Application Security This Week for May 12

If you have been in my classes, you know that I often point to weev as my example for why not to hack live sites.  Well, now I have a new example.

https://thehackernews.com/2019/05/israel-hamas-hacker-airstrikes.html

DHS is putting a 15 day deadline on all critical patches.  Maybe that Windows NT4SP2 box will get a little sumpn sumpn, huh?

https://thehackernews.com/2019/05/dhs-patch-vulnerabilities.html

The Google CTF is coming up in a month or so.  Start doing those ZAP pushups.

https://security.googleblog.com/2019/05/google-ctf-2019-is-here.html

El Reg has a great article on the latest (of many) SQLite RCE flaws.

https://www.theregister.co.uk/2019/05/10/sqlite_rce_vuln/

Y’all know that cryptography is not my best subject, but this is important. SHA1 is now provably just as broken as MD5, so start scrubbing it from codebases, except in cases like HMAC.

https://eprint.iacr.org/2019/459

That’s the news!