logo
episode-header-image
Mar 2021
17m 49s

High severity flaw can crash your WebSer...

Hussein Nasser
About this episode

On Thursday, OpenSSL maintainers released a fix for two high severity vulnerabilities, let us discuss the impact.

  • OpenSSL two major vulnerabilities 0:00
  • why OpenSSL 1:00
  • Bug 1 - Renegotiating TLS 1.2 (CVE-2021-3449) 3:50
  • Bug 2 - Cert verification bypass (CVE-2021-3450) 8:42
  • Update to OpenSSL 1.1.1k 12:30

Resources

https://www.openssl.org/news/vulnerabilities.html

https://arstechnica.com/gadgets/2021/03/openssl-fixes-high-severity-flaw-that-allows-hackers-to-crash-servers/

Up next
Nov 24
CPU and Kernel Page Faults
<p>Page faults occurs when the process tries to access a memory that isn’t backed by a physical page kernel raises a fault which loads a page. It happens on first access, stack expansion, COW, swap and much more. However it comes with a cost. </p><p><br /></p><p>In this episode o ... Show More
48m 37s
Oct 31
Amazon US-EAST-1 Outage in Details
On October 19 2025 AWS experienced an outage that lasted over a day, 10 days later we finally got the root cause analysis and we know exactly what caused the DNS to fail0:00 Summary 5:30 How did Dynamo lost its DNS?13:41 EC2 Errors 16:16 Network Load Balancer ErrorsRCA here https ... Show More
24m 26s
Oct 17
Graceful shutdown in HTTP
There are cases where the backend may need to close the connection to prevent unexpected situations, prevent bad actors or simply just free up resources. Closing a connection gracefully allows clients and backends to clean up and finish any pending requests. In this episode of th ... Show More
25m 49s
Recommended Episodes
Apr 2020
JavaScript Vulnerabilities with Tim Kadlec - The State of the Web
<p><span style="font-weight: 400;">(Originally aired on YouTube on May 30, 2018)</span></p> <p><span style="font-weight: 400;">Rick and Tim talk about how insecure much of the web really is, the various vulnerabilities in web security that can leave you open to attack, the challe ... Show More
12m 32s
Mar 2024
Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App
Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also tou ... Show More
1h 8m
Jul 2023
Episode 27: Top 7 Esoteric Web Vulnerabilities
Episode 27: In this episode of Critical Thinking - Bug Bounty Podcast, we've switched places and now Joel is home while Justin is on the move. We break down seven esoteric web vulnerabilities, and talk Cookies, Config File Injections, Client-side path traversals and more. We also ... Show More
1h 20m
Apr 2023
Supply-chain attack's effects spread. CISA makes new KEV entries. Bumblebee malware loader describes. Decoy Dog toolset discovered. Discord Papers were shared earlier and more widely.
3CX is not the only victim in the recent supply chain attack. The PaperCut critical vulnerability is under active exploitation. The Bumblebee malware loader is buzzing around in the wild. A new unique malware toolkit called Decoy Dog. Rick Howard, CSO from N2K Networks, shares RS ... Show More
27m 8s
Sep 2020
Episode 1: Post-Quantum TLS With KEMs Instead of Signatures!
TLS 1.3 has been widely praised as a major upgrade to the Transport Layer Security protocol responsible for securing the majority of Web traffic. But one area in which TLS 1.3 seems to be lacking is its potential for resistance to attacks that utilize quantum computing – computer ... Show More
35m 43s
Feb 2024
731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton
Scott and Wes are joined by security expert, Alex Sexton of Stripe to cover all things: client security, XSS, attack vectors, and CSP (content security policy). Show Notes 00:00 Welcome to Syntax! 00:31 Brought to you by Sentry.io. 00:57 Who is Alex Sexton? 04:44 Stripe ... Show More
1h 3m
Jul 2016
Daily & Week in Review: Classified info--goose sauce, gander sauce. Security industry buoyed by Avast, AVG.
In today’s podcast, we talk through the ramifications of Android encryption issues. Experts consider the implications of D-Link vulnerabilities for IoT security. The Wendy’s paycard breach has gotten much bigger. Familiar exploits circulate in the wild, and Mac backdoors make a c ... Show More
21m 34s
Listen to millions of songs and podcasts on Anghami