Zerologon — The 10-Out-of-10 Vulnerability That Should Terrify You
·822 words·4 mins
CVE-2020-1472, dubbed Zerologon, scores a perfect 10.0 CVSS and allows full domain takeover with a handful of packets. Here’s what you need to know.
Security
The Twitter Bitcoin Hack — A Social Engineering Masterclass
·1019 words·5 mins
The massive Twitter compromise that hit Barack Obama, Elon Musk, and Apple wasn’t a sophisticated zero-day — it was social engineering targeting internal tools. That’s the scary part.
The Pandemic IoT Boom — More Devices, More Risk, Same Old Problems
·1064 words·5 mins
Home IoT device sales have surged during lockdowns, and every one of those devices just joined a corporate network via VPN. The security implications are significant.
Apple and Google's Exposure Notification API — Privacy Engineering at Scale
·1056 words·5 mins
Apple and Google collaborate on a Bluetooth-based exposure notification system that puts privacy-preserving architecture front and center.
Zoom's Security Reckoning — When Rapid Growth Exposes Technical Debt
·964 words·5 mins
Zoom’s explosive pandemic-driven growth is exposing serious security and privacy issues. The ‘Zoombombing’ phenomenon is just the tip of the iceberg.
The Crypto AG Revelation — When Your Encryption Vendor Is the Intelligence Agency
·1017 words·5 mins
The Washington Post reveals the CIA secretly owned Crypto AG for decades, selling compromised encryption to governments worldwide. The supply chain trust implications are staggering.
The NSA Found a Critical Windows Crypto Bug — And That's Actually Good News
·910 words·5 mins
The NSA disclosed CVE-2020-0601, a critical vulnerability in Windows CryptoAPI’s certificate validation. The fact that they reported it instead of hoarding it marks a notable shift.