"Browser favicons can be used as supercookies to track you"
by Matthew Gault (Vice).

The various supercookie implementations out there are always an interesting source of unintended ways to fingerprint or persist data. Usually followed by browsers mitigating those. The favicon hack is... something else though. Wow.

vice.com/en/article/n7v5y7/bro

Background:
supercookie.me/workwise

Prior art:
github.com/samyk/evercookie

"Breaking GitHub Private Pages for $35k",
by Robert Chen and ginkoid.

Interesting combination of techniques to effectively bypass cross-origin restrictions. Learned a thing or two.

robertchen.cc/blog/2021/04/03/

"Stealing Private YouTube Videos, One Frame at a Time"
by David Schütz

Neatly found bug, and great showcase of how a pen tester goes to work on a complex system.

bugs.xdavidhu.me/google/2021/0

Emitting WiFi signals from a RAM chip

Catalin Cimpanu, reporting for ZDNet:

"""
Academics from an Israeli university have published new research today detailing a technique to convert a RAM card into an impromptu wireless emitter and transmit sensitive data from non-networked air-gapped computers that [have] no WiFi card.
"""

It's fairly low-bandwidth (upto 100 bytes/second), but amazing nonetheless and actually spans several meters.

zdnet.com/article/academics-tu

Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!