Application Security Weekly #40
Recorded November 19, 2018 at G-Unit Studios in Rhode Island!
- If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
- Join us for our Webcast with Chronicle entitled "Intelligence Powered Malware Hunting". This webcast will be held December 5th @3-4pm EST. Go to securityweekly.com/chronicle to register now!
- Sign up for Pandora Podcasting early access! Go to www.pandorapodcastbeta.splashthat.com to get access to our podcast on Pandora! The full release will be sometime in December.
Interview: John Kinsella, Qualys
Previously co-founder and head of product at Layered Insight, John now leads container security engineering at Qualys after it’s acquisition of Layered Insight. His 20-year background includes security and network consulting, software development, and datacenter operations. John is active in Cloud Security Alliance, NIST, and CIS container security standards working groups, is a Member of the Apache Software Foundation, and a Linux user since 1992.
Bugs, Breaches, and More!
1.) Instagram leaks passwords to the Public
2.) Apple Warned about iPhone X Hack that Stole "Deleted" photo"
3.) Clickjacking on Google MyAccount Worth $7,500
If you Build It, They Will Come
1.) Hacking Gmail's UX with From Fields
2.) Researchers discover Seven new Meltdown and Spectre attacks
3.) One and a half years of scanning GitHub for Sensitive Data
Learning & Tools
1.) James Wickett's thread on Open Source SAST options
2.) Kraken: A cross-platform Yara scanner built for Windows, Mac, FreeBSD, and Linux
3.) GitMiner: An advanced search tool for sensitive information stored in GitHub repos
Food for Thought
1.) What Surveillance Does to your Brain
2.) A bot now tels Financial Times reporters if they're only quoting Men
3.) CommitStrip: HTTP/3