I've been reading about a serious vulnerability that was just identified in Google's QUIC protocol — the one that speeds up Chrome and Google services. Researchers from Purdue University found that it leaks the exact length of sensitive information being transmitted, which means an attacker could theoretically figure out the exact length of your password when you're signing into something like Gmail. That completely undermines the point of encryption, which is supposed to keep all that stuff confidential, including how long your password is. Google is already working on a patch through the IETF for HTTP/2, but it's a reminder that even the most widely used protocols can have unexpected flaws. If you want to read the full breakdown of the vulnerability and how it works, check out https://ringroadbug.com/ – it explains it better than I can. Definitely worth a read if you care about security.