Permanent DoS, HackerOne Hacked, and Wide-OpenBSD

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

• [00:02:59] Android Permanent DoS (CVE-2019-2232)


• [00:08:09] Inferring and hijacking VPN-tunneled TCP connections (CVE-2019-14899)


• [00:16:00] An Update on Android TLS Adoption


• [00:25:11] Mozilla and Opera remove Avast extensions from their add-on stores


• https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/


• [00:43:05] Tron: Evolution SecuROM DRM expiration makes game unplayable 9 years after release


• [00:50:12] Millions of Americans at Risk After Huge Data and SMS Leak


• [00:54:14] Nebraska Medicine Breached by Rogue Employee


• [00:56:56] Practical Pentest Labs stores passwords in plaintext


• [01:05:07] Incident Report | 2019-11-24 Account Takeover via Disclosed Session Cookie


• [01:13:28] Authentication vulnerabilities in OpenBSD (CVE-2019-19521)


• [01:24:36] Symantec Endpoint Protection Local Privilege Escalation (CVE-2019-12750)


• [01:30:09] Omron PLC Denial-of-Service as a Feature


• https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H


• https://github.com/Ox6e3062306479/omron/blob/master/cj2m.fins.dos.py


• [01:38:35] FIRST CONTACT: New vulnerabilities in contactless payments


• [01:46:39] Fuzzing Sega Genesis Emulators


• [01:50:30] Verifiable Voting Primer


• https://www.youtube.com/watch?v=LkH2r-sNjQs