The DAY[0] podcast will be on break until September 14, 2020
A quick chat about E2E Crypto and Zoom, followed by a few noteworth exploits including Bluetooth impersonation, a 15-year old qmail CVE, NordVPN, and an RCE in Google
[00:00:50] Adventures of porting MUSL to PS4)
[00:01:55] End-to-End Encryption for Zoom Meetings)
[00:13:16] Memory safety - The Chromium Projects)
[00:21:17] First 0d iOS jailbreak in 6 years)
[00:24:11] BIAS: Bluetooth Impersonation AttackS)
https://little-canada.org/pdf/web/viewer.html?file=antonioli-20-bias.pdf)
[00:33:13] 15 years later: Remote Code Execution in qmail (CVE-2005-1513))
http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html)
[00:48:01] Privilege Escalation in Parallels Desktop via VGA Device [CVE-2020-8871])
[00:55:50] Multiple vulnerabilities in Dovecot IMAP server)
[00:59:05] Yet another arbitrary delete EoP [CVE-2020–1088])
[01:06:29] Vulnerabilities chain leading to privilege escalation [NordVPN] )
[01:09:27] Race condition in activating email resulting in infinite amount of diamonds received)
[01:12:23] RCE in Google Cloud Deployment Manager)
[01:28:17] QNAP Pre-Auth Root RCE)
[01:37:07] Safe-Linking - Eliminating a 20 year-old malloc() exploit primitive)
[02:05:43] Precise XSS detection and mitigation with Client-side Templates)
[02:17:53] Documenting the impossible: Unexploitable XSS labs)
DAY[0] will be on break until September but you can find the video archive on on Youtube (@DAY[0]))