3 Security Buddies
Podcast door Paul Kehrer, Robert Clark, Matias Brutti
Deze podcast is gratis te beluisteren op alle podcastspelers en de Podimo-app zonder abonnement.
Alle afleveringen
8 afleveringenFollow up: * No follow ups Topics: * NIST changing password requirements * Roundtable how we got into security + suggestions Paul Rant: * Paul is on vacation. No Rants. Links: * https://pages.nist.gov/800-63-3/sp800-63b.html [https://pages.nist.gov/800-63-3/sp800-63b.html] * https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords [https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords] Hosts: Paul Kehrer @reaperhulk Robert Clark @hyakuhei Matías Brutti @MrBrutti Special Guest: Travis McPeak @travismcpeak Post-Production: Matias Brutti @MrBrutti Disclaimer:The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers.
Follow up: * US is elevating ransomware the same level of terrorism. Topics: * Apple Security WWDC * Move beyond passwords ( iCloud Keychain WebAuthN keys ) * Discover account-driven User Enrollment * Secure login with iCloud Keychain verification codes ( domain-binding apple-totp ) * Polkit PrivEsc * Growing abuse of Kubernetes (it’s not containers) Paul Rant: * Apple Bug Report blackhole Links: * https://www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism-official-says-2021-06-03/ [https://www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism-official-says-2021-06-03/] * https://threatpost.com/microsoft-cryptomining-kubeflow/166777/ [https://threatpost.com/microsoft-cryptomining-kubeflow/166777/] * https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/ [https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/] Hosts: Paul Kehrer @reaperhulk Robert Clark @hyakuhei Matías Brutti @MrBrutti Post-Production: Matias Brutti @MrBrutti Disclaimer:The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers.
Follow up: - Nothing this week Topics: * Automated Fuzzing Testing in Go * Stack Overflow Supply Chain Attacks * Deps.dev * Update on Github’s policies regarding exploits, malware, and vulnerability research Paul Rant: * Pinning dependencies on Libraries Links: * https://blog.golang.com/fuzz-beta [https://therecord.media/two-attacks-disclosed-against-amds-sev-virtual-machine-protection-system/] * https://www.wsj.com/articles/software-developer-community-stack-overflow-sold-to-tech-giant-prosus-for-1-8-billion-11622648400 [https://www.wsj.com/articles/software-developer-community-stack-overflow-sold-to-tech-giant-prosus-for-1-8-billion-11622648400] * https://deps.dev [https://deps.dev] * https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/ [https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/] Hosts: Paul Kehrer @reaperhulk Robert Clark @hyakuhei Matías Brutti @MrBrutti Post-Production: Matias Brutti @MrBrutti Disclaimer:The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers.
Follow up: * Vaxxed || Mask Rant Update * WhatsApp will not be removing functionality. Topics: * OpenSSL Rustification * Data without context is useless * AMD attacks on Virtual Machine Protection System. * M1ssing Register Access Controls Leak EL0 State Paul Rant: * QC35 switch is garbage. GARBAGE! Links: * https://therecord.media/two-attacks-disclosed-against-amds-sev-virtual-machine-protection-system/ [https://therecord.media/two-attacks-disclosed-against-amds-sev-virtual-machine-protection-system/] * https://m1racles.com [https://m1racles.com] Hosts: Paul Kehrer @reaperhulk Robert Clark @hyakuhei Matías Brutti @MrBrutti Post-Production: Matias Brutti @MrBrutti Disclaimer:The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers.
Episode Follow up: * Codecov Mercari * Audacity Open Source Telemetry Topics: * WhatsApp: Give me your privacy or I will stop working. * Russian Keyboard as a first line of defense * Craig Federighi MacOS vs iOS Security Model Paul Rant: * Vaxxed or Mask. Trust by Verify Rant by Matias Brutti. Links: * https://about.mercari.com/en/press/news/articles/20210521_incident_report/ * https://github.com/audacity/audacity/discussions/889 * https://blog.malwarebytes.com/privacy-2/2021/05/whatsapp-calls-and-messages-will-break-unless-you-share-data-with-facebook/ * https://www.schneier.com/blog/archives/2021/05/adding-a-russian-keyboard-to-protect-against-ransomware.html * https://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/ * https://9to5mac.com/2021/05/19/craig-federighi-mac-malware-problem/ * https://www.imore.com/craig-federighi-defends-iphone-security-throwing-mac-under-bus Hosts: Paul Kehrer @reaperhulk Robert Clark @hyakuhei Matías Brutti @MrBrutti Post-Production: Matias Brutti @MrBrutti Disclaimer:The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers.
Overal beschikbaar
Luister naar Podimo op je telefoon, tablet, computer of auto!
Een universum van audio-entertainment
Duizenden luisterboeken en exclusieve podcasts
Geen advertenties
Verspil geen tijd met het luisteren naar reclameblokken wanneer je luistert naar de exclusieve shows van Podimo.