GHOST 2.0: What do you need to know about the glibc getaddrinfo vulnerability
- Friday, February 19th, 2016 at 3:00 PM EDT (20:00:00 UTC)
- Johannes Ullrich and Chris Eng
You can now attend the webcast using your mobile device!
On Tuesday, the Google security team published a blog post with details about a new vulnerability in glibc. The vulnerability affects getaddrinfo, a modern replacement for gethostbyname which was the root cause of last years GHOST vulnerability. In this webcast, you will learn how to identify vulnerable systems and what options you have available to mitigate the vulnerability in addition to patching. We will also cover some of the intricacies of DNS that contribute to the vulnerability and will help you better understand what went wrong in this case.
Johannes Ullrich, PhD
As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also enjoys blogging about application security tips.
Chris Eng has over 15 years of application security experience. As Vice President of Research at Veracode, he leads the team responsible for integrating security expertise into Veracode's technology. Throughout his career, he has led projects breaking, building, and defending web applications and commercial software for some of the world's largest companies.
Chris is a frequent speaker at premier industry conferences, such as BlackHat, RSA, OWASP, and CanSecWest, where he has presented on a diverse range of application security topics, including cryptographic attacks, agile security, mobile application security, and security metrics. Chris has been interviewed by Bloomberg, Fox Business, CBS, and other media outlets regarding security trends and noteworthy events. Additionally, he has served on the advisory board of the SOURCE Boston conference since its inception.
Chris holds a B.S. in Electrical Engineering and Computer Science from the University of California. Chris is an unabashed supporter of the Oxford comma and hates when you use the word "ask" as a noun.