This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Podcast News"

From OWASP
Jump to: navigation, search
m
m (OWASP Podcast Roundtable)
 
(18 intermediate revisions by 3 users not shown)
Line 1: Line 1:
'''[[Podcast_News|OWASP Podcast News]]'''
+
'''[[Podcast_News|OWASP Podcast News]]'''  
  
OWASP NEWS October 2009<br/>
+
OWASP NEWS 2010<br>  
  
==OWASP Podcast Roundtable ==
+
== OWASP Podcast Roundtable ==
  
'''Next Recording : January 22, 2010'''
+
'''Next Recording&nbsp;: Week of August 30, 2010. Day and Time TBD'''
  
====[Full-disclosure] Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack====
+
Suggested Topics:
http://archives.neohapsis.com/archives/fulldisclosure/2010-01/0346.html
 
  
--> holey OS code, Batman! how do you even start to get a handle on this
+
# Is application security "a science" or a "hobby"?
bugger? this isn't web app specific, but it squarely hits secure coding
+
# Do script kiddies, Ninjas, 3l1t3z, etc make a mockery of a serious business?
between the eyes. how does a bug like this survive for 17 years?
+
# Is AppSec becoming a commodity service, what disciplines require skill and experience?
 
+
# ?
====Top Ten Web Hacking Techniques of 2009 (Official)====
+
# ?
http://jeremiahgrossman.blogspot.com/2010/01/top-ten-web-hacking-techniques-of-2009.html
+
# ?
 
 
--> do you agree? anything jump out? any good back-stories?
 
 
 
====Google: A new approach to China====
 
http://googleblog.blogspot.com/2010/01/new-approach-to-china.html
 
 
 
--> is this important news? how does this affect the development
 
community, particularly by extension? has anything really changed?
 
 
 
====Google, China, "Aurora", and Advanced Persistent Threat====
 
(this makes me want to start chanting "lions and tigers and bears - OH
 
MY!":)
 
 
 
Operation “Aurora” Hit Google, Others
 
http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/
 
 
 
Hack of Google, Adobe Conducted Through Zero-Day IE Flaw
 
http://www.wired.com/threatlevel/2010/01/hack-of-adob/
 
 
 
Microsoft Security Advisory (979352)
 
Vulnerability in Internet Explorer Could Allow Remote Code Execution
 
http://www.microsoft.com/technet/security/advisory/979352.mspx
 
 
 
Google v China
 
http://taosecurity.blogspot.com/2010/01/google-v-china.html
 
 
 
Web-based systems vs. Advanced Persistent Threat
 
http://jeremiahgrossman.blogspot.com/2010/01/web-based-systems-vs-advanced.html
 
 
 
--> A new IE 0-day brings mega-tech-corps to their knees. France and
 
Germany respond by recommending against the use of IE altogether. Is
 
this news? with so many IE6 apps still in use today, does it even matter?
 
 
 
--> this is also the source of a couple potential buzzword winners for
 
2010... "Operation Aurora" and "advanced persistent threat"...
 
 
 
====Microsoft Advances Search Privacy with Bing====
 
http://microsoftontheissues.com/cs/blogs/mscorp/archive/2010/01/18/microsoft-advances-search-privacy-with-bing.aspx
 
 
 
--> is this really that big a deal? do they really need the IP address
 
at all? is this doing enough, or does it fall far short?
 
 
 
====Microsoft Seeks New Legal Framework For Cloud====
 
http://www.informationweek.com/news/government/policy/showArticle.jhtml?articleID=222301657&cid=IWK_Government-Twitter
 
 
 
--> what sort of legislation/regulation do we need? what would be
 
useful? we all know, I think, that's it going to happen one way or
 
another. the question is what is and isn't useful.
 

Latest revision as of 16:59, 26 August 2010

OWASP Podcast News

OWASP NEWS 2010

OWASP Podcast Roundtable

Next Recording : Week of August 30, 2010. Day and Time TBD

Suggested Topics:

  1. Is application security "a science" or a "hobby"?
  2. Do script kiddies, Ninjas, 3l1t3z, etc make a mockery of a serious business?
  3. Is AppSec becoming a commodity service, what disciplines require skill and experience?
  4.  ?
  5.  ?
  6.  ?