Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: #LDAP and #STARTTLS; NextGen Gallery #SQLi; Breaking CAPTCHAS - SANS Internet Storm Center #LDAP and #STARTTLS; NextGen Gallery #SQLi; Breaking CAPTCHAS


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
podcast logo

ISC StormCast for Thursday, March 2nd 2017

A daily summary of network and system security news from the SANS Internet Storm Center
Author:Johannes B. Ullrich, Ph.D.
See below for a schedule of classes I teach.
Created: Thursday, March 2nd 2017
Length: 6:00 minutes
Today's Headline: #LDAP and #STARTTLS; NextGen Gallery #SQLi; Breaking CAPTCHAS

If you like this podcast, then please consider telling others about it. Use this button to Tweet about this episode: click here. Errors? Corrections? Complaints? Player Problems? Please let us know here: https://isc.sans.edu/contact.html

Plain HTML5 Player
Fancy Player (with skip back/forward)

Show Notes

LDAP and STARTTLS
https://isc.sans.edu/forums/diary/SSLTLS+on+port+389+Say+what/22135/

Wordpress NextGen Gallery Plugin SQL Injection Vulnerability
https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html

Password Manager Insecurities
https://team-sik.org/trent_portfolio/password-manager-apps/

Slack Insecure Cross Window Messaging
https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/

Google Voice Recognition Used to Break Google ReCaptcha Audio Challenge
https://east-ee.com/2017/02/28/rebreakcaptcha-breaking-googles-recaptcha-v2-using-google/

Discussion

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form

Interested in attending one of my classes? See below for my current schedule.

Defending Web Applications Security EssentialsLas VegasSep 10th - Sep 15th 2017
IPv6 EssentialsLas VegasSep 16th - Sep 17th 2017
Intrusion Detection In-DepthBaltimoreSep 25th - Sep 30th 2017
Intrusion Detection In-DepthSingaporeOct 16th - Oct 21st 2017
Intrusion Detection In-DepthBerlinOct 23rd - Oct 28th 2017
IPv6 EssentialsWashingtonDec 12th - Dec 13th 2017
Defending Web Applications Security EssentialsWashingtonDec 14th - Dec 19th 2017