io

[01:01:11] Hunting for bugs in Telegram's animated stickers remote attack surface

• https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/

[01:08:03] Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits

• https://arxiv.org/abs/2102.07869v1

[01:20:27] Model Skewing Attacks on Machine Learning Models

• https://payatu.com/blog/nikhilj/sec4ml-machine-learning-model-skewing-data-poisoning

[01:21:37] Future of Exploit Development - 2021 and Beyond

• https://www.youtube.com/watch?v=o_hk9nh8S1M

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)