#video #live #security #OWASP Ukraine 12020
11:00 Opening + lottery/raffles announcement
11:25 Maksym Khramov & Serhii Korolenko - 6 digit OTP for Two Factor Auth (2FA) is brute-forceable in 3 days + OTP Lottery
11:45 Julia Potapenko - React Native Security: Addressing Typical Mistakes
12:30 Константин Корсун - Безпека додатку Дія - “Оскар” чи “Золота малина”
13:30 Anatolii Bereziuk - OAuth2.0: What? Where? When?
14:40 Serhii Korolenko & Eduard Kiiko & Oksana Safronova - OWASP JuicyShop Workshop
16:00 Philippe Humeau - Leveraging the crowd power to regain faith in Internet’s zero trust architecture (in English)
17:00 Pawel Rzepa - Serverless security: attack & defense (in English)
18:00 Lottery/raffles results + Closing word
https://youtu.be/e7myCGQ0gO4
11:00 Opening + lottery/raffles announcement
11:25 Maksym Khramov & Serhii Korolenko - 6 digit OTP for Two Factor Auth (2FA) is brute-forceable in 3 days + OTP Lottery
11:45 Julia Potapenko - React Native Security: Addressing Typical Mistakes
12:30 Константин Корсун - Безпека додатку Дія - “Оскар” чи “Золота малина”
13:30 Anatolii Bereziuk - OAuth2.0: What? Where? When?
14:40 Serhii Korolenko & Eduard Kiiko & Oksana Safronova - OWASP JuicyShop Workshop
16:00 Philippe Humeau - Leveraging the crowd power to regain faith in Internet’s zero trust architecture (in English)
17:00 Pawel Rzepa - Serverless security: attack & defense (in English)
18:00 Lottery/raffles results + Closing word
https://youtu.be/e7myCGQ0gO4
Forwarded from CatOps
Recent Google incident post-mortem: https://status.cloud.google.com/incident/zall/20013#20013004
tl;dr: wrong quota applied to the Google User ID Service
#postmortem
tl;dr: wrong quota applied to the Google User ID Service
#postmortem
#hack
https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
The Citizen Lab
The Great iPwn
Government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute…
Brodetskyi. Tech, VC, Startups
😂
#SolarWinds #hack
https://www.wsj.com/articles/solarwinds-hack-victims-from-tech-companies-to-a-hospital-and-university-11608548402
https://www.wsj.com/articles/solarwinds-hack-victims-from-tech-companies-to-a-hospital-and-university-11608548402
WSJ
WSJ News Exclusive | SolarWinds Hack Victims: From Tech Companies to a Hospital and University
A Wall Street Journal analysis identified at least 24 organizations that installed software laced with malicious code by Russian hackers.
#DNS #hack
https://portswigger.net/daily-swig/cross-layer-attacks-new-hacking-technique-raises-dns-cache-poisoning-user-tracking-risk
https://portswigger.net/daily-swig/cross-layer-attacks-new-hacking-technique-raises-dns-cache-poisoning-user-tracking-risk
The Daily Swig | Cybersecurity news and views
Cross-layer attacks: New hacking technique raises DNS cache poisoning, user tracking risk
PRNG flaw in Linux kernel created multiple security vulnerabilities