SHA-mbles, Shitrix, Responsible Disclosure, and wtf is TikTok doing?

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@DAY[0])

 

• [00:00:35] SHA-1 is a Shambles


• https://www.youtube.com/watch?v=Gh6p7Y74m9A


• [00:14:50] Government-funded phones come pre-installed with unremovable malware


• [00:22:09] Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1 — Mozilla


• [00:27:02] CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller and Citrix Gateway


• https://github.com/projectzeroindia/CVE-2019-19781


• https://www.mdsec.co.uk/2020/01/deep-dive-to-citrix-adc-remote-code-execution-cve-2019-19781/


• https://twitter.com/GossiTheDog/status/1215785949709459456


• [00:38:20] Project Zero: Policy and Disclosure: 2020 Edition


• https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html


• [00:52:07] Privileged Access Never (PAN) - Another day, another broken mitigation.


• [00:57:43] Tik or Tok? Is TikTok secure enough?


• [01:18:33] Fortinet FortiSIEM Hardcoded SSH Key


• [01:22:58] Project Zero: Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641


• [01:32:00] WAF-A-MoLE: Evading Web Application Firewalls through Adversarial Machine Learning


• [01:36:00] QSOR: Quantum-Safe Onion Routing


• [01:45:09] Browser Games Aren't an Easy Target


• [01:46:31] Reverse engineering RNG in a GBA game


• https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use