This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Podcast News"

From OWASP
Jump to: navigation, search
m
Line 1: Line 1:
'''[[Podcast_News|OWASP Podcast News]]'''
+
'''[[Podcast_News|OWASP Podcast News]]'''  
  
OWASP NEWS October 2009<br/>
+
OWASP NEWS October 2009<br>  
  
==OWASP Podcast Roundtable ==
+
== OWASP Podcast Roundtable ==
  
'''Next Recording : January 22, 2010'''
+
'''Next Recording&nbsp;: January 22, 2010'''  
  
====[Full-disclosure] Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack====
+
==== [Full-disclosure] Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack ====
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html
 
  
--> holey OS code, Batman! how do you even start to get a handle on this
+
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html
bugger? this isn't web app specific, but it squarely hits secure coding
 
between the eyes. how does a bug like this survive for 17 years?
 
  
====Top Ten Web Hacking Techniques of 2009 (Official)====
+
''Discussion'':&nbsp;holey OS code, Batman! how do you even start to get a handle on this bugger? this isn't web app specific, but it squarely hits secure coding between the eyes. how does a bug like this survive for 17 years?
http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html
 
  
--> do you agree? anything jump out? any good back-stories?
+
==== Top Ten Web Hacking Techniques of 2009 (Official)  ====
  
====Google: A new approach to China====
+
http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html  
http://googleblog.blogspot.com/2010/01/new-approach-to-china.html
 
  
--> is this important news? how does this affect the development
+
''Discussion'':&nbsp;do you agree? anything jump out? any good back-stories?  
community, particularly by extension? has anything really changed?
 
  
====Google, China, "Aurora", and Advanced Persistent Threat====
+
==== Google, China, "Aurora", and Advanced Persistent Threat ====
(this makes me want to start chanting "lions and tigers and bears - OH
 
MY!":)
 
  
Operation “Aurora” Hit Google, Others
+
(''this makes me want to start chanting "lions and tigers and bears - OH MY!"'')
http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/
 
  
Hack of Google, Adobe Conducted Through Zero-Day IE Flaw
+
Google: A new approach to China<br> http://googleblog.blogspot.com/2010/01/new-approach-to-china.html
http://www.wired.com/threatlevel/2010/01/hack-of-adob/
 
  
Microsoft Security Advisory (979352)
+
Operation “Aurora” Hit Google, Others<br> http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/  
Vulnerability in Internet Explorer Could Allow Remote Code Execution
 
http://www.microsoft.com/technet/security/advisory/979352.mspx
 
  
Google v China
+
Hack of Google, Adobe Conducted Through Zero-Day IE Flaw<br> http://www.wired.com/threatlevel/2010/01/hack-of-adob/
http://taosecurity.blogspot.com/2010/01/google-v-china.html
 
  
Web-based systems vs. Advanced Persistent Threat
+
Microsoft Security Advisory (979352) Vulnerability in Internet Explorer Could Allow Remote Code Execution<br> http://www.microsoft.com/technet/security/advisory/979352.mspx
http://jeremiahgrossman.blogspot.com/2010/01/web-based-systems-vs-advanced.html
 
  
--> A new IE 0-day brings mega-tech-corps to their knees. France and
+
Google v China<br> http://taosecurity.blogspot.com/2010/01/google-v-china.html
Germany respond by recommending against the use of IE altogether. Is
 
this news? with so many IE6 apps still in use today, does it even matter?
 
  
--> this is also the source of a couple potential buzzword winners for
+
Web-based systems vs. Advanced Persistent Threat<br> http://jeremiahgrossman.blogspot.com/2010/01/web-based-systems-vs-advanced.html
2010... "Operation Aurora" and "advanced persistent threat"...
 
  
====Microsoft Advances Search Privacy with Bing====
+
''Discussion'':&nbsp;is this important news? how does this affect the development community, particularly by extension? has anything really changed?
http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx
 
  
--> is this really that big a deal? do they really need the IP address
+
''Discussion'':&nbsp;A new IE 0-day brings mega-tech-corps to their knees. France and Germany respond by recommending against the use of IE altogether. Is this news? with so many IE6 apps still in use today, does it even matter?  
at all? is this doing enough, or does it fall far short?
 
  
====Microsoft Seeks New Legal Framework For Cloud====
+
''Discussion'':&nbsp;this is also the source of a couple potential buzzword winners for 2010... "Operation Aurora" and "advanced persistent threat"...  
http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter
 
  
--> what sort of legislation/regulation do we need? what would be
+
==== Microsoft Advances Search Privacy with Bing  ====
useful? we all know, I think, that's it going to happen one way or
+
 
another. the question is what is and isn't useful.
+
http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx
 +
 
 +
''Discussion'':&nbsp;is this really that big a deal? do they really need the IP address at all? is this doing enough, or does it fall far short?
 +
 
 +
==== Microsoft Seeks New Legal Framework For Cloud  ====
 +
 
 +
http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&amp;cid=IWK_Government-Twitter
 +
 
 +
''Discussion'':&nbsp;what sort of legislation/regulation do we need? what would be useful? we all know, I think, that's it going to happen one way or another. the question is what is and isn't useful.

Revision as of 21:57, 20 January 2010

OWASP Podcast News

OWASP NEWS October 2009

OWASP Podcast Roundtable

Next Recording : January 22, 2010

[Full-disclosure] Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack

http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html

Discussion: holey OS code, Batman! how do you even start to get a handle on this bugger? this isn't web app specific, but it squarely hits secure coding between the eyes. how does a bug like this survive for 17 years?

Top Ten Web Hacking Techniques of 2009 (Official)

http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html

Discussion: do you agree? anything jump out? any good back-stories?

Google, China, "Aurora", and Advanced Persistent Threat

(this makes me want to start chanting "lions and tigers and bears - OH MY!")

Google: A new approach to China
http://googleblog.blogspot.com/2010/01/new-approach-to-china.html

Operation “Aurora” Hit Google, Others
http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/

Hack of Google, Adobe Conducted Through Zero-Day IE Flaw
http://www.wired.com/threatlevel/2010/01/hack-of-adob/

Microsoft Security Advisory (979352) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/979352.mspx

Google v China
http://taosecurity.blogspot.com/2010/01/google-v-china.html

Web-based systems vs. Advanced Persistent Threat
http://jeremiahgrossman.blogspot.com/2010/01/web-based-systems-vs-advanced.html

Discussion: is this important news? how does this affect the development community, particularly by extension? has anything really changed?

Discussion: A new IE 0-day brings mega-tech-corps to their knees. France and Germany respond by recommending against the use of IE altogether. Is this news? with so many IE6 apps still in use today, does it even matter?

Discussion: this is also the source of a couple potential buzzword winners for 2010... "Operation Aurora" and "advanced persistent threat"...

Microsoft Advances Search Privacy with Bing

http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx

Discussion: is this really that big a deal? do they really need the IP address at all? is this doing enough, or does it fall far short?

Microsoft Seeks New Legal Framework For Cloud

http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter

Discussion: what sort of legislation/regulation do we need? what would be useful? we all know, I think, that's it going to happen one way or another. the question is what is and isn't useful.