WOOT & IEEE S&P: Jordy Gennissen
A while back, I had the pleasure of joining IEEE Security & Privacy (S&P / Oakland) and the Workshop On Offensive Technologies (WOOT) on behalf of Royal Holloway. In part, this was to present my latest research project at WOOT: an online puzzle game where solutions off-load exploit writers and aid vulnerability severity analysis. In S&P, Royal Holloway presented multiple more projects. Guido from the S3Lab presented his work on the formal analysis of web payment APIs. Through their analysis, they found two vulnerabilities that could be leveraged by online vendors to overcharge the customer, e.g. by forcing to pay the required amount with multiple payment methods. The vulnerabilities have been acknowledged and patched, making the world a safer place. We also had a great (online) presentation from Lenka on security properties of Telegram. They studied the non-conventional symmetric cryptography used in Telegram under normal usage, exploited the flaws, and both propose a fix