Application Security This Week for March 10

The NSA has open sourced their internal reverse engineering tool.  It's so good, many consultants I know and trust have moved to it from IDA.

https://ghidra-sre.org/

 

This is a great story from the Verge that reminds us all to occasionally look at the ANSI alphabet for attacks ... and passwords.

https://www.theverge.com/tldr/2019/3/5/18252150/bad-password-security-data-breach-taiwan-ji32k7au4a83-have-i-been-pwned

 

Remember that guy, who might or might not write this blog, who said that SPECTRE isn't a real vulnerability and it will never be exploitable?  Well, he was wrong.  Again.

https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/

 

In the department of Standing On The Shoulders of Giants, we have a ring of GitHub accounts that are promoting forked and backdoored versions of popular software.

https://www.zdnet.com/article/researchers-uncover-ring-of-github-accounts-promoting-300-backdoored-apps/

 

And that's the news!

 

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList