|
|
(22 intermediate revisions by 3 users not shown) |
Line 1: |
Line 1: |
− | '''[[Podcast_News|OWASP Podcast News]]''' | + | '''[[Podcast_News|OWASP Podcast News]]''' |
| | | |
− | OWASP NEWS October 2010<br/> | + | OWASP NEWS 2010<br> |
| | | |
− | ==OWASP Podcast Roundtable == | + | == OWASP Podcast Roundtable == |
| | | |
− | '''Next Recording : January 21, 2010''' | + | '''Next Recording : Week of August 30, 2010. Day and Time TBD''' |
| | | |
− | ack! gee, thanks a lot for that disturbing image... *shudder* and you
| + | Suggested Topics: |
− | thought sleep deprivation had done weird things to you! :)
| |
| | | |
− | article ideas for discussion:
| + | # Is application security "a science" or a "hobby"? |
− | | + | # Do script kiddies, Ninjas, 3l1t3z, etc make a mockery of a serious business? |
− | 1) [Full-disclosure] Microsoft Windows NT #GP Trap Handler Allows Users
| + | # Is AppSec becoming a commodity service, what disciplines require skill and experience? |
− | to Switch Kernel Stack
| + | # ? |
− | http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html
| + | # ? |
− | | + | # ? |
− | --> holey OS code, Batman! how do you even start to get a handle on this
| |
− | bugger? this isn't web app specific, but it squarely hits secure coding
| |
− | between the eyes. how does a bug like this survive for 17 years?
| |
− | | |
− | | |
− | 2) Top Ten Web Hacking Techniques of 2009 (Official)
| |
− | http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html
| |
− | | |
− | --> do you agree? anything jump out? any good back-stories?
| |
− | | |
− | | |
− | 3) Google: A new approach to China
| |
− | http://googleblog.blogspot.com/2010/01/new-approach-to-china.html
| |
− | | |
− | --> is this important news? how does this affect the development
| |
− | community, particularly by extension? has anything really changed?
| |
− | | |
− | | |
− | 4) Google, China, "Aurora", and Advanced Persistent Threat
| |
− | (this makes me want to start chanting "lions and tigers and bears - OH
| |
− | MY!":)
| |
− | | |
− | Operation “Aurora” Hit Google, Others
| |
− | http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/
| |
− | | |
− | Hack of Google, Adobe Conducted Through Zero-Day IE Flaw
| |
− | http://www.wired.com/threatlevel/2010/01/hack-of-adob/
| |
− | | |
− | Microsoft Security Advisory (979352)
| |
− | Vulnerability in Internet Explorer Could Allow Remote Code Execution
| |
− | http://www.microsoft.com/technet/security/advisory/979352.mspx
| |
− | | |
− | Google v China
| |
− | http://taosecurity.blogspot.com/2010/01/google-v-china.html
| |
− | | |
− | Web-based systems vs. Advanced Persistent Threat
| |
− | http://jeremiahgrossman.blogspot.com/2010/01/web-based-systems-vs-advanced.html
| |
− | | |
− | --> A new IE 0-day brings mega-tech-corps to their knees. France and
| |
− | Germany respond by recommending against the use of IE altogether. Is
| |
− | this news? with so many IE6 apps still in use today, does it even matter?
| |
− | | |
− | --> this is also the source of a couple potential buzzword winners for
| |
− | 2010... "Operation Aurora" and "advanced persistent threat"...
| |
− | | |
− | | |
− | 5) Microsoft Advances Search Privacy with Bing
| |
− | http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx
| |
− | | |
− | --> is this really that big a deal? do they really need the IP address
| |
− | at all? is this doing enough, or does it fall far short?
| |
− | | |
− | | |
− | 6) Microsoft Seeks New Legal Framework For Cloud
| |
− | http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter
| |
− | | |
− | --> what sort of legislation/regulation do we need? what would be
| |
− | useful? we all know, I think, that's it going to happen one way or
| |
− | another. the question is what is and isn't useful.
| |