Welcome to “Surviving the Week”!
Each week I will be collecting the top news/stories/articles/blog_posts related to application security. These may not always be the big headlines or directly focused on application security, but they will be the items that interested me the most, and hopefully will be of interest to my readers. Great replacement for Jeremiah’s defunct “Best of Application Security” series.
- Google SSL Cert Compromise: Info and fallout details here, here, here, here and here.
- Kernel.org Hacked – Geek community attacks itself, <sarcasm>Real nice<sarcasm>.
- This week on Celebrity Deathmatch: Battle of CSO’s
Oracle CSO Mary Ann Davidson vs Veracode CSO Chris Wysopal
- WAF != Firewall – Yes, that’s right. I’m self promoting, deal with it.
- Most security pros don’t think a breach will happen to them – Title says it all… oh, and the security pros are wrong.
- The Good, Bad, and Ugly of Technology Acquisitions – Amrit Williams explains his thoughts and experiences from his time during the IBM acquisition of BixFix.
- Sometimes Input MUST be validated Client-Side: o_O – After watching Matt Johansen‘s Hacking Google Chrome talk at B-Sides LA, I think this is a very serious issue to be watching in the months/years ahead.
- DDos attack using Google Plus Servers – Nothing earth shattering here, but props on the clever attack.
- Kevin Mitnick on Colbert Report – I know this is 2 weeks old, but very cool to have a “hacker” as a guest on Colbert.