PDF Exploits, GPGME Making Mistakes EZ and Favicon Tracking

A couple privacy violations, PDF exploits, and a complicated API being misused by developers. [00:00:48] Brave browser leaks onion addresses in DNS traffic https://ramble.pw/f/privacy/2387 [00:07:05] Tales of Favicons and Caches: Persistent Tracking in Modern Browsers https://www.ndss-symposium.org/ndss-paper/tales-of-favicons-and-caches-persistent-tracking-in-modern-browsers/ [00:18:12] Shadow Attacks: Hiding and Replacing Content in Signed PDFs https://www.ndss-symposium.org/ndss-paper/shadow-attacks-hiding-and-replacing-content-in-signed-pdfs/ [00:28:20] Getting Information Disclosure in Adobe Reader Through the ID Tag https://www.thezdi.com/blog/2021/2/17/zdi-21-171-getting-information-disclosure-in-adobe-reader-through-the-id-tag [00:32:42] Middleware everywhere and lots of misconfigurations to fix https://labs.detectify.com/2021/02/18/middleware-middleware-everywhere-and-lots-of-misconfigurations-to-fix/ [00:43:05] GPGme used confusion, it's super effective ! https://www.synacktiv.com/en/publications/gpgme-used-confusion-its-super-effective.html [00:51:58] Bypassing the PIN in non-Visa Cards by Using Them for Visa Transactions https://emvrace.github.io [01:01:11] Hunting for bugs in Telegram's animated stickers remote attack surface https://www.shielder.it/blog/2021/02/hunting-for-bugs-in-telegrams-animated-stickers-remote-attack-surface/ [01:08:03] Expected Exploitability: Predicting the Development of Functional Vulnerability Exploits https://arxiv.org/abs/2102.07869v1 [01:20:27] Model Skewing Attacks on Machine Learning Models https://payatu.com/blog/nikhilj/sec4ml-machine-learning-model-skewing-data-poisoning [01:21:37] Future of Exploit Development - 2021 and Beyond https://www.youtube.com/watch?v=o_hk9nh8S1M Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)