Jay Freeman, a bug hunter, awarded 2 million dollar for an ETH platform bug. 1
Robert Heaton published a 4-part series on how OTR (Off-The-Record) messaging protocol leverage the priniciple of most privileges in the construct. 2
Ivan Ristić has released the 2nd edition of Bulletproof TLS and PKI which, unsurprisingly, included TLS 1.3. 3
PortSwigger published their yearly top 10 web hacking techniques for 2021. 4
Researchers from NCSU found a side-channel attack against Microsoft SEAL Homomorphic Encryption Library via with a single power measurement. 5
Footnotes
1. Attacking an Ethereum L2 with Unbridled Optimism - Jay Freeman (saurik) (www.saurik.com)
See also:
2. Off-The-Record Messaging part 1: the problem with PGP | Robert Heaton (robertheaton.com)
3. Ivan Ristić: Bulletproof TLS and PKI, Second Edition is out (blog.ivanristic.com)
See also:
4. Top 10 web hacking techniques of 2021 | PortSwigger Research (portswigger.net)
See also:
- Fuzzing for XSS via nested parsers condition – PT SWARM (swarm.ptsecurity.com)
- HTTP Request Smuggling via higher HTTP versions (www.slideshare.net)
- Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond (www.intruder.io)
- An Exploration & Remediation of JSON Interoperability… | Bishop Fox (bishopfox.com)
- Cache Poisoning at Scale (youst.in)
- Hidden OAuth attack vectors | PortSwigger Research (portswigger.net)
- s1r1us - Prototype Pollution (blog.s1r1us.ninja)
- Orange: A New Attack Surface on MS Exchange Part 1 - ProxyLogon! (blog.orange.tw)
- HTTP/2: The Sequel is Always Worse | PortSwigger Research (portswigger.net)
- Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies | by Alex Birsan | Medium (medium.com)
5. Researchers Show They Can Steal Data During Homomorphic Encryption | NC State News (news.ncsu.edu)
See also: