Microsoft shortcut fix and Black Hat 2010 roundup

Filed Under: Data loss, Microsoft, Podcast, Privacy, Vulnerability, Windows

Black Hat logo

Microsoft announced Friday that they will be releasing an out of band patch for what has been known as the Windows shortcut vulnerability. The fix will be released on Monday August 2nd at approximately 10 AM Pacific Daylight Time (1700 UTC). If you are anxious to start testing keep an eye on the MSRC blog for more information.

This week's Sophos Security Chet Chat is primarily about the Windows shortcut vulnerability. Michael Argast and I also debated whether OS X is in fact the most vulnerable operating system and the Safari vulnerability in auto-complete.

My favorite Black Hat presentation was likely the one on modern online privacy by Moxie Marlinspike. His session was entitled "Changing Threats to Privacy: From TIA to Google" and detailed the numerous ways the concept of Total Information Awareness has been abandoned for easier ways to spy on us.

Moxie talked about a tool he has released to allow people to use Google services without sacrificing their privacy to the big G. It is called GoogleSharing and is available from http://www.googlesharing.net. He also released another tool to assist Android users with securing their SMS messages and VOIP phone calls from being snooped. You can find out more at http://www.whispersys.com.

I also went to see Dan Kaminsky's talk on web threats... except it wasn't on web threats. Dan's obsession has been with DNS since his announcement of the DNS flaw two years ago at Black Hat. This year was no different and he delivered a last minute talk on DNSSEC and how the root of the DNS being signed a few weeks ago is going to change the world. Dan's world sees the DNS root and chain of trust being the foundation of federated identity on the internet. I like the picture he painted, but I am skeptical that it will be as easy as he lead us all to believe.

I will continue to go through all my notes and post some of the remainder of the best of Black Hat and Defcon in the next few days.

, , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.