This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Podcast News"

From OWASP
Jump to: navigation, search
m
m (OWASP Podcast Roundtable)
Line 7: Line 7:
 
'''Next Recording : January 21, 2010'''
 
'''Next Recording : January 21, 2010'''
  
ack! gee, thanks a lot for that disturbing image... *shudder* and you
+
===article ideas for discussion===
thought sleep deprivation had done weird things to you! :)
 
  
article ideas for discussion:
+
# [Full-disclosure] Microsoft Windows NT #GP Trap Handler Allows Users
 
 
1) [Full-disclosure] Microsoft Windows NT #GP Trap Handler Allows Users
 
 
to Switch Kernel Stack
 
to Switch Kernel Stack
 
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html
 
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html
 
+
** holey OS code, Batman! how do you even start to get a handle on this
--> holey OS code, Batman! how do you even start to get a handle on this
 
 
bugger? this isn't web app specific, but it squarely hits secure coding
 
bugger? this isn't web app specific, but it squarely hits secure coding
 
between the eyes. how does a bug like this survive for 17 years?
 
between the eyes. how does a bug like this survive for 17 years?
  
 +
# Top Ten Web Hacking Techniques of 2009 (Official) http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html
 +
do you agree? anything jump out? any good back-stories?
  
2) Top Ten Web Hacking Techniques of 2009 (Official)
+
# Google: A new approach to China
http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html
 
 
 
--> do you agree? anything jump out? any good back-stories?
 
 
 
 
 
3) Google: A new approach to China
 
 
http://googleblog.blogspot.com/2010/01/new-approach-to-china.html
 
http://googleblog.blogspot.com/2010/01/new-approach-to-china.html
 
+
is this important news? how does this affect the development
--> is this important news? how does this affect the development
 
 
community, particularly by extension? has anything really changed?
 
community, particularly by extension? has anything really changed?
  
 
+
# Google, China, "Aurora", and Advanced Persistent Threat
4) Google, China, "Aurora", and Advanced Persistent Threat
 
 
(this makes me want to start chanting "lions and tigers and bears - OH
 
(this makes me want to start chanting "lions and tigers and bears - OH
 
MY!":)
 
MY!":)
 
 
Operation “Aurora” Hit Google, Others
 
Operation “Aurora” Hit Google, Others
 
http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/
 
http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/
Line 61: Line 50:
 
2010... "Operation Aurora" and "advanced persistent threat"...
 
2010... "Operation Aurora" and "advanced persistent threat"...
  
 
+
# Microsoft Advances Search Privacy with Bing
5) Microsoft Advances Search Privacy with Bing
 
 
http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx
 
http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx
  
--> is this really that big a deal? do they really need the IP address
+
is this really that big a deal? do they really need the IP address
 
at all? is this doing enough, or does it fall far short?
 
at all? is this doing enough, or does it fall far short?
  
 
+
# Microsoft Seeks New Legal Framework For Cloud
6) Microsoft Seeks New Legal Framework For Cloud
 
 
http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter
 
http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter
  

Revision as of 21:19, 20 January 2010

OWASP Podcast News

OWASP NEWS October 2010

OWASP Podcast Roundtable

Next Recording : January 21, 2010

article ideas for discussion

  1. [Full-disclosure] Microsoft Windows NT #GP Trap Handler Allows Users

to Switch Kernel Stack http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html

    • holey OS code, Batman! how do you even start to get a handle on this

bugger? this isn't web app specific, but it squarely hits secure coding between the eyes. how does a bug like this survive for 17 years?

  1. Top Ten Web Hacking Techniques of 2009 (Official) http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html

do you agree? anything jump out? any good back-stories?

  1. Google: A new approach to China

http://googleblog.blogspot.com/2010/01/new-approach-to-china.html is this important news? how does this affect the development community, particularly by extension? has anything really changed?

  1. Google, China, "Aurora", and Advanced Persistent Threat

(this makes me want to start chanting "lions and tigers and bears - OH MY!":) Operation “Aurora” Hit Google, Others http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/

Hack of Google, Adobe Conducted Through Zero-Day IE Flaw http://www.wired.com/threatlevel/2010/01/hack-of-adob/

Microsoft Security Advisory (979352) Vulnerability in Internet Explorer Could Allow Remote Code Execution http://www.microsoft.com/technet/security/advisory/979352.mspx

Google v China http://taosecurity.blogspot.com/2010/01/google-v-china.html

Web-based systems vs. Advanced Persistent Threat http://jeremiahgrossman.blogspot.com/2010/01/web-based-systems-vs-advanced.html

--> A new IE 0-day brings mega-tech-corps to their knees. France and Germany respond by recommending against the use of IE altogether. Is this news? with so many IE6 apps still in use today, does it even matter?

--> this is also the source of a couple potential buzzword winners for 2010... "Operation Aurora" and "advanced persistent threat"...

  1. Microsoft Advances Search Privacy with Bing

http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx

is this really that big a deal? do they really need the IP address at all? is this doing enough, or does it fall far short?

  1. Microsoft Seeks New Legal Framework For Cloud

http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter

--> what sort of legislation/regulation do we need? what would be useful? we all know, I think, that's it going to happen one way or another. the question is what is and isn't useful.