Application Security This Week for May 24

Happy Memorial Day! Take a minute to learn something new about the seven branches of the US Military (see you learned something already)

https://www.defense.gov/Our-Story/Our-Forces/

 

A new decompiler for ... wait for it ... Visual Studio Code. Yup. Uses Ghidra and IDApro. Neat.

https://marketplace.visualstudio.com/items?itemName=tintinweb.vscode-decompiler

 

Tenable did a fantastic writeup of Signal's use of WebRTC, and how to abuse it.  Really good research.

https://medium.com/tenable-techblog/turning-signal-app-into-a-coarse-tracking-device-643eb4298447

 

Georgetown University published a paper (PDF) on ethics and Artificial Intelligence.

https://cset.georgetown.edu/wp-content/uploads/CSET-A-National-Security-Research-Agenda-for-Cybersecurity-and-Artificial-Intelligence.pdf

 

There was a Remote Code Vulnerability in Google's Cloud Deployment Manager.

https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html?m=1

There is also a username harvesting vulnerability in Azure Portal, but I'll handle that under separate cover.

 

Not appsec related, but very interesting.  Windows 10 got tcpdump. Now, it's not a conspiracy, it's a debugging tool. Geez, people.

https://www.bleepingcomputer.com/news/microsoft/windows-10-quietly-got-a-built-in-network-sniffer-how-to-use/

 

Hope everyone is doing well. Stay in touch.

S

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList