Project Verona, CurveBall, CableHaunt, and RCEs-a-plenty

Start off with some discussions about Google, privacy, Rust, and entitlement within open-source software. Then we look at some of the big vulns of the past week including CurveBall, CabelHaunt, and an RDP RCE.

 

• [00:00:27] Chromium Blog: Building a more private web: A path towards making third party cookies obsolete


• [00:07:05] WeLeakInfo.com Domain Name Seized


• [00:13:39] A sad day for Rust


• [00:25:38] GitHub - microsoft/verona: Research programming language for concurrent ownership


• https://github.com/microsoft/verona/blob/master/docs/explore.md


• [00:37:30] Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer


• [00:47:16] Control Flow Integrity (CFI) in the Linux kernel


• [00:53:54] ADV200001 | Microsoft Guidance on Scripting Engine Memory Corruption Vulnerability (CVE-2020-0674)


• [00:57:19] Netgear TLS Private Key Disclosure through Device Firmware Images


• https://news.ycombinator.com/item?id=22048619


• https://github.com/ollypwn/CVE-2020-0601/blob/master/main.rb


• [01:17:39] Cable Haunt


• [01:27:19] RDP to RCE: When Fragmentation Goes Wrong


• [01:31:46] Critical Auth Bypass Vulnerability In InfiniteWP Client And WP Time Capsule


• [01:37:48] cuck00 | Twenty-twenty, bugs aplenty!

 

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])