Handler on Duty: Didier Stevens
Threat Level: green
Podcast Detail
SQL Auth Weakness; Windows Defender Pretender; Dell Compellent Static Key; Sogou Keyboard Vuln;
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://chrt.fm/track/2748D7/https://traffic.libsyn.com/securitypodcast/8612.mp3
My Next Class
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Interested in Internet Storm Center stickers? Check here if there are still some available for today.
Some things never change, such as SQL Authentication "Encryption"
https://isc.sans.edu/diary/Some%20things%20never%20change%20%3F%20such%20as%20SQL%20Authentication%20%3Fencryption%3F/30112
Defender Pretender: When Windows Defender Updates Become a Security Risk
https://www.blackhat.com/us-23/briefings/schedule/#defender-pretender-when-windows-defender-updates-become-a-security-risk-32706
Dell Compellent Hardcoded Key
https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities
Vulnerabilities in Sogou Keyboard
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
https://isc.sans.edu/diary/Some%20things%20never%20change%20%3F%20such%20as%20SQL%20Authentication%20%3Fencryption%3F/30112
Defender Pretender: When Windows Defender Updates Become a Security Risk
https://www.blackhat.com/us-23/briefings/schedule/#defender-pretender-when-windows-defender-updates-become-a-security-risk-32706
Dell Compellent Hardcoded Key
https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities
Vulnerabilities in Sogou Keyboard
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
Discussion
New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Network Monitoring and Threat Detection In-Depth | Baltimore | Mar 3rd - Mar 8th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Apr 13th - Apr 18th 2025 |