|
|
| (20 intermediate revisions by 3 users not shown) |
| Line 1: |
Line 1: |
| − | '''[[Podcast_News|OWASP Podcast News]]''' | + | '''[[Podcast_News|OWASP Podcast News]]''' |
| | | | |
| − | OWASP NEWS October 2010<br/> | + | OWASP NEWS 2010<br> |
| | | | |
| − | ==OWASP Podcast Roundtable == | + | == OWASP Podcast Roundtable == |
| | | | |
| − | '''Next Recording : January 21, 2010''' | + | '''Next Recording : Week of August 30, 2010. Day and Time TBD''' |
| | | | |
| − | ===article ideas for discussion===
| + | Suggested Topics: |
| − | <PRE>1) [Full-disclosure] Microsoft Windows NT #GP Trap Handler Allows Users
| |
| − | to Switch Kernel Stack
| |
| − | <A HREF="http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html">http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html</A>
| |
| | | | |
| − | --> holey OS code, Batman! how do you even start to get a handle on this
| + | # Is application security "a science" or a "hobby"? |
| − | bugger? this isn't web app specific, but it squarely hits secure coding
| + | # Do script kiddies, Ninjas, 3l1t3z, etc make a mockery of a serious business? |
| − | between the eyes. how does a bug like this survive for 17 years?
| + | # Is AppSec becoming a commodity service, what disciplines require skill and experience? |
| − | | + | # ? |
| − | | + | # ? |
| − | 2) Top Ten Web Hacking Techniques of 2009 (Official)
| + | # ? |
| − | <A HREF="http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html">http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html</A>
| |
| − | | |
| − | --> do you agree? anything jump out? any good back-stories?
| |
| − | | |
| − | 3) Google: A new approach to China
| |
| − | <A HREF="http://googleblog.blogspot.com/2010/01/new-approach-to-china.html">http://googleblog.blogspot.com/2010/01/new-approach-to-china.html</A>
| |
| − | | |
| − | --> is this important news? how does this affect the development
| |
| − | community, particularly by extension? has anything really changed?
| |
| − | | |
| − | 4) Google, China, "Aurora", and Advanced Persistent Threat
| |
| − | (this makes me want to start chanting "lions and tigers and bears - OH
| |
| − | MY!":)
| |
| − | | |
| − | Operation “Aurora” Hit Google, Others
| |
| − | <A HREF="http://siblog.mcafee.com/cto/operation-“aurora”-hit-google-others/">http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/</A>
| |
| − | | |
| − | Hack of Google, Adobe Conducted Through Zero-Day IE Flaw
| |
| − | <A HREF="http://www.wired.com/threatlevel/2010/01/hack-of-adob/">http://www.wired.com/threatlevel/2010/01/hack-of-adob/</A>
| |
| − | | |
| − | Microsoft Security Advisory (979352)
| |
| − | Vulnerability in Internet Explorer Could Allow Remote Code Execution
| |
| − | <A HREF="http://www.microsoft.com/technet/security/advisory/979352.mspx">http://www.microsoft.com/technet/security/advisory/979352.mspx</A>
| |
| − | | |
| − | Google v China
| |
| − | <A HREF="http://taosecurity.blogspot.com/2010/01/google-v-china.html">http://taosecurity.blogspot.com/2010/01/google-v-china.html</A>
| |
| − | | |
| − | Web-based systems vs. Advanced Persistent Threat
| |
| − | <A HREF="http://jeremiahgrossman.blogspot.com/2010/01/web-based-systems-vs-advanced.html">http://jeremiahgrossman.blogspot.com/2010/01/web-based-systems-vs-advanced.html</A>
| |
| − | | |
| − | --> A new IE 0-day brings mega-tech-corps to their knees. France and
| |
| − | Germany respond by recommending against the use of IE altogether. Is
| |
| − | this news? with so many IE6 apps still in use today, does it even matter?
| |
| − | | |
| − | --> this is also the source of a couple potential buzzword winners for
| |
| − | 2010... "Operation Aurora" and "advanced persistent threat"...
| |
| − | | |
| − | 5) Microsoft Advances Search Privacy with Bing
| |
| − | <A HREF="http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx">http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx</A>
| |
| − | | |
| − | --> is this really that big a deal? do they really need the IP address
| |
| − | at all? is this doing enough, or does it fall far short?
| |
| − | | |
| − | 6) Microsoft Seeks New Legal Framework For Cloud
| |
| − | <A HREF="http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter">http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter</A>
| |
| − | | |
| − | --> what sort of legislation/regulation do we need? what would be
| |
| − | useful? we all know, I think, that's it going to happen one way or
| |
| − | another. the question is what is and isn't useful.
| |
| − | | |
| − | </PRE>
| |
