Last week, RFC 9221 was finalized. It defines sending Datagrams on a #QUIC connection: rfc-editor.org/rfc/rfc9221.ht… This allows you to have both reliable and unreliable data in a single, encrypted connection, at the same time. Think of it as combining UDP and TCP, all-in-one! 1/6

Nothing actually happens until you hit the Submit button, right? Well, maybe not. wired.trib.al/p7i4qAI

Today, after over 5 years of work, HTTP/3 was finally standardized as RFC 9114! rfc-editor.org/rfc/rfc9114.ht… Together with RFC 9204 (QPACK header compression) and RFC 9218 (Extensible Priorities) it ushers in an important new chapter for the Web! Proud to have been part of this!

Here we are (again)! HacknamStyle was rebranded to Stellar Vector! We will be participating in CTFs more regularly once again 🙌 Visit us at stellarvector.be!

🚨 Introducing the 2022 Web Almanac, our annual "state of the web" report! 🔖 almanac.httparchive.org/en/2022/ 22 chapters 108 contributors 8M websites analyzed 44 TB of data processed 785 queries written Join us in celebrating the release of our fourth edition and spread the word! 🎉

We had a great starting event ("CTF 101") yesterday evening! Around 70 people joined us for a slice of pizza, some drinks and of course, (an intro to) hacking.

Very interesting content and discussions regarding hacking and HW/SW security of Lennert, Jo Van Bulck and Jeroen Baert.

We had a very nice PWN101 last night and did some great hacking! 🧑‍💻 All challenges, slides and (soon) the recording are available on pwn101.stellarvector.be so you can continue hacking at home! 💪 Thanks to the presenters (Joris Ignoul & Robin Jadoul) and our present members!

The program for the Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb) 2023 is now available. Find out more here: ndss-symposium.org/ndss-program/m… #NDSS23

Next, Vik Vanderlinden is discussing security implications of the server-timing header, at #MADWeb 2023 co-located with NDSS Symposium!

It was my pleasure to receive the best paper award at #MADWeb 2023 with our paper "Can You Tell Me the Time: Security Implications of the Server-Timing Header" 🥳 With Mathy Vanhoef and Wouter Joosen, DistriNet Thanks to Aurore Fass and Zubair Shafiq for co-chairing the workshop!

#OnThisDay thirty years ago, in 1993, CERN released the World Wide Web software to the public. Proposed by Sir Tim Berners-Lee, the web was originally created to allow scientists and institutes from all over the globe who were working on CERN data to share information accurately

Congratulations to Yana Dimova and team from DistriNet for receiving the best student award at PETS 2023.

New #TunnelCrack flaw can break a large majority of VPNs: we can trick a VPN into leaking traffic outside the protected VPN tunnel. Our tests indicate that this is a widespread design issue. For a demo, more details, and the USENIX Security paper, see tunnelcrack.mathyvanhoef.com

Intrigued by bugs and web security like us? Dive into our paper on the lifecycles of Content Security Policy bugs! Or even better: catch our talk in the entomology session (1:30 pm, Platinum Salon 7–8) USENIX Security #usesec23 🔗usenix.org/conference/use… Need convincing?👇 (1/7)

Two days ago we had a very successful second edition of our annual CTF101 💪 More than 75 participants learned about CTFing and caught their first few flags in the crypto, OSINT and web categories. See you all soon at one of our CTF participations 🙂

Congratz to Gertjan Franken (Gertjan Franken) for his successful PhD defense: Security and Privacy Policy Bugs in Browser Engines. Great achievement. Looking forward to your future publications and work!

Ideally all papers should publish their code. You can help realize this by applying to be an artifact reviewer at NDSS'25. You'll get to review artifacts of accepted papers. We especially encourage junior/senior PhD students & PostDocs to help. Apply here docs.google.com/forms/d/e/1FAI…

Full house!! More than 85 people joined us last Tuesday for a fantastic edition of our annual CTF101! 💪 Thanks for joining, see you soon at one of our upcoming CTF participations 🙂 A big thanks to the challenge creators/presenters and everyone involved in the organization!

1️⃣ Security in 2024 🔒 The security landscape is evolving in 2024. 📈 98% of requests use HTTPS 📊 +27% adoption of CSP 🔗 23% of desktop sites use Subresource Integrity by Gertjan Franken, Vik Vanderlinden, @pizzahax, Alberto, Brian Clark, Jannis Rautenstrauch Full report: