[Infosec MS] Nächster Termin: 26.10.2017

Sebastian Schinzel schinzel at fh-muenster.de
Di Sep 26 23:39:23 CEST 2017 

Liebe Liste,

der nächste Infosec-Stammtisch wird am Donnerstag, den 28. Oktober 2017
wieder ab 18:00 stattfinden. Location ist das Kruse Baimken, wieder im
großen Raum im Obergeschoss.

Diemal wird Marc Schönefeld eine Preview für einen Vortrag geben, den er
später auf einer Konferenz halten wird.
--------------------------
Titel: Grandma's old bag, how outdated libraries spoil Android app security
Abstract:
The diverse Android app stores are full of applications, written in
multiple languages and frameworks. When it comes to optimize for
performance and cutting-edge features the ultimate choice is using
specialized components written in C/C++. But with increased power comes
increased responsibility, as native components have the tendency to rot
over time and turn an installed application into a security nightmare.
OWASP has placed this scenario on their Top 10 list as "Using components
with known vulnerabilities".

In our research we switched from policy to practice, and examined a
sample of prominent apps with large downloads counts. Unfortunately even
in 2017 major vendors ship their colorful applications with well-known
security problems, some even having weekly updates on the functionality
side, but leaving the ugly backyard of outdated native libraries (even
with CVSS-10 vulnerabilities) untouched. The presentation will cover
this and other Android deployment antipatterns that leave the user in
danger of exploitation, enriched with recommendations and real-life
examples.
--------------------------

Viele Grüße,
Sebastian

-- 
Prof. Dr. Sebastian Schinzel

FH Münster
IT-Sicherheit
Stegerwaldstrasse 39
48565 Steinfurt

Tel.: +49 2551 962 188

Email: schinzel at fh-muenster.de
Web:   https://fh-muenster.de/it-sicherheit

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : smime.p7s
Dateityp    : application/pkcs7-signature
Dateigröße  : 5501 bytes
Beschreibung: S/MIME Cryptographic Signature
URL         : </pipermail/infosec/attachments/20170926/182c9747/attachment.bin>

Mehr Informationen über die Mailingliste InfoSec