ASW Episode11

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #11

Recorded April 6th, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • Go to itpro.tv/securityweekly and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
    • Check out SOURCE Boston 2018 from May 9th - 10th! Go to sourceconference.com and register using the code SW75WMKW to get a $75 discount!
    • We’ve recently added “The State of Security Education and Training” webcast with ITProTV & RWU to our content available On-Demand at: securityweekly.com/ondemand. This material is available free to our security weekly listeners and subscribers. Also, be sure to check out “The State of Penetration Testing” with BHIS and some other previously recorded webcasts you may have missed!
    • Bugcrowd is Hiring! After closing a Series C funding round at $26 Million, Bugcrowd is expanding headcount across the organization. Checkout Bugcrowd.com/careers, or email Hoodie@SecurityWeekly.com to find out more
    • Looking to hire Junior or Senior talent in the Boston area? There are a number of people from the DEFCON 617 Group interested in new opportunities - email Hoodie@SecurityWeekly.com to get connected with them!

    Topic:

    One Language to Rule Them All Node-based Operating System, NodeOS

    Learning & Tools

    1.) AMass - Subdomain Discovery tool

    2.) Pwn.JS Browser Exploitation library

    3.) Gron: make JSON Grep-able

    4.) "Selenium: Dark Side of the Moon" by Adam Reiser

    News

    Shout out to Daniel Miessler at IOActive for his Unsupervised Learning Bi-Weekly Newsletter

    Bugs, Breaches, and More!

    1.) Beep for Local Privilege Escalation

    2.) APFS Encrypted Plaintext Password found in ANOTHER (More Persistent!) macOS Log File

    3.) ‘Highly critical’ CMS bug has left over 1 million sites open to attack

    4.) Microsoft Rushes Out Fix for Major Hole Caused by Previous Meltdown Patch

    5.) Intel admits a load of its CPUs have Spectre v2 flaw that can't be fixed

    If you build it, they will come

    1.) 45 Million downloads for a JavaScript function that already exists

    2.) Cloudlfare introduces DNS Resolver 1.1.1.1

    3.) Criminals are Hijacking your Computer to mine Cryptocurrency

    4.) Google Chrome is scanning your Windows system for viruses Kelly Shortridge discovery

    5.) Slack’s new policy lets bosses read employees’ DMs without consent

    Food for Thought

    1.) Google releases it's own JavaScript Style Guide

    2.) Apple Plans to Use Its Own Chips in Macs From 2020, Replacing Intel

    3.) Aiming to fill skill gaps in AI, Microsoft makes training courses available to the public

    4.) Georgia Passes Anti-Infosec Legislation

    5.) The Reason Software Remains Insecure

    6.) NASA receives response from Voyager 1 spacecraft 13 billion miles away after 37 years of inactivity

    7.) Run Less Software

    8.) Commit Strip - Storing Data

    9.) Commit Strip - A Story about Full-Stack Javascript


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+