Переходьте в офлайн за допомогою програми Player FM !
ThinkstScapes Research Roundup - Q2 - 2023
Manage episode 373377944 series 3290432
Privacy in the modern era
IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation
Erik Rye and Robert Beverly
Device Tracking via Linux’s New TCP Source Port Selection Algorithm
Moshe Kol, Amit Klein, and Yossi Gilad
zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity Infrastructure
Michael Rosenberg, Jacob White, Christina Garman, and Ian Miers
3 Years in China: A Tale of Building a REAL Full Speed Anti-Censorship Router
KaiJern Lau
Embedded [in]security
Embedded Threats: A Deep Dive into the Attack Surface and Security Implications of eSIM Technology
Markus Vevier
RPMB, a secret place inside the eMMC
Sergio Prado
[Blog]
Compromising Garmin’s Sport Watches: A Deep Dive into GarminOS and its MonkeyC Virtual Machine
Tao Sauvage
The Impostor Among US(B): Off-Path Injection Attacks on USB Communications
Robert Dumitru, Daniel Genkin, Andrew Wabnitz, and Yuval Yarom
MagBackdoor: Beware of Your Loudspeaker as A Backdoor For Magnetic Injection Attacks
Tiantian Liu, Feng Lin, Zhangsen Wang, Chao Wang, Zhongjie Ba, Li Lu, Wenyao Xu, and Kui Ren
Issues at the operating system level
(Windows) Hello from the Other Side
Dirk-jan Mollema
Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures
Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, and Jörg Schwenk
Dirty Bin Cache: A New Code Injection Poisoning Binary Translation Cache
Koh Nakagawa
The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders
Willy R. Vasquez, Stephen Checkoway, and Hovav Shacham
Nifty sundries
EverParse: Secure Binary Data Parsers for Everyone
Tahina Ramananandro
InfinityGauntlet: Expose Smartphone Fingerprint Authentication to Brute-force Attack
Yu Chen, Yang Yu, and Lidong Zhai
[Paper]
It’s (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses
Soheil Khodayari and Giancarlo Pellegrino
Can you trust ChatGPT’s package recommendations?
Bar Lanyado, Ortal Keizman, and Yair Divinsky
[Blog]
Phoenix Domain Attack: Vulnerable Links in Domain Name Delegation and Revocation
Xiang Li, Baojun Liu, Xuesong Bai, Mingming Zhang, Qifan Zhang, Zhou Li, Haixin Duan, and Qi Li
Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects
Xuewei Feng, Qi Li, Kun Sun, Yuxiang Yang, and Ke Xu
12 епізодів
Manage episode 373377944 series 3290432
Privacy in the modern era
IPvSeeYou: Exploiting Leaked Identifiers in IPv6 for Street-Level Geolocation
Erik Rye and Robert Beverly
Device Tracking via Linux’s New TCP Source Port Selection Algorithm
Moshe Kol, Amit Klein, and Yossi Gilad
zk-creds: Flexible Anonymous Credentials from zkSNARKs and Existing Identity Infrastructure
Michael Rosenberg, Jacob White, Christina Garman, and Ian Miers
3 Years in China: A Tale of Building a REAL Full Speed Anti-Censorship Router
KaiJern Lau
Embedded [in]security
Embedded Threats: A Deep Dive into the Attack Surface and Security Implications of eSIM Technology
Markus Vevier
RPMB, a secret place inside the eMMC
Sergio Prado
[Blog]
Compromising Garmin’s Sport Watches: A Deep Dive into GarminOS and its MonkeyC Virtual Machine
Tao Sauvage
The Impostor Among US(B): Off-Path Injection Attacks on USB Communications
Robert Dumitru, Daniel Genkin, Andrew Wabnitz, and Yuval Yarom
MagBackdoor: Beware of Your Loudspeaker as A Backdoor For Magnetic Injection Attacks
Tiantian Liu, Feng Lin, Zhangsen Wang, Chao Wang, Zhongjie Ba, Li Lu, Wenyao Xu, and Kui Ren
Issues at the operating system level
(Windows) Hello from the Other Side
Dirk-jan Mollema
Every Signature is Broken: On the Insecurity of Microsoft Office’s OOXML Signatures
Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, and Jörg Schwenk
Dirty Bin Cache: A New Code Injection Poisoning Binary Translation Cache
Koh Nakagawa
The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders
Willy R. Vasquez, Stephen Checkoway, and Hovav Shacham
Nifty sundries
EverParse: Secure Binary Data Parsers for Everyone
Tahina Ramananandro
InfinityGauntlet: Expose Smartphone Fingerprint Authentication to Brute-force Attack
Yu Chen, Yang Yu, and Lidong Zhai
[Paper]
It’s (DOM) Clobbering Time: Attack Techniques, Prevalence, and Defenses
Soheil Khodayari and Giancarlo Pellegrino
Can you trust ChatGPT’s package recommendations?
Bar Lanyado, Ortal Keizman, and Yair Divinsky
[Blog]
Phoenix Domain Attack: Vulnerable Links in Domain Name Delegation and Revocation
Xiang Li, Baojun Liu, Xuesong Bai, Mingming Zhang, Qifan Zhang, Zhou Li, Haixin Duan, and Qi Li
Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects
Xuewei Feng, Qi Li, Kun Sun, Yuxiang Yang, and Ke Xu
12 епізодів
모든 에피소드
×Ласкаво просимо до Player FM!
Player FM сканує Інтернет для отримання високоякісних подкастів, щоб ви могли насолоджуватися ними зараз. Це найкращий додаток для подкастів, який працює на Android, iPhone і веб-сторінці. Реєстрація для синхронізації підписок між пристроями.