[Owasp-cincinnati] Selected Info and App Sec News For Last Week 8/15-21/2010

Marco M. Morana marco.m.morana at gmail.com
Tue Aug 24 08:23:56 EDT 2010


Selected InfoSec and AppSec News For Last Week

 

Every year OWASP has (1) BIG EVENT in the United States - September 7th -
10th 2010 (in 2 weeks!!) is that event this year.

 

OWASP APPSEC USA 2010 - http://www.appsecusa.org

 

---- 

Tavis Ormandy has discovered a vulnerability in Microsoft Windows, which can
be exploited by malicious, local users to cause a Denial of Service (DoS).

 

http://secunia.com/advisories/41029/

 

 

--

 

Several vulnerabilities have been reported in Palm Pre WebOS, where some
have an unknown impact and others can be exploited to compromise a
vulnerable device.

 

--

 

HP acquires Software security Company Fortify

 

http://www.computerworld.com/s/article/9180872/HP_s_Fortify_buy_puts_spotlig
ht_on_obscure_but_important_niche

 

Hewlett-Packard's move this week to buy Fortify software focuses attention
on the increasingly important, but still mostly underutilized category of
application security products, security experts say.

 

--

 

Intel Acquires McAfee

 

http://arstechnica.com/business/news/2010/08/why-intel-bought-mcafee.ars

 

 

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1518841,
00.html?track=NL-102
<http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1518841
,00.html?track=NL-102&ad=781045&asrc=EM_NLN_12286503&uid=8026617>
&ad=781045&asrc=EM_NLN_12286503&uid=8026617

 

 

 

There's been quite a bit of head-scratching over Intel's decision to
purchase McAfee, but, despite all the breathless talk about mobile security
and ARM and virus-fighting processors, the chipmaker's motivations for the
purchase are actually fairly straightforward.

 

 

--

 

Hackers: 'ColdFusion bug more serious than Adobe says' 

 

http://www.theregister.co.uk/2010/08/16/adobe_coldfusion_vuln/

 

 

A recently patched vulnerability in Adobe's ColdFusion application server
may be more serious than previously thought..

 

---

 

Adobe's CISO: Adobe: Automatic updates and creating 'perfect' software

 

http://searchsecurity.techtarget.com/video/0,297151,sid14_gci1518315,00.html
?track=NL-102
<http://searchsecurity.techtarget.com/video/0,297151,sid14_gci1518315,00.htm
l?track=NL-102&ad=781037USCA&asrc=EM_NLN_12274686&uid=8026617>
&ad=781037USCA&asrc=EM_NLN_12274686&uid=8026617

 

 

 

 

From: Marco M. Morana [mailto:marco.m.morana at gmail.com] 
Sent: Thursday, August 12, 2010 8:35 AM
To: 'owasp-cincinnati at lists.owasp.org'
Subject: Selected Info and App Sec News For the Last Weeks

 

List

 

I will start using this mailing list for weekly updates on IS and AppSec
news, let me know if is something useful.

 

Thanks

 

McAfee Says Security Industry Failing On Cybercrime

http://www.informationweek.com/news/security/management/showArticle.jhtml?ar
ticleID=226600352

 

Record Patch Tuesday: Where to Begin

http://www.pcworld.com/businesscenter/article/203005/record_patch_tuesday_wh
ere_to_begin.html

Charlie Miller has discovered a vulnerability in Adobe Reader / Acrobat,
which can be exploited by malicious people to compromise a user's system.

http://secunia.com/advisories/40766

 

Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress,
which can be exploited by malicious people to compromise a user's system.

http://secunia.com/advisories/40775

 

SMS-Based Trojan Targeting Android Smartphones
http://www.informationweek.com/news/hardware/handheld/showArticle.jhtml?arti
cleID=226600359

 

Android wallpaper app that steals your data was downloaded by millions

http://mobile.venturebeat.com/2010/07/28/android-wallpaper-app-that-steals-y
our-data-was-downloaded-by-millions/

 

Black Hat: Mobile Flaws Get Attention

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jht
ml?articleID=226100127

 

How to Steal Corporate Secrets in 20 Minutes: Ask

http://www.csoonline.com/article/601615/how-to-steal-corporate-secrets-in-20
-minutes-ask

 

One Breach = $1 Million To $53 Million In Damages Per Year, Report Says

http://www.darkreading.com/database_security/security/attacks/showArticle.jh
tml?articleID=226200272

 

Dell ships motherboard with malicious code

http://www.zdnet.com/blog/security/dell-ships-motherboard-with-malicious-cod
e/6901

 

Marco Mirko Morana

OWASP Cincinnati USA Chapter Lead

Writing Secure Software Blogger

Application Threat Modeling Book Author

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20100824/041e6887/attachment.html 


More information about the Owasp-cincinnati mailing list