|
|
| (10 intermediate revisions by the same user not shown) |
| Line 5: |
Line 5: |
| | == OWASP Podcast Roundtable == | | == OWASP Podcast Roundtable == |
| | | | |
| − | '''Next Recording : February 16, 2010''' | + | '''Next Recording : Week of August 30, 2010. Day and Time TBD''' |
| | | | |
| − | ==== US Cybersecurity Bill ====
| + | Suggested Topics: |
| | | | |
| − | [http://www.theregister.co.uk/2010/02/04/house_cybersecurity_bill/ http://www.theregister.co.uk/2010/02/04/house_cybersecurity_bill/]
| + | # Is application security "a science" or a "hobby"? |
| − | | + | # Do script kiddies, Ninjas, 3l1t3z, etc make a mockery of a serious business? |
| − | The US House of Representatives has overwhelmingly passed a bill that would direct almost $400m toward research designed to shore up the nation's cybersecurity defenses.
| + | # Is AppSec becoming a commodity service, what disciplines require skill and experience? |
| − | | + | # ? |
| − | The Cybersecurity Enhancement Act would authorize $108.7m over five years to establish a cybersecurity scholarship program. In return, students would serve in federal government posts upon graduation.
| + | # ? |
| − | | + | # ? |
| − | ==== Microsoft's 1999 "Secure Windows Initiative" ====
| |
| − | | |
| − | Proof that Microsoft's 1999 "Secure Windows Initiative" and 2002 "Trustworthy Computing" have provided immutably secure software:
| |
| − | | |
| − | ===== New IE zero-day : IE Flaw Allows File Access =====
| |
| − | (February 3 & 4, 2010)
| |
| − | | |
| − | Microsoft has issued a security advisory warning of a vulnerability in Internet Explorer (IE) that affects users running Windows XP or who have disabled IE Protected Mode. The vulnerability essentially turns vulnerable computers into "public file server[s];" attackers can exploit the flaw to access files with known filenames and locations if they trick users into visiting specially-crafted websites. The vulnerability is the result of incorrectly rendering local files in the browser. It affects IE 5.01 and IE 6 on Windows 2000; IE 6 on Windows 2000 SP 4; and IE 6, 7 & 8 on Windows XP and Windows Server 2003.
| |
| − | http://www.microsoft.com/technet/security/advisory/980088.mspx
| |
| − | http://www.theregister.co.uk/2010/02/04/ms_browser_bug/
| |
| − | http://www.computerworld.com/s/article/9151838/IE_flaw_gives_hackers_access_to_user_files_Microsoft_says?taxonomyId=17
| |
| − | | |
| − | ===== Google to Drop IE 6 Support =====
| |
| − | | |
| − | (February 3, 2010)
| |
| − | Google has announced that as of March 1, 2010, its applications will no longer support Internet Explorer 6 (IE 6). Although Google did not say so directly, the decision may have been influenced by recently disclosed attacks against Google and other US companies that exploited a vulnerability in IE 6. The attacks prompted public warnings in Germany, France and Australia against using IE 6.
| |
| − | http://www.msnbc.msn.com/id/35219388/ns/technology_and_science-security/
| |
