Application Security This Week for December 20

by Bill Sempf 20. December 2020 13:40

So, hey, yeah, how are all of you.  Clearly SolarWinds has completely overwhelmed the news this week, so I have a couple of notes about that. To those of you who are having to deal with this, I am with you in spirit. Doing what I can here from The Bunker to help you out.


Here was my first indication there was a problem, I believe.  It's pretty old news now.

I spoke about Supply Chain problems at the Central Ohio .NET Developer's group in March.  Oddly timed.

MicroSolved has a good writeup you should read.

This is Microsoft's breakdown on DLL Injection.  For the record, I attended a BoF session on this at DefCon 15(!) and everyone I talked to blew it off.  Guess not.


Some other news, thank goodness.


Github is gonna ban passwords.


The NSA finally figured out that authentication systems are under attack.


And finally, a short article about memcpy.


That's the news, folks, have a great holiday and end-of-year. May your systems be secure and your code be frozen.



Comments are closed

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites