This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Podcast News"
From OWASP
m (→OWASP Podcast Roundtable) |
(→article ideas for discussion) |
||
| Line 8: | Line 8: | ||
===article ideas for discussion=== | ===article ideas for discussion=== | ||
| + | <PRE>1) [Full-disclosure] Microsoft Windows NT #GP Trap Handler Allows Users | ||
| + | to Switch Kernel Stack | ||
| + | <A HREF="http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html">http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html</A> | ||
| − | + | --> holey OS code, Batman! how do you even start to get a handle on this | |
| − | |||
| − | |||
| − | |||
bugger? this isn't web app specific, but it squarely hits secure coding | bugger? this isn't web app specific, but it squarely hits secure coding | ||
between the eyes. how does a bug like this survive for 17 years? | between the eyes. how does a bug like this survive for 17 years? | ||
| − | |||
| − | |||
| − | + | 2) Top Ten Web Hacking Techniques of 2009 (Official) | |
| − | http://googleblog.blogspot.com/2010/01/new-approach-to-china.html | + | <A HREF="http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html">http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html</A> |
| − | is this important news? how does this affect the development | + | |
| + | --> do you agree? anything jump out? any good back-stories? | ||
| + | |||
| + | 3) Google: A new approach to China | ||
| + | <A HREF="http://googleblog.blogspot.com/2010/01/new-approach-to-china.html">http://googleblog.blogspot.com/2010/01/new-approach-to-china.html</A> | ||
| + | |||
| + | --> is this important news? how does this affect the development | ||
community, particularly by extension? has anything really changed? | community, particularly by extension? has anything really changed? | ||
| − | + | 4) Google, China, "Aurora", and Advanced Persistent Threat | |
| − | (this makes me want to start chanting | + | (this makes me want to start chanting "lions and tigers and bears - OH |
| − | MY! | + | MY!":) |
| − | Operation | + | |
| − | http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/ | + | Operation “Aurora” Hit Google, Others |
| + | <A HREF="http://siblog.mcafee.com/cto/operation-“aurora”-hit-google-others/">http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/</A> | ||
Hack of Google, Adobe Conducted Through Zero-Day IE Flaw | Hack of Google, Adobe Conducted Through Zero-Day IE Flaw | ||
| − | http://www.wired.com/threatlevel/2010/01/hack-of-adob/ | + | <A HREF="http://www.wired.com/threatlevel/2010/01/hack-of-adob/">http://www.wired.com/threatlevel/2010/01/hack-of-adob/</A> |
Microsoft Security Advisory (979352) | Microsoft Security Advisory (979352) | ||
Vulnerability in Internet Explorer Could Allow Remote Code Execution | Vulnerability in Internet Explorer Could Allow Remote Code Execution | ||
| − | http://www.microsoft.com/technet/security/advisory/979352.mspx | + | <A HREF="http://www.microsoft.com/technet/security/advisory/979352.mspx">http://www.microsoft.com/technet/security/advisory/979352.mspx</A> |
Google v China | Google v China | ||
| − | http://taosecurity.blogspot.com/2010/01/google-v-china.html | + | <A HREF="http://taosecurity.blogspot.com/2010/01/google-v-china.html">http://taosecurity.blogspot.com/2010/01/google-v-china.html</A> |
Web-based systems vs. Advanced Persistent Threat | Web-based systems vs. Advanced Persistent Threat | ||
| − | http://jeremiahgrossman.blogspot.com/2010/01/web-based-systems-vs-advanced.html | + | <A HREF="http://jeremiahgrossman.blogspot.com/2010/01/web-based-systems-vs-advanced.html">http://jeremiahgrossman.blogspot.com/2010/01/web-based-systems-vs-advanced.html</A> |
| − | -- | + | --> A new IE 0-day brings mega-tech-corps to their knees. France and |
Germany respond by recommending against the use of IE altogether. Is | Germany respond by recommending against the use of IE altogether. Is | ||
this news? with so many IE6 apps still in use today, does it even matter? | this news? with so many IE6 apps still in use today, does it even matter? | ||
| − | -- | + | --> this is also the source of a couple potential buzzword winners for |
| − | 2010... | + | 2010... "Operation Aurora" and "advanced persistent threat"... |
| − | + | 5) Microsoft Advances Search Privacy with Bing | |
| − | http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx | + | <A HREF="http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx">http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx</A> |
| − | is this really that big a deal? do they really need the IP address | + | --> is this really that big a deal? do they really need the IP address |
at all? is this doing enough, or does it fall far short? | at all? is this doing enough, or does it fall far short? | ||
| − | + | 6) Microsoft Seeks New Legal Framework For Cloud | |
| − | http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter | + | <A HREF="http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter">http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter</A> |
| − | -- | + | --> what sort of legislation/regulation do we need? what would be |
useful? we all know, I think, that's it going to happen one way or | useful? we all know, I think, that's it going to happen one way or | ||
another. the question is what is and isn't useful. | another. the question is what is and isn't useful. | ||
| + | |||
| + | </PRE> | ||
Revision as of 21:23, 20 January 2010
OWASP Podcast News
OWASP NEWS October 2010
OWASP Podcast Roundtable
Next Recording : January 21, 2010
article ideas for discussion
1) [Full-disclosure] Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack <A HREF="http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html">http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html</A> --> holey OS code, Batman! how do you even start to get a handle on this bugger? this isn't web app specific, but it squarely hits secure coding between the eyes. how does a bug like this survive for 17 years? 2) Top Ten Web Hacking Techniques of 2009 (Official) <A HREF="http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html">http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html</A> --> do you agree? anything jump out? any good back-stories? 3) Google: A new approach to China <A HREF="http://googleblog.blogspot.com/2010/01/new-approach-to-china.html">http://googleblog.blogspot.com/2010/01/new-approach-to-china.html</A> --> is this important news? how does this affect the development community, particularly by extension? has anything really changed? 4) Google, China, "Aurora", and Advanced Persistent Threat (this makes me want to start chanting "lions and tigers and bears - OH MY!":) Operation “Aurora” Hit Google, Others <A HREF="http://siblog.mcafee.com/cto/operation-“aurora”-hit-google-others/">http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/</A> Hack of Google, Adobe Conducted Through Zero-Day IE Flaw <A HREF="http://www.wired.com/threatlevel/2010/01/hack-of-adob/">http://www.wired.com/threatlevel/2010/01/hack-of-adob/</A> Microsoft Security Advisory (979352) Vulnerability in Internet Explorer Could Allow Remote Code Execution <A HREF="http://www.microsoft.com/technet/security/advisory/979352.mspx">http://www.microsoft.com/technet/security/advisory/979352.mspx</A> Google v China <A HREF="http://taosecurity.blogspot.com/2010/01/google-v-china.html">http://taosecurity.blogspot.com/2010/01/google-v-china.html</A> Web-based systems vs. Advanced Persistent Threat <A HREF="http://jeremiahgrossman.blogspot.com/2010/01/web-based-systems-vs-advanced.html">http://jeremiahgrossman.blogspot.com/2010/01/web-based-systems-vs-advanced.html</A> --> A new IE 0-day brings mega-tech-corps to their knees. France and Germany respond by recommending against the use of IE altogether. Is this news? with so many IE6 apps still in use today, does it even matter? --> this is also the source of a couple potential buzzword winners for 2010... "Operation Aurora" and "advanced persistent threat"... 5) Microsoft Advances Search Privacy with Bing <A HREF="http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx">http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx</A> --> is this really that big a deal? do they really need the IP address at all? is this doing enough, or does it fall far short? 6) Microsoft Seeks New Legal Framework For Cloud <A HREF="http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter">http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter</A> --> what sort of legislation/regulation do we need? what would be useful? we all know, I think, that's it going to happen one way or another. the question is what is and isn't useful.
