Live from the PaulDotCom Security Weekly Studio....
This episode was also broadcast over our Icecast server. Details will be announced in our IRC chatroom #pauldotcom on Freenode (irc.freenode.net) and on the PaulDotcom blog.
- Sponsored by Core Security, listen for the discount code at the end of the show
- Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
- You should register for SANS Las Vegas 2006, we will be there doing a live show!
- Please go update our frapper map!
- Full Show Notes
Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com
Direct Audio Download
No Video This Week, we are working on the next episode, hoping for an August release.
There are several of them, but probably you are referring to Jeremiah Grossman from WhiteHat security who will present his findings at blackhat.
SPI Dynamics
blackhat
SPI states that we are not dealing with a bug or vulnerability. I dont think this assessment is correct as you are able to pull an image via javascript from a different server than the one hosting the page. I have written a little test page that demonstrates this as well: http://cseifert.mine.nu/jsImageExploitWorking.html
Christian
[PaulDotCom - Congrats Christian, you are the winner!]
Since no one else has posted yet I am going to give the contest a shot. I won one last month so if I am not eligible to win again for a while longer then thats how it goes.
I could be way off on this but here goes...
I have come up with Jeremiah Grossman and T.C. Niedzialkowski from WhiteHat Security will be presenting about cross-side scripting and avoiding it at the Blackhat conf. The title of their talk is scheduled to be Hacking Intranet Websites from the Outside "JavaScript malware just got a lot more dangerous"
I found this info here http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Grossman
Keep up the great work guys.
Keep up the great work on your blog. Best wishes WaltDe