4 Days left to get a GIAC Certification Attempt Included with Online Training - Register Today!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

GHOST 2.0: What do you need to know about the glibc getaddrinfo vulnerability

  • Friday, February 19th, 2016 at 3:00 PM EDT (20:00:00 UTC)
  • Johannes Ullrich and Chris Eng
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Veracode

You can now attend the webcast using your mobile device!

Overview

On Tuesday, the Google security team published a blog post with details about a new vulnerability in glibc. The vulnerability affects getaddrinfo, a modern replacement for gethostbyname which was the root cause of last years GHOST vulnerability. In this webcast, you will learn how to identify vulnerable systems and what options you have available to mitigate the vulnerability in addition to patching. We will also cover some of the intricacies of DNS that contribute to the vulnerability and will help you better understand what went wrong in this case.

Speaker Bios

Johannes Ullrich, PhD

As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also enjoys blogging about application security tips.


Chris Eng

Chris Eng has over 15 years of application security experience. As Vice President of Research at Veracode, he leads the team responsible for integrating security expertise into Veracode's technology. Throughout his career, he has led projects breaking, building, and defending web applications and commercial software for some of the world's largest companies.

Chris is a frequent speaker at premier industry conferences, such as BlackHat, RSA, OWASP, and CanSecWest, where he has presented on a diverse range of application security topics, including cryptographic attacks, agile security, mobile application security, and security metrics. Chris has been interviewed by Bloomberg, Fox Business, CBS, and other media outlets regarding security trends and noteworthy events. Additionally, he has served on the advisory board of the SOURCE Boston conference since its inception.

Chris holds a B.S. in Electrical Engineering and Computer Science from the University of California. Chris is an unabashed supporter of the Oxford comma and hates when you use the word "ask" as a noun.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.