Our second keynote speaker for #SecWeb2024 will be Prof. Alexandros Kapravelos Alexandros Kapravelos from NC State! He will present "Unveiling Web Threats: Insights from JavaScript Behavior". See you in San Francisco on May 23rd! IEEE S&P Marco Squarcina

The libarchive e8 vulnerability is actually really cool, but the ZDI advisory doesn't explain why it's so wild lol. For some reason, I know about RAR filters, so let me provide the background. 🧵 1/n

Google stated that "In 2024, less than 1% of all installs from the Chrome Web Store were found to include malware". But how big is this 1% exactly? You can check it out by reading our AsiaCCS paper arxiv.org/pdf/2406.12710 & attending Sheryl Hsu talk on July 4! CC @CISPA

The award-winning Qualys Threat Research Unit (TRU) has discovered a critical vulnerability in OpenSSH, designated CVE-2024-6387 and aptly named "regreSSHion." This Remote Code Execution bug grants full root access, posing a significant exploitation risk. blog.qualys.com/vulnerabilitie…

🚫 DOM XSS, begone! 👋 Discover how we used Trusted Types to protect AppSheet, and how that can inform your own web application's journey to a safer security posture where DOM XSS vulnerabilities are a thing of the past. bughunters.google.com/blog/603789066…

A quick way to check if this is enabled: Run the following in the developer console ``` await chrome.runtime.sendMessage( 'nkeimhogjdpnpccoofpliimaahmaaome', { method: 'cpu.getInfo' } ); ``` on meet.google.com, if it comes back with info, it's enabled.

i’ll never stop messing with companies 💖

Are you into hypervisor security and fuzzing? Consider applying for a PhD position in my group. More info: ali-abbasi.info

Kyle Wiens Anthropic We've had to block what we assume are ai companies spamming our APIs instead of downloading our freely available database dumps over here at Wikipedia

How does it feel like to do world-class research? If you are a CS undergrad who is interested in our topics, the Software Security group at #MPI_SP is hiring interns for summer & winter 2025! Details: 📅 01 November 2024 ✍️ cis.mpg.de/internships/ 🛡️ mpi-softsec.github.io

I’m planning to hire 2 PhD students in Fall25 at Khoury College of Computer Sciences! How do we make privacy easier for people? How do we address people’s real privacy needs objectively and subjectively? How does AI play a role in introducing and mitigating risks? Talk to me at #UIST2024 #HCOMP2024

I’m recruiting PhD students interested in system security/privacy, trustworthy ML, UCLA ECE/CS for Fall 2025! Please reach out via email anytime or find me at ACM CCS 2025 next week. Retweets are greatly appreciated!

Wikisource contributors will get together to celebrate and explore the project's future 📚 The Wikisource Conference 2025 will take place in Indonesia in February. Stay tuned for more! Discover Wikisource ➡️ w.wiki/89YY (7/7)

Wrote a small xsleak challenge for my undergrad team's CTF play.nitectf2024.live/challenges#JSA… :)

Privacy, by Yash Vekaria and @ maxostapenko.com (@ httparchive.org): almanac.httparchive.org/en/2024/privacy

Happy 24th birthday Wikipedia and a big thank you to all the volunteers in our community who continue to grow it to the major resource it is today.

Excited to share that our paper “Same Script, Different Behavior” will be presented by Ahsan at #ACMCCS25 (Web Security session, Oct 15)! We introduce a hybrid analysis framework combining dynamic traces (VisibleV8) and static code to uncover divergent JS behaviors across devices

i made a version of wikipedia you can doomscroll