This week our CEO and CTO, Nir and Or, collaborated with the leading cyber podcast in Israel CyberCyber to create an enthralling episode. In the episode, Nir and Or discuss with the hosts of CyberCyber, Noam Rotem and Idan Kinan, a few of the most interesting security breaches found by Sayfer. Nir and Or retell their experience of how they flew to Europe hired to search for security vulnerabilities in a luxury hotel but ended up discovering a much more wide and more interesting security breach which presents a major security flaw in one of Europe’s biggest ISP by exploiting the HTTP header enrichment mechanism. Additionally, Nir and Or explain the NFT BadReveal vulnerability recently exposed by Sayfer (you can read more about it in our detailed blog-post). We found that many projects set the token URI in one transaction and then reveal it in a different transaction. In the time between those two transactions, which sometimes can be hours, an attacker can scan all NFTs in the project and find which one is the rarest, and then buy it based on its tokenID.
“It’s like participating in a lottery when you know the winning numbers in advance”
– Nir Duan
The episode also covers a fascinating discussion of past and future encryption technologies, the implications of NFT technologies, and more.
To listen to the CyberCyber podcast (In Hebrew) and our episode click here.
Anna Shreder
Anna is a security researcher at Sayfer. She’s passionate about understanding and researching attacking and defending vectors that appear in new emerging technologies.
Want to Hear More?
A free consulting meeting included.
