- Guide to WebRTC with Safari in the Wild (Chad Phillips)
- How Zoom's web client avoids using WebRTC (DataChannel Update)
- Is everyone switching to Unified Plan?
- Computer Vision on the Web with WebRTC and TensorFlow
- What I learned about H.264 for WebRTC video (Tim Panton)
- Breaking Point: WebRTC SFU Load Testing (Alex Gouaillard)
- AIY Vision Kit Part 1: TensorFlow Computer Vision on a Raspberry Pi Zero
webrtcH4cKS: ~ Let’s get better at fuzzing in 2019 – here’s how
Fuzzing is a Quality Assurance and security testing technique that provides unexpected, often random data to a program input to try to break it. Natalie Silvanovich from Google’s Project Zero team has had quite some fun fuzzing various different RTP implementations recently.
She found vulnerabilities in:
- WebRTC — mostly issues in the RTP payload
- Facetime – a few out-of-bounds, stack corruption, and heap corruption issues
- Whatsapp and what didn’t work
In a nutshell, she found a bunch of vulnerabilities just by throwing unexpected input at parsers. The range of applications which were vulnerable to this shows that the WebRTC/VoIP community does not yet have a process for doing this work ourselves. Meanwhile, the WebRTC folks at Google will have to improve their processes as well.