Application Security This Week for October 20

Here is a good writeup on the overflow error found in libssh2

https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/

 

Speaking of bugs in old software, here's one in sudo.

https://www.openwall.com/lists/oss-security/2019/10/14/1

 

Using data analysis to further research into malware sources, with PDB paths. Pretty neat!

https://www.fireeye.com/blog/threat-research/2019/10/definitive-dossier-of-devilish-debug-details-part-deux.html

 

And in IoT security news, the Catholic church's eRosery (no I'm not kidding) has a number of significant flaws.

https://www.msn.com/en-us/news/technology/vatican-s-wearable-rosary-gets-fix-for-app-flaw-allowing-easy-hacks/ar-AAIZICz?ocid=ARWLCHR

https://www.theregister.co.uk/2019/10/18/vatican_erosary_insecure/

 

That's the news, folks!

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList