BEGIN:VCALENDAR
VERSION:2.0
PRODID:IEEE vTools.Events//EN
CALSCALE:GREGORIAN
BEGIN:VTIMEZONE
TZID:Europe/Prague
BEGIN:DAYLIGHT
DTSTART:20250330T030000
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
END:DAYLIGHT
BEGIN:STANDARD
DTSTART:20251026T020000
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20251025T161449Z
UID:324015B1-E364-408B-B3DB-DACCE572F7F5
DTSTART;TZID=Europe/Prague:20251020T180000
DTEND;TZID=Europe/Prague:20251020T200000
DESCRIPTION:The lecture will present new security research and the "DOM-bas
 ed extension clickjacking" technique\, which targets browser extensions. T
 he technique described is general and can be used on various types of web 
 browser extensions. The research itself focused on the 11 most widely used
  password managers. The result was the discovery of several serious zero-d
 ay vulnerabilities that affected millions of users.\n\nWas your password m
 anager vulnerable too? How did password manager developers respond to the 
 vulnerability? What could an attacker have gained? You will learn all this
  and much more in this lecture!\n\nThe event is part of the [Informatics E
 venings at FIT CTU](https://fit.cvut.cz/en/life-at-fit/fit-live/regular-ev
 ents/4917-informatics-evenings) series in cooperation with [IEEE Young Pro
 fessionals](https://www.ieee.cz/main/section/young-professionals/).\n\nMar
 ek Tóth\n\n[Marek Tóth](https://marektoth.com/) is an Ethical Hacker (Pe
 netration Tester). He deals with IT security\, focusing primarily on findi
 ng security vulnerabilities in web applications. He has been actively inte
 rested in this area since 2018\, searching for web vulnerabilities that co
 uld be exploited.\n\nMarek Tóth has discovered a number of significant an
 d widely publicized vulnerabilities\, including on Seznam ([article](https
 ://marektoth.cz/blog/kradez-cookies-na-seznamu)) and HeroHero ([article](h
 ttps://marektoth.cz/blog/herohero-kriticka-bezpecnostni-chyba/)). One of h
 is latest achievements was the discovery of vulnerabilities in widely used
  password managers with a potential impact on tens of millions of users wo
 rldwide ([article](https://marektoth.cz/blog/dom-based-extension-clickjack
 ing/)).\n\nRoom: T9:107\, Thákurova 9\, Czech Technical University in Pra
 gue\, Prague\, Czech Republic\, Czech Republic\, 160 00
LOCATION:Room: T9:107\, Thákurova 9\, Czech Technical University in Prague
 \, Prague\, Czech Republic\, Czech Republic\, 160 00
ORGANIZER:fiserp@fit.cvut.cz
SEQUENCE:1
SUMMARY:Informatics evenings: Data in password managers at risk – Clickja
 cking is still alive and well
URL;VALUE=URI:https://events.vtools.ieee.org/m/507867
X-ALT-DESC:Description: <br /><div class="row">\n<div class="col-lg-8 offse
 t-lg-2">\n<div class="perex entry">\n<p>The lecture will present new secur
 ity research and the "DOM-based extension clickjacking" technique\, which 
 targets browser extensions. The technique described is general and can be 
 used on various types of web browser extensions. The research itself focus
 ed on the 11 most widely used password managers. The result was the discov
 ery of several serious zero-day vulnerabilities that affected millions of 
 users.</p>\n</div>\n</div>\n</div>\n<div class="row">\n<div class="col-lg-
 8 offset-lg-2">\n<div class="entry">\n<p>Was your password manager vulnera
 ble too? How did password manager developers respond to the vulnerability?
  What could an attacker have gained? You will learn all this and much more
  in this lecture!</p>\n<p>The event is part of the&nbsp\;<a href="https://
 fit.cvut.cz/en/life-at-fit/fit-live/regular-events/4917-informatics-evenin
 gs">Informatics Evenings at FIT CTU</a>&nbsp\;series in cooperation with&n
 bsp\;<a href="https://www.ieee.cz/main/section/young-professionals/">IEEE 
 Young Professionals</a>.</p>\n</div>\n</div>\n</div>\n<div class="row">\n<
 div class="col-lg-8 offset-lg-2">\n<div class="entry">\n<p><strong>Marek T
 &oacute\;th</strong></p>\n<p><a href="https://marektoth.com/">Marek T&oacu
 te\;th</a>&nbsp\;is an Ethical Hacker (Penetration Tester). He deals with 
 IT security\, focusing primarily on finding security vulnerabilities in we
 b applications. He has been actively interested in this area since 2018\, 
 searching for web vulnerabilities that could be exploited.</p>\n<p>Marek T
 &oacute\;th has discovered a&nbsp\;number of significant and widely public
 ized vulnerabilities\, including on Seznam (<a href="https://marektoth.cz/
 blog/kradez-cookies-na-seznamu">article</a>) and HeroHero (<a href="https:
 //marektoth.cz/blog/herohero-kriticka-bezpecnostni-chyba/">article</a>). O
 ne of his latest achievements was the discovery of vulnerabilities in wide
 ly used password managers with a&nbsp\;potential impact on tens of million
 s of users worldwide (<a href="https://marektoth.cz/blog/dom-based-extensi
 on-clickjacking/">article</a>).</p>\n</div>\n</div>\n</div>
END:VEVENT
END:VCALENDAR