Auth Problems from Parsing, Slack’s Password Hashes, Twitter’s Info Breach – ASW #207



Nextauth.js account takeover due to parsing flaw, URL parsing flaw in Go’s net/url, another path traversal, Slack exposes password hashes (whaaat!?), Twitter exposes 5.4 million accounts, ransomware and research against PyPI and GitHub, videos from fwd:cloudsec 2022. Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

Auth Problems from Parsing, Slack’s Password Hashes, Twitter’s Info Breach

Hosts

John Kinsella

John Kinsella – Co-founder & CTO at Cysense

@johnlkinsella

John Kinsella is the Co-founder & CTO of Cysense

Mike Shema

Mike Shema – Security Partner at Square

@Codexatron

Mike Shema is a Security Partner at Square.

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!