Take Quiz

Your name and email are stored only in your browser local storage for convenience. They are not retained server-side.

NameEmail

Question 1

What immediate consequence occurred after Ubiquiti's announcement of vulnerabilities in UniFi OS devices?

Attackers began adding a Super Admin named 'John Sim' to unpatched UniFi devices and exfiltrating data via backups. UniFi devices automatically updated to secure firmware, preventing any attacks. Ubiquiti removed all Super Admin access from all users until patches were applied. The UniFi team disabled the backup feature on all devices remotely to prevent data theft.

Question 2

Regarding the CISA Directive on Drupal vulnerability CVE-2026-9082, what was the mandated timeline for U.S. federal civilian agencies to patch?

Two weeks with optional mitigations allowed in place of patching. One day from the addition to the Known Exploited Vulnerabilities catalog, with no exceptions. Immediate patching only for federal agencies hosting financial data. Within 30 days, following standard patching procedures for CMS software.

Question 3

What distinguishes the 'device-bound session cookies' technology that Chrome has now enabled from standard session cookies?

They store session cookies exclusively on local storage rather than in memory. They limit cookies to expire every 5 minutes to reduce theft impact. They cryptographically tie session cookies to a physical device's TPM or Secure Enclave to prevent cookie replay attacks. They encrypt cookies with a user-defined password set per browsing session.

Question 4

According to the security researcher Kabir Acharya, how has the rise of frontier AI models affected the competitive Capture the Flag (CTF) scene?

AI models only provide hints, requiring humans to do the majority of complex reasoning, preserving the CTF competition. CTF competitions have adapted by banning AI use, maintaining their original format and integrity. Frontier AI has broken the open CTF format by enabling easy automation of medium and hard challenges, rendering leaderboards meaningless. AI tools have had minimal impact, and CTF competitions remain primarily a measure of human skill as before.

Question 5

What is the anticipated effect of AI-powered vulnerability discovery tools on traditional bug bounty programs and zero-day markets, according to listener Travis Hayes?

Bug bounty programs and zero-day markets will remain unchanged because AI cannot outperform skilled human researchers. Bug bounty programs will expand, offering higher rewards to compete with AI capabilities. The increased supply of AI-discovered vulnerabilities could reduce demand for bug bounties and zero-day purchases, potentially leading these markets to collapse. Zero-day hunting will become more lucrative due to AI accelerating vulnerability discovery.

Cancel

Episode #1081 Quiz

Question 1

Question 2

Question 3

Question 4

Question 5