Application Security This Week for December 20

So, hey, yeah, how are all of you.  Clearly SolarWinds has completely overwhelmed the news this week, so I have a couple of notes about that. To those of you who are having to deal with this, I am with you in spirit. Doing what I can here from The Bunker to help you out.

Here was my first indication there was a problem, I believe.  It’s pretty old news now.

I spoke about Supply Chain problems at the Central Ohio .NET Developer’s group in March.  Oddly timed.

MicroSolved has a good writeup you should read.

This is Microsoft’s breakdown on DLL Injection.  For the record, I attended a BoF session on this at DefCon 15(!) and everyone I talked to blew it off.  Guess not.

Some other news, thank goodness.

Github is gonna ban passwords.

The NSA finally figured out that authentication systems are under attack.

And finally, a short article about memcpy.

That’s the news, folks, have a great holiday and end-of-year. May your systems be secure and your code be frozen.