‘Stalkerware’, DHCPv6 Packets , & Python – Application Security Weekly #38

In the Application Security News, a nasty DHCPv6 packet can Pwn vulnerable Linux Boxes, 'Stalkerware' website let anyone intercept texts of tens of thousands of people, twelve malicious Python libraries found and removed from PyPI, the U.S. Department of Defense Guide for "Detecting Agile BS", and more!

News

Bugs, Breaches, and More!
1.) A Nasty DHCPv6 Packet can Pwn Vulnerable Linux Boxes 2.) 'Stalkerware' Website Let Anyone Intercept Texts of Tens of Thousands of People 3.) Trivial Bug in X.Org gives Root Permission on Linux and BSD Systems
If you Build It, They Will Come
1.) Why the NSA Called Me after Midnight and Requested my Source Code 2.) Twelve malicious Python libraries found and removed from PyPI 3.) The U.S. Department of Defense Guide for "Detecting Agile BS"
Learning & Tools
1.) NetAssert: Network Security Testing for DevSecOps workflows 2.) HASSH: A profiling method for SSH Clients and Servers 3.) ThreatPlaybook: Threat Modeling as Code
Food for Thought
1.) Twitter should Kill Retweet 2.) Amazon Future Engineer 3.) The God of Random shall decide Full Show Notes Follow us on Twitter: https://www.twitter.com/securityweekly [audio src="http://traffic.libsyn.com/sw-all/Stalkerware_DHCPv6_Packets___Python_-_Application_Security_Weekly_38_converted.mp3" ]
prestitial ad