#LDAP and #STARTTLS; NextGen Gallery #SQLi; Breaking CAPTCHAS

ISC StormCast for Thursday, March 2nd 2017

A daily summary of network and system security news from the SANS Internet Storm Center
Author:Johannes B. Ullrich, Ph.D.
See below for a schedule of classes I teach.
Created: Thursday, March 2nd 2017
Length: 6:00 minutes
Today's Headline: #LDAP and #STARTTLS; NextGen Gallery #SQLi; Breaking CAPTCHAS

If you like this podcast, then please consider telling others about it. Use this button to Tweet about this episode: click here. Errors? Corrections? Complaints? Player Problems? Please let us know here: https://isc.sans.edu/contact.html

Plain HTML5 Player
Fancy Player (with skip back/forward)

Show Notes

LDAP and STARTTLS
https://isc.sans.edu/forums/diary/SSLTLS+on+port+389+Say+what/22135/

Wordpress NextGen Gallery Plugin SQL Injection Vulnerability
https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html

Password Manager Insecurities
https://team-sik.org/trent_portfolio/password-manager-apps/

Slack Insecure Cross Window Messaging
https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/

Google Voice Recognition Used to Break Google ReCaptcha Audio Challenge
https://east-ee.com/2017/02/28/rebreakcaptcha-breaking-googles-recaptcha-v2-using-google/

Top of page

iTunes

MP3 Download

RSS Feed

Google Play

Stitcher

Podbean

Amazon Echo

YouTube

Spreaker

iOS App

Keywords: Security Network Technology Windows Linux Apple iOS Android Firewall

Prior Podcast: ISC StormCast for Wednesday, March 1st 2017

Next Podcast: ISC StormCast for Friday, March 3rd 2017

Top of page

Discussion

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form

Top of page

Interested in attending one of my classes? See below for my current schedule.

Intrusion Detection In-Depth	Columbia	Jun 26th - Jul 1st 2017
IPv6 Essentials	Washington	Jul 22nd - Jul 23rd 2017
Intrusion Detection In-Depth	Virginia Beach	Aug 21st - Aug 26th 2017
Defending Web Applications Security Essentials	Las Vegas	Sep 10th - Sep 15th 2017
IPv6 Essentials	Las Vegas	Sep 16th - Sep 17th 2017
Intrusion Detection In-Depth	Baltimore	Sep 25th - Sep 30th 2017
Intrusion Detection In-Depth	Singapore	Oct 16th - Oct 21st 2017
Intrusion Detection In-Depth	Berlin	Oct 23rd - Oct 28th 2017
IPv6 Essentials	Washington	Dec 12th - Dec 13th 2017
Defending Web Applications Security Essentials	Washington	Dec 14th - Dec 19th 2017