(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

--

John Bambenek

bambenek \at\ gmail /dot/ com

Fidelis Cybersecurity

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Its that time of year again where the technical press starts running security prediction stories for the upcoming year. I know Ive done a few interviews on it already and sure other handlers have as well. As things wind down for the year, what are your thoughts for what we can expect next year? Have we hit peak ransomware? Is election hacking a phase, or will it spread to the upcoming European elections? To what end? What will be the next big DDoS target that Mirai takes on?

Comment below and let us know what youre thinking will be the next big thing.

--
John Bambenek
bambenek \at\ gmail /dot/ com
Fidelis Cybersecurity

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

--

John Bambenek

bambenek \at\ gmail /dot/ com

Fidelis Cybersecurity

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
IBM BigFix Remote CVE-2016-2935 Denial of Service Vulnerability
 
Samba CVE-2016-2125 User Impersonation Vulnerability
 
IBM BigFix Remote Control CVE-2016-2934 Cross Site Scripting Vulnerability
 
foreman-debug CVE-2016-9593 Local Information Disclosure Vulnerability
 
IBM BigFix Remote Control CVE-2016-2933 Directory Traversal Vulnerability
 
OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
 
IBM Tealeaf Customer Experience CVE-2015-4961 Information Disclosure Vulnerability
 
OpenSSH CVE-2016-10012 Security Bypass Vulnerability
 
OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
 
Cybozu Garoon CVE-2016-7803 SQL Injection Vulnerability
 
Cybozu Garoon CVE-2016-4909 Unspecified Cross Site Request Forgery Vulnerability
 
Microsoft Windows Installer CVE-2016-7292 DLL Loading Local Privilege Escalation Vulnerability
 
Microsoft Windows CVE-2016-7295 Local Information Disclosure Vulnerability
 
Microsoft Windows Crypto Driver CVE-2016-7219 Local Information Disclosure Vulnerability
 
Microsoft .NET Framework CVE-2016-7270 Information Disclosure Vulnerability
 

(credit: Aurich Lawson / Thinkstock)

Neal H. Walfield is a hacker at g10code working on GnuPG. This op-ed was written for Ars Technica by Walfield, in response to Filippo Valsorda's "I'm giving up on PGP" story that was published on Ars last week.

Every once in a while, a prominent member of the security community publishes an article about how horrible OpenPGP is. Matthew Green wrote one in 2014 and Moxie Marlinspike wrote one in 2015. The most recent was written by Filippo Valsorda, here on the pages of Ars Technica, which Matthew Green says "sums up the main reason I think PGP is so bad and dangerous."

In this article I want to respond to the points that Filippo raises. In short, Filippo is right about some of the details, but wrong about the big picture. For the record, I work on GnuPG, the most popular OpenPGP implementation.

Read 21 remaining paragraphs | Comments

 
CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free
 
Internet Storm Center Infocon Status