Podcasts about jscript

An international law enforcement operation dismantles AVCheck. Trump's 2026 budget looks to cut over one thousand positions from CISA. Cyber Command's defensive wing gains sub-unified command status. A critical vBulletin vulnerability is actively exploited. Acreed takes over Russian markets as credential theft kingpin. Qualcomm patches three actively exploited zero-days in its Adreno GPU drivers. Researchers unveil details of a Cisco IOS XE Zero-Day. Microsoft warns a memory corruption flaw in the legacy JScript engine is under active exploitation. A closer look at the stealthy Lactrodectus loader. On today's Afternoon Cyber Tea, Ann Johnson speaks with Hugh Thompson, RSAC program committee chair. Decoding AI hallucinations with physics. Complete our annual audience survey before August 31. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have our Afternoon Cyber Tea segment with Ann Johnson. On today's episode, Ann speaks with Hugh Thompson, RSAC program committee chair, as they discuss what goes into building the RSA Conference. Selected Reading Police takes down AVCheck site used by cybercriminals to scan malware (Bleeping Computer) DHS budget request would cut CISA staff by 1,000 positions (Federal News Network) Cybercom's defensive arm elevated to sub-unified command (DefenseScoop) vBulletin Vulnerability Exploited in the Wild (SecurityWeek) Acreed Emerges as Dominant Infostealer Threat Following Lumma Takedown (Infosecurity Magazine) Qualcomm fixes three Adreno GPU zero-days exploited in attacks (Bleeping Computer) Exploit details for max severity Cisco IOS XE flaw now public (Bleeping Computer) Microsoft Scripting Engine flaw exploited in wild, Proof-of-Concept published (Beyond Machines) Latrodectus Malware Analysis: A Deep Dive into the Black Widow of Cyber Threats in 2025 (WardenShield) The Root of AI Hallucinations: Physics Theory Digs Into the 'Attention' Flaw  (SecurityWeek) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Eric Lippert is a designer of fine programming languages; at Microsoft he worked on Visual Basic, VBScript, JScript and C#. At Facebook he worked on Hack (a gradually-typed PHP) and Bean Machine (a probabilistic extension of Python for data scientists). He is at present enjoying taking a break from corporate life. You can find Eric on the following sites: Twitter Mastodon Blog PLEASE SUBSCRIBE TO THE PODCAST Spotify Apple Podcasts YouTube Music Amazon Music RSS Feed You can check out more episodes of Coffee and Open Source on https://www.coffeeandopensource.com Coffee and Open Source is hosted by Isaac Levin --- Support this podcast: https://podcasters.spotify.com/pod/show/coffeandopensource/support

In this episode, we discuss the discovery of a type confusion in Internet Explorer's JScript. We also explore a fun exploit strategy for a low-level memory management bug in the Linux kernel and delve into several issues in Huawei's Secure Monitor that enable code execution in the secure world. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/176.html [00:00:00] Introduction [00:00:30] Spot the Vuln - Update All The Things [00:06:02] Type confusion in Internet Explorer's JScript9 engine [CVE-2022-41128] [00:14:48] Exploiting CVE-2022-42703 - Bringing back the stack attack [00:29:01] Huawei Secure Monitor Vulnerabilities The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Had some varied issues this week, a file format allowing JScript for a $20,000 bounty, Akamai Cache Poisoning, Universal XSS in Chrome. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/155.html [00:00:00] Introduction [00:00:26] Two Lines of JScript for $20,000 [00:05:31] Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned) [00:14:10] [Chrome] Universal XSS in Autofill Assistant [00:22:51] Aurora Improper Input Sanitization Bugfix Review [00:31:21] What I learnt from reading 126* Information Disclosure Writeups.

Un ataque de nostalgia repentino nos lleva a repasar cuáles fueron nuestros primeros ordenadores Un ataque de nostalgia repentino nos lleva a repasar cuáles fueron nuestros primeros ordenadores y cómo la industria de la computación mutaba rápidamente en busca de las ideas ganadoras. @josejacas – PC Render https://twitter.com/josejacas/status/1393977798411292672 Emula un mac original con MacWrite y MacPaint originales de 1984 http://blog.archive.org/2017/04/16/early-macintosh-emulation-comes-to-the-archive/ El TRS-80, una leyenda de la informática https://parceladigital.com/2017/02/09/el-trs-80-una-leyenda-de-la-informatica Mi primer libro sobre ordenadores, de Luca Novelli https://retroordenadoresorty.blogspot.com/2020/07/mi-primer-libro-sobre-ordenadores-luca.html Eduo recuerda su primer libro sobre ordenadores https://twitter.com/eduo/status/782934202572472320 Mi primer post, mi primer libro de BASIC https://jcsastre.com/2012/07/03/mi-primer-post-mi-primer-libro-de-basic/ 1981 en la línea de tiempo de la computación personal https://www.computerhistory.org/timeline/1981/ BBC demuestra el uso de un modem para conectarse y bajar lentamente texto plano en 1984 https://twitter.com/JonErlichman/status/1394004961571352580 La boda de Sean Parker https://www.vanityfair.com/news/2013/09/photos-sean-parker-wedding Livescript, JScript, Javascript. Los nombres de Javascript https://medium.com/madhash/the-many-names-of-javascript-livescript-jscript-ecmascript-es6-and-not-still-java-568b584a91b5 El satisfactorio boton de Degauss en CRT https://www.youtube.com/watch?v=PjO2vVaxIWM El éxito del powerbook 100 de Apple https://www.cultofmac.com/450320/today-apple-history-powerbook-100-series-smash-hit/ El loco ratón en brazo del HP Omnibook https://www.youtube.com/watch?v=mKfJq62tnHA IBM Y su teclado desplegable mariposa https://www.youtube.com/watch?v=p_8MQPdgC-o Síguenos en Twitter @haciafalta http://twitter.com/haciafalta

On this week’s show Patrick and Adam discuss the week’s security news, including: US DoJ unseals indictments against Sandworm operators Twitter backtracks on “hacked materials” policy No consensus on Trickbot c2 status NSA publishes “most exploited” listicle that’s actually interesting Much, much more Cmd Security is this week’s sponsor. Its CEO Jake King and CTO Mike Sample join the show this week to talk though a new remote access tech release from Hashicorp called Boundary and what it might mean for Linux system observability in your environment. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes US Indicts Sandworm, Russia's Most Destructive Cyberwar Unit | WIRED UK says Russia was preparing cyber-attacks against the Tokyo Olympics | ZDNet Sandworm operators indicted - Risky Business Microsoft says it took down 94% of TrickBot's command and control servers | ZDNet NSA publishes list of top vulnerabilities currently targeted by Chinese hackers | ZDNet 800,000 SonicWall VPNs vulnerable to new remote code execution bug | ZDNet VMSA-2020-0023 New York Post Published Hunter Biden Report Amid Newsroom Doubts - The New York Times Twitter Says It Blocked NY Post Hunter Biden Article Because It Contains Hacked Data The Media Just Passed a Test It Failed Four Years Ago | WIRED Brevard voters threatened in emails purportedly from 'Proud Boys' Google offers details on Chinese hacking group that targeted Biden campaign Industry alert pins state, local government hacking on suspected Russian group New York regulator faults Twitter for lax security measures prior to big account breach German authorities raid FinFisher offices | ZDNet Shannon Vavra on Twitter: "Details via @hsu_spencer & @kfahim https://t.co/QTRooHnw0I" / Twitter Encrochat Hack That Brought Down Hundreds of Criminals Faces Legal Challenges Hackney Council unable to pay housing benefit after cyber attack | Science & Tech News | Sky News London's Hackney Borough Council hit by hack attack - BBC News Hackney Council services to be disrupted ‘for some time’ Meet FIN11, a cybercrime outfit going after pharma companies while leaning on extortion QAnon/8Chan Sites Briefly Knocked Offline — Krebs on Security Alexander Vinnik heads to trial in France on ransomware, money laundering charges Alleged KickassTorrents founder Artem Vaulin jumped bail in Poland Thousands of infected IoT devices used in for-profit anonymity service | Ars Technica Microsoft adds option to disable JScript in Internet Explorer | ZDNet Zoom to roll out end-to-end encrypted (E2EE) calls | ZDNet QRadar: Popular IBM security tool open to remote code execution attacks | The Daily Swig Google releases Chrome security update to patch actively exploited zero-day | ZDNet Security testing firm NSS Labs ceases operations, citing coronavirus | TechCrunch Ryuk in 5 Hours – The DFIR Report

Microsoft Issues Out of Band Patches- October 19th, 2020  Join us for an inside view of today's Cyber News and why it matters. November 19th is our next TRIVIA NIGHT. Join us at 7:00 PM Eastern Time for free fun and a chance to win prizes! Congratulations to Mike Bravo for another win! ————————— News ————————————- Microsoft adds option to disable JScript in Internet Explorer https://www.zdnet.com/article/microsoft-adds-option-to-disable-jscript-in-internet-explorer/#ftag=RSSbaffb68 (https://www.zdnet.com/article/microsoft-adds-option-to-disable-jscript-in-internet-explorer/#ftag=RSSbaffb68) FIN11 gang started deploying ransomware to monetize its operations https://securityaffairs.co/wordpress/109681/cyber-crime/fin11-clop-ransomware.html (https://securityaffairs.co/wordpress/109681/cyber-crime/fin11-clop-ransomware.html) Microsoft released out-of-band Windows fixes for 2 RCE issues https://securityaffairs.co/wordpress/109665/security/microsoft-windows-rce.html —————————-Todays Offbeat Holiday————- Today is: Evaluate Your Life Day https://chrisguillebeau.com/7-alternative-ways-to-evaluate-your-life-every-day/ _____________________Products shown today_____________ RMF& CAP Course https://www.cyber-recon.com/courses/rmf-cap/ (https://www.cyber-recon.com/courses/rmf-cap/) SWAG is at: https://www.youtube.com/redirect?q=https%3A%2F%2Fwww.cyber-recon.com%2Fswag%2F&event=video_description&v=DSUm5h_E4JI&redir_token=QUFFLUhqbTVieFBZSEgyQVg2Z2tnUDBrNWxpaEtxV0VvQXxBQ3Jtc0trc3lfQmRFSU9NMHpZOE1ONDZEMHM5Y1BSZnNXMGU0ZEVSclhzR1FWa2ZadjJ2X2dleWtNU0VMMWNoYlFKS2ZIeWZRS3BFRGx3M2c5enVTOU5JQW9vbVhObVhqcm1PTHVVSFVlajNFam1BdzVxT0Y1MA%3D%3D (https://www.cyber-recon.com/swag/) Support this podcast

GUEST BIO: Eric Lippert is a programmer who builds tools for other programmers.  He’s worked on Visual Basic, JavaScript and C# at Microsoft, designed code analyzers at Coverity, and is now working on a variety of programming language design problems at Facebook. EPISODE DESCRIPTION: Phil’s guest on today’s show is Eric Lippert. His career has been a long and varied one. He was a Principal Developer at Microsoft and a member of the C# language design team. Eric was also involved in the design and implementation of VBScript, JScript, Windows Script Host and Visual Studio Tools for Office. Over the years, Eric has published and edited numerous programming books and is now working at Facebook. KEY TAKEAWAYS: (01.00)­­­ – Phil asks Eric to expand on his brief introduction. Eric said that he studied computer science and maths at the University of Waterloo. There they run a co-operative education system where you study for 4 months and work for 4. He was an intern at Wacom and Microsoft. When he left Microsoft he went to work at Coverity. He is now working on developer tools at Facebook. (3.39) – Phil asks Eric for a unique IT career tip. When Eric was a young developer at Microsoft his manager told him to “find a source of questions and learn to answer them”. He put that advice to work straight away and read every question in the JavaScript group. If someone asked a question that related to his area that he did not know the answer to, he would go away and find out. That taught him to answer queries concisely, which in turn honed his own knowledge. (5.54) – Can you tell us about your worst IT career moment and what you learned from the experience? Eric says it was probably the morning he woke up to the headline “Worst Security Flaw Ever Found in Internet Explorer”. Eric had worked on the piece of code that was involved in the issue. At first, he thought that he may have made the error. It turned out that his code had been changed and that change had not been properly reviewed, so the potential weakness was not found. The security flaw was nowhere near as serious as reported by the press. It would have required a virtually impossible hack to be executed in order to take advantage of the flaw. After that, a much stronger culture of code reviews was put into place. (9.17) – Phil says to Eric - Can you maybe take us through your career highlights or greatest success? Eric says there were two. The first was his work on a new version of VisualStudio. They met the completion target date and every single planned feature was included in the release. His other highlight was being involved in the “from scratch” C sharp rewrite. That massive project was also successfully completed and shipped. C sharp now has over 5 million lines of code, it is truly huge. (14.42) – Looking to the future Phil wants to know what excites Eric about the IT industry. Eric says it is the fact that we have still only really scratched the surface. There are so many features that can still be added to the various languages. For example, we can take features from programming languages and add them to production languages which would immediately raise the bar. We want to be able to write programs that can reason naturally about all kinds of probabilistic things and we are getting there. There is still a ton of stuff to do in the programming languages and tools space. (17.43) – What first attracted you to a career in IT? Eric started programming before he owned a computer. He would write them out on paper and type them into the school’s Commodore PET. He had intended to study either mathematics or physics. But, he soon realized that he was not good at physics. He was much better at computer programming and enjoyed it, plus he could work while studying IT. (19.22) – What is the best career advice you have been given? Eric reiterated the advice to find a source of questions and answer them. But, he added that it was important to learn how to write well. Learn how to be concise and convince people that you’ve written correct code. To do that you need to write convincingly. (20.29) if you were to begin your IT career again, right now, what would you do? Eric says he would study statistics. Much of the machine learning and probabilistic programming is about understanding statistics. With differential programming there is even calculus involved, something Eric never expected to see. (21.27) – What objectives are you focusing on now Eric? He responded by saying, "Building cutting-edge tools and helping real developers to get real stuff done". The same focus he had at the start of his career. (21.30) – What would you consider to be your most important non-technical skill? Being able to communicate effectively, it is crucial. (22.57) - Eric, can you share a parting piece of career advice with the IT Career Energizer audience. Know your tools. I get pitched features for tools and programming languages that already exist. It shows that a lot of people do not know their tools well. It also indicates that the tools are not as discoverable as they should be. Users need to dig in and understand them better and tool providers need to make their tools more discoverable. BEST MOMENTS:  (2.18) ERIC – “I have a keyboard on my desk that is older than my intern.” (4.09) ERIC – “Find a source of questions and learn to answer them”  (9.27) ERIC – “I want to ship actual code that solves actual developer’s problems” (14.34) ERIC – “It’s immensely satisfying to build something really, really big that actually works.” (17.25) ERIC – “Every time you build a tool, you magnify your impact across the entire industry.” (20.54) ERIC - “So much of machine learning and probabilistic programming is about understanding statistical concepts.” CONTACT ERIC LIPPET: Twitter: https://twitter.com/ericlippert @ericlippert LinkedIn: https://www.linkedin.com/in/eric-lippert-a3893485/ Website: https://ericlippert.com

Panel Brendan Eich Joe Eames Aaron Frost AJ ONeal Jamison Dance Tim Caswell Charles Max Wood Discussion 01:57 – Brendan Eich Introduction JavaScript [Wiki] Brendan Eich [Wiki] 02:14 – Origin of JavaScript Java Netscape Jim Clark Marc Andreesen NCSA Mosaic NCSA HTTPd Lynx (Web Browser) Lou Montulli Silicon Graphics Kernel Tom Paquin Kipp Hickman MicroUnity Sun Microsystems Andreas Bechtolsheim Bill Joy Sun-1 Scheme Programming Language Structure and Interpretation of Computer Programs – 2nd Edition (MIT Electrical Engineering and Computer Science) by Harold Abelson, Gerald Jay Sussman & Julie Sussman Guy Steele Gerald Sussman SPDY Rob McCool Mike McCool Apache Mocha Peninsula Creamery, Palo Alto, CA Main () and Other Methods (C# vs Java) Static in Java, Static Variables, Static Methods, Static Classes 10:38 – Other Languages for Programmers Visual Basic Chrome Blacklist Firefox 12:38 – Naming JavaScript and Writing VMs Canvas Andrew Myers 16:14 – Envisioning JavaScript’s Platform Web 2.0 AJAX Hidaho Design Opera Mozilla Logo Smalltalk Self HyperTalk Bill Atkinson HyperCard Star Wars Trench Run 2.0 David Ungar Craig Chambers Lars Bak Strongtalk TypeScript HotSpot V8 Dart Jamie Zawinski 24:42 – Working with ECMA Bill Gates Blackbird Spyglass Carl Cargill Jan van den Beld Philips Mike Cowlishaw Borland David M. Gay ECMAScript Lisp Richard Gabriel 31:26 – Naming Mozilla Jamie Zawinski Godzilla 31:57 – Time-Outs 32:53 – Functions Clojure John Rose Oracle Scala Async.io 38:37 – XHR and Microsoft Flash Hadoop Ricardo Jenez Ken Smith Brent Noorda Ray Noorda .NET Shon Katzenberger Anders Hejlsberg NCSA File Formats 45:54 – SpiderMonkey Chris Houck Brendan Eich and Douglas Crockford – TXJS 2010 Douglas Crockford JavaScript: The Good Parts by Douglas Crockford TXJS.com ActionScript Flex Adobe E4X BEA Systems John Schneider Rhino JScript roku Waldemar Horwat Harvard Putnam Math Competition Chris Wilson Silverlight Allen Wirfs-Brock NDC Oslo 2014 JSConf Brendan JSConf Talks 59:58 – JavaScript and Mozilla GIP SSLeay Eric A. Young Tim Hudson Digital Styles Raptor Gecko ICQ and AIM PowerPlant CodeWarrior Camino David Hyatt Lotus Mitch Kapor Ted Leonsis Mitchell Baker David Baren Phoenix Tinderbox Harmony 1:14:37 – Surprises with Evolution of JavaScript Ryan Dahl node.js Haskell Elm Swift Unity Games Angular Ember.js Dojo jQuery react ClojureScript JavaScript Jabber Episode #107: ClojureScript & Om with David Nolen MVC 01:19:43 – Angular’s HTML Customization Sweet.js JavaScript Jabber Episode #039: Sweet.js with Tim Disney TC39 Rick Waldron 01:22:27 – Applications with JavaScript SPA’s Shumway Project IronRuby 01:25:45 – Future of Web and Frameworks LLVM Chris Lattner Blog Epic Games Emscripten Autodesk PortableApps WebGL 01:29:39 – ASM.js Dart.js John McCutchen Monster Madness Anders Hejlsberg, Steve Lucco, Luke Hoban: TypeScript 0.9 – Generics and More (Channel 9, 2013) Legacy 01:32:58 – Brendan’s Future with JavaScript Picks hapi.js (Aaron) JavaScript Disabled: Should I Care? (Aaron) Aaron’s Frontend Masters Course on ES6 (Aaron) Brendan’s “Cool Story Bro” (AJ) [YouTube] Queen – Don't Stop Me Now (AJ) Trending.fm (AJ) WE ARE DOOMED soundtrack EP by Robby Duguay (Jamison) Hohokum Soundtrack (Jamison) Nashville Outlaws: A Tribute to Mötley Crüe (Joe) Audible (Joe) Stripe (Chuck) Guardians of the Galaxy (Brendan)

Panel Brendan Eich Joe Eames Aaron Frost AJ ONeal Jamison Dance Tim Caswell Charles Max Wood Discussion 01:57 – Brendan Eich Introduction JavaScript [Wiki] Brendan Eich [Wiki] 02:14 – Origin of JavaScript Java Netscape Jim Clark Marc Andreesen NCSA Mosaic NCSA HTTPd Lynx (Web Browser) Lou Montulli Silicon Graphics Kernel Tom Paquin Kipp Hickman MicroUnity Sun Microsystems Andreas Bechtolsheim Bill Joy Sun-1 Scheme Programming Language Structure and Interpretation of Computer Programs – 2nd Edition (MIT Electrical Engineering and Computer Science) by Harold Abelson, Gerald Jay Sussman & Julie Sussman Guy Steele Gerald Sussman SPDY Rob McCool Mike McCool Apache Mocha Peninsula Creamery, Palo Alto, CA Main () and Other Methods (C# vs Java) Static in Java, Static Variables, Static Methods, Static Classes 10:38 – Other Languages for Programmers Visual Basic Chrome Blacklist Firefox 12:38 – Naming JavaScript and Writing VMs Canvas Andrew Myers 16:14 – Envisioning JavaScript’s Platform Web 2.0 AJAX Hidaho Design Opera Mozilla Logo Smalltalk Self HyperTalk Bill Atkinson HyperCard Star Wars Trench Run 2.0 David Ungar Craig Chambers Lars Bak Strongtalk TypeScript HotSpot V8 Dart Jamie Zawinski 24:42 – Working with ECMA Bill Gates Blackbird Spyglass Carl Cargill Jan van den Beld Philips Mike Cowlishaw Borland David M. Gay ECMAScript Lisp Richard Gabriel 31:26 – Naming Mozilla Jamie Zawinski Godzilla 31:57 – Time-Outs 32:53 – Functions Clojure John Rose Oracle Scala Async.io 38:37 – XHR and Microsoft Flash Hadoop Ricardo Jenez Ken Smith Brent Noorda Ray Noorda .NET Shon Katzenberger Anders Hejlsberg NCSA File Formats 45:54 – SpiderMonkey Chris Houck Brendan Eich and Douglas Crockford – TXJS 2010 Douglas Crockford JavaScript: The Good Parts by Douglas Crockford TXJS.com ActionScript Flex Adobe E4X BEA Systems John Schneider Rhino JScript roku Waldemar Horwat Harvard Putnam Math Competition Chris Wilson Silverlight Allen Wirfs-Brock NDC Oslo 2014 JSConf Brendan JSConf Talks 59:58 – JavaScript and Mozilla GIP SSLeay Eric A. Young Tim Hudson Digital Styles Raptor Gecko ICQ and AIM PowerPlant CodeWarrior Camino David Hyatt Lotus Mitch Kapor Ted Leonsis Mitchell Baker David Baren Phoenix Tinderbox Harmony 1:14:37 – Surprises with Evolution of JavaScript Ryan Dahl node.js Haskell Elm Swift Unity Games Angular Ember.js Dojo jQuery react ClojureScript JavaScript Jabber Episode #107: ClojureScript & Om with David Nolen MVC 01:19:43 – Angular’s HTML Customization Sweet.js JavaScript Jabber Episode #039: Sweet.js with Tim Disney TC39 Rick Waldron 01:22:27 – Applications with JavaScript SPA’s Shumway Project IronRuby 01:25:45 – Future of Web and Frameworks LLVM Chris Lattner Blog Epic Games Emscripten Autodesk PortableApps WebGL 01:29:39 – ASM.js Dart.js John McCutchen Monster Madness Anders Hejlsberg, Steve Lucco, Luke Hoban: TypeScript 0.9 – Generics and More (Channel 9, 2013) Legacy 01:32:58 – Brendan’s Future with JavaScript Picks hapi.js (Aaron) JavaScript Disabled: Should I Care? (Aaron) Aaron’s Frontend Masters Course on ES6 (Aaron) Brendan’s “Cool Story Bro” (AJ) [YouTube] Queen – Don't Stop Me Now (AJ) Trending.fm (AJ) WE ARE DOOMED soundtrack EP by Robby Duguay (Jamison) Hohokum Soundtrack (Jamison) Nashville Outlaws: A Tribute to Mötley Crüe (Joe) Audible (Joe) Stripe (Chuck) Guardians of the Galaxy (Brendan)

Panel Brendan Eich Joe Eames Aaron Frost AJ ONeal Jamison Dance Tim Caswell Charles Max Wood Discussion 01:57 – Brendan Eich Introduction JavaScript [Wiki] Brendan Eich [Wiki] 02:14 – Origin of JavaScript Java Netscape Jim Clark Marc Andreesen NCSA Mosaic NCSA HTTPd Lynx (Web Browser) Lou Montulli Silicon Graphics Kernel Tom Paquin Kipp Hickman MicroUnity Sun Microsystems Andreas Bechtolsheim Bill Joy Sun-1 Scheme Programming Language Structure and Interpretation of Computer Programs – 2nd Edition (MIT Electrical Engineering and Computer Science) by Harold Abelson, Gerald Jay Sussman & Julie Sussman Guy Steele Gerald Sussman SPDY Rob McCool Mike McCool Apache Mocha Peninsula Creamery, Palo Alto, CA Main () and Other Methods (C# vs Java) Static in Java, Static Variables, Static Methods, Static Classes 10:38 – Other Languages for Programmers Visual Basic Chrome Blacklist Firefox 12:38 – Naming JavaScript and Writing VMs Canvas Andrew Myers 16:14 – Envisioning JavaScript’s Platform Web 2.0 AJAX Hidaho Design Opera Mozilla Logo Smalltalk Self HyperTalk Bill Atkinson HyperCard Star Wars Trench Run 2.0 David Ungar Craig Chambers Lars Bak Strongtalk TypeScript HotSpot V8 Dart Jamie Zawinski 24:42 – Working with ECMA Bill Gates Blackbird Spyglass Carl Cargill Jan van den Beld Philips Mike Cowlishaw Borland David M. Gay ECMAScript Lisp Richard Gabriel 31:26 – Naming Mozilla Jamie Zawinski Godzilla 31:57 – Time-Outs 32:53 – Functions Clojure John Rose Oracle Scala Async.io 38:37 – XHR and Microsoft Flash Hadoop Ricardo Jenez Ken Smith Brent Noorda Ray Noorda .NET Shon Katzenberger Anders Hejlsberg NCSA File Formats 45:54 – SpiderMonkey Chris Houck Brendan Eich and Douglas Crockford – TXJS 2010 Douglas Crockford JavaScript: The Good Parts by Douglas Crockford TXJS.com ActionScript Flex Adobe E4X BEA Systems John Schneider Rhino JScript roku Waldemar Horwat Harvard Putnam Math Competition Chris Wilson Silverlight Allen Wirfs-Brock NDC Oslo 2014 JSConf Brendan JSConf Talks 59:58 – JavaScript and Mozilla GIP SSLeay Eric A. Young Tim Hudson Digital Styles Raptor Gecko ICQ and AIM PowerPlant CodeWarrior Camino David Hyatt Lotus Mitch Kapor Ted Leonsis Mitchell Baker David Baren Phoenix Tinderbox Harmony 1:14:37 – Surprises with Evolution of JavaScript Ryan Dahl node.js Haskell Elm Swift Unity Games Angular Ember.js Dojo jQuery react ClojureScript JavaScript Jabber Episode #107: ClojureScript & Om with David Nolen MVC 01:19:43 – Angular’s HTML Customization Sweet.js JavaScript Jabber Episode #039: Sweet.js with Tim Disney TC39 Rick Waldron 01:22:27 – Applications with JavaScript SPA’s Shumway Project IronRuby 01:25:45 – Future of Web and Frameworks LLVM Chris Lattner Blog Epic Games Emscripten Autodesk PortableApps WebGL 01:29:39 – ASM.js Dart.js John McCutchen Monster Madness Anders Hejlsberg, Steve Lucco, Luke Hoban: TypeScript 0.9 – Generics and More (Channel 9, 2013) Legacy 01:32:58 – Brendan’s Future with JavaScript Picks hapi.js (Aaron) JavaScript Disabled: Should I Care? (Aaron) Aaron’s Frontend Masters Course on ES6 (Aaron) Brendan’s “Cool Story Bro” (AJ) [YouTube] Queen – Don't Stop Me Now (AJ) Trending.fm (AJ) WE ARE DOOMED soundtrack EP by Robby Duguay (Jamison) Hohokum Soundtrack (Jamison) Nashville Outlaws: A Tribute to Mötley Crüe (Joe) Audible (Joe) Stripe (Chuck) Guardians of the Galaxy (Brendan)

Microsoft Windows es el sistema operativo más utilizado por los usuarios a nivel mundial. Es por ello que cuando surge una vulnerabilidad afecta a mucha gente. Los ciberdelincuentes, de hecho, ponen sus miras en aquello que tiene más usuarios, ya que es aquí donde más éxito puede tener una hipotética explotación. Hoy nos hacemos eco de una nueva vulnerabilidad, un fallo de seguridad que afecta a Windows y para la que, al menos de momento, no existe parche. Un problema que pone en riesgo a quienes utilicen este sistema operativo. Concretamente se trata de un fallo de seguridad que afecta al componente JScript de Windows. Esto podría permitir a un atacante ejecutar código malicioso en el equipo de forma remota. Ha sido descubierto por Dmitri Kaslov, de Telspace Systems. Este investigador trasladó su descubrimiento a Zero-Day Initiative (ZDI), de Trend Micro. Los expertos de ZDI informaron de esta vulnerabilidad a los responsables de Microsoft. De momento el gigante del software no ha lanzado ningún parche que solucione este problema. Es por ello que desde ZDI no han querido dar un informe exhaustivo del problema y únicamente se han limitado a hacer un resumen de esta vulnerabilidad. Según este resumen que mencionamos, un atacante de forma remota podría introducir código malicioso en el equipo de la víctima. Esta vulnerabilidad afecta al componente JScript. Es por ello que la única condición es que el atacante logre engañar a la víctima y haga que acceda a una página configurada de forma maliciosa y ahí descargar e instalar un archivo JS modificado. Como hemos mencionado, desde Trend Micro no han querido detallar mucho más acerca de esta vulnerabilidad por la propia seguridad de los usuarios. Brian Gorenc, director de ZDI ha mencionado que, debido a la sensibilidad de este error, no quieren proporcionar demasiados detalles hasta que Microsoft saque un parche de seguridad que solucione la vulnerabilidad. Eso sí, los expertos han indicado que esta vulnerabilidad no tiene que ser tan peligrosa como pueda parecer en un principio. No permite un compromiso total del sistema. Esta vulnerabilidad ha recibido una puntuación de 6,8 sobre 10 en la escala de gravedad CVSSv2. Se trata, eso sí, de una puntuación bastante elevada si la comparamos con la mayoría de vulnerabilidades que se detectan. En definitiva, Microsoft Windows tiene una vulnerabilidad para la que todavía no hay solución. Este problema permitiría a un atacante de forma remota ejecutar código malicioso en el equipo de la víctima. A la espera de un parche definitivo por parte de Microsoft, nuestro consejo es mantener siempre nuestros sistemas actualizados. De esta manera podremos hacer frente a las amenazas más recientes y que puedan poner en riesgo el buen funcionamiento de nuestros dispositivos. También es importante contar con programas y herramientas de seguridad. Pero si hay algo que puede proteger al usuario en muchos casos es el sentido común. Hay que evitar caer en engaños, en links fraudulentos, por ejemplo, que puedan llegarnos a través de correos electrónicos y redes sociales.

JavaScript begleitet das Web zwar schon fast seit Anbeginn wurde aber als eigenständige Technologie nur am Rande wahrgenommen. In den letzten Jahren hat sich das langsam geändert und jetzt entwickelt sich in der JavaScript-Szene ein neues Selbstbewusstsein, gestützt durch die Entwicklung neuer Sprach-Implentierungen und FrameWorks und einem generell gewachsenen Bedarf an flexiblen webbasierten Lösungen orientiert. Im Gespräch mit Tim Pritlove erläutert der JavaScript-Entwickler Malte Ubl, wie sich JavaScript entwickelt hat, welche Eigenschaften JavaScript ausmachen und was die besondere Eignung für das Web ausmacht. Themen: Warum JavaScript JavaScript heißt; JScript; Ähnlichkeiten und Unterschiede von JavaScript und ActionScript; das Erstarken der JavaScript-Szene; JavaScript Runtimes und JIT Compiler; Server-side JavaScript und asynchrones I/O; Eigenschaften von Prototypen-basierten Programmiersprachen; Webanwendungsentwicklung mit JavaScript auf dem Client und Server; Ladezeitenoptimierung; JavaScript Frameworks für Anwendungsentwicklung; Entwicklungswerkzeuge und Bücher über JavaScript; lokale JavaScript-Communities.