CVE-2024-31206

dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In [email protected], network requests to the third-party API are sent over HTTP, which is unencrypted. Unencrypted traffic can be easily intercepted and modified by attackers. Anyone who uses the package could be the victi...

Netflix's HTTPS Update Can't Combat Passive Traffic Analysis Attacks

Academics argue that Netflix’s recent upgrade to HTTPS is doing little to protect its users from a passive traffic analysis attack. According to Andrew Reed and Michael Kranch, researchers with the U.S. Military Academy at West Point, it wouldn’t take much work for an attacker to capture traffic...