Application Security This Week for February 24

by Bill Sempf 24. February 2019 10:39

Cool PoC of the Mac vulnerability CVE-2018-4193, an RCE in WindowServer.


Terrifying vulnerability in an underlying component of Docker, Kubernates, and other virtuilazation software leads to hypervisor breakdown.


An Oracle DCMA takedown of a Docker container leads to some interesting build awareness. Good Reddit thread.


A fourteen year old flaw was discovered in the encryption facility of WinRAR.  Whoops.  So much for the thousand eyes on open source theory.


Microsoft turbocharges GitHub's bug bounty program.


And that's the news!



Application Security This Week for February 17

by Bill Sempf 17. February 2019 12:56

A maintainer of the underlying runtime for Docker and Kubernetes) reported a vulnerability.


Here is a PoC codebase for the above.  Well written too.


Hashcat can now crack any eight chatacter Windows password in two hours.


Interested in Bug Bounties?  Think they are all taken?  Facebook CSRF finding nets $25,000.


And that's the news.


Application Security This Week for February 10

by Bill Sempf 10. February 2019 16:33

Ullaakut on Reddit posted this toolset: Gorsair, a tool to remotely access the exposed Docker API of vulnerable Docker containers.  Works, too.


Someone already pwned TLS 1.3, for crying out loud.


Cool attack on CORS configuration in mobile devices


RCE in Libreoffice.  Not so free NOW areya?


And that's the news. Stay warm.


Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites