Bill Sempf
Here is a good writeup on the overflow error found in libssh2
https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
Speaking of bugs in old software, here's one in sudo.
https://www.openwall.com/lists/oss-security/2019/10/14/1
Using data analysis to further research into malware sources, with PDB paths. Pretty neat!
https://www.fireeye.com/blog/threat-research/2019/10/definitive-dossier-of-devilish-debug-details-part-deux.html
And in IoT security news, the Catholic church's eRosery (no I'm not kidding) has a number of significant flaws.
https://www.msn.com/en-us/news/technology/vatican-s-wearable-rosary-gets-fix-for-app-flaw-allowing-easy-hacks/ar-AAIZICz?ocid=ARWLCHR
https://www.theregister.co.uk/2019/10/18/vatican_erosary_insecure/
That's the news, folks!
Tags: ASTW
Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.
Subscribe