Security TL;DR Podcast

Security TL;DR Podcast – Episode 14 (Live from AGN NARM 2018)

Episode 14 of the Security TL;DR podcast (6/7/2018), hosted by Drew Green, and sponsored by G-Factor Security.  This episode was recorded live at the AGN NARM 2018 conference in Austin, TX. Drew is joined by Ken Pyle, a partner with DFDR Consulting, and Joe Martin, an IT professional with an accounting firm  They discuss DNS security trends, IoT device and patching problems, and the latest news surrounding the VPNFilter botnet.

Security TL;DR Podcast – Episode 13

Episode 13 of the Security TL;DR podcast (3/29/2018), hosted by Drew Green and Sam Blevins, sponsored by G-Factor Security (formerly TJTSec).  They discuss the latest developments regarding the vulnerabilities in AMD processor products, a bug with Microsoft’s Meltdown and Spectre patches, and the ongoing privacy concerns surrounding Facebook. Articles Referenced: * https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research [https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research] * https://threatpost.com/bad-microsoft-meltdown-patch-made-some-windows-systems-less-secure/130844/ [https://threatpost.com/bad-microsoft-meltdown-patch-made-some-windows-systems-less-secure/130844/] * https://threatpost.com/facebook-woes-continue-as-ftc-opens-data-privacy-probe/130788/ [https://threatpost.com/facebook-woes-continue-as-ftc-opens-data-privacy-probe/130788/]

Security TL;DR Podcast – Episode 12

Episode 12 of the Security TL;DR podcast (3/16/2018), hosted by Drew Green and Sam Blevins, sponsored by G-Factor Security (formerly TJTSec).  They discuss the newly announced vulnerabilities in AMD processor products, a bug with SAMBA, the free certificate authority Let’s Encrypt and their latest product offering, and they critique a podcast where a victim of a security breach discusses their experiences and provides ill-informed recommendations. Articles Referenced: * https://threatpost.com/amd-investigating-reports-of-13-critical-vulnerabilities-found-in-ryzen-epyc-chips/130404/ [https://threatpost.com/amd-investigating-reports-of-13-critical-vulnerabilities-found-in-ryzen-epyc-chips/130404/] * https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs [https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs] * https://www.samba.org/samba/security/CVE-2018-1057.html [https://www.samba.org/samba/security/CVE-2018-1057.html] * https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579 [https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579]

Security TL;DR Podcast – Episode 11

Episode 11 of the Security TL;DR podcast (3/10/2018), hosted by Drew Green, sponsored by G-Factor Security (formerly TJTSec).  He discusses the latest news on updates from Intel regarding the Spectre bug affecting all recent Intel CPUs, a SNAFU by a certificate reseller (and a dive into what certificates are and how they are involved with HTTPS web browsing), an certificate renewal oversight leading to downtime for the VR manufacturer Oculus, and Firefox’s new support for managed enterprise environments. Articles Referenced: * https://arstechnica.com/gadgets/2018/03/microsoft-will-soon-start-shipping-the-intel-spectre-microcode-fixes/ [https://arstechnica.com/gadgets/2018/03/microsoft-will-soon-start-shipping-the-intel-spectre-microcode-fixes/] * https://www.digicert.com/blog/digicert-statement-trustico-certificate-revocation/ [https://www.digicert.com/blog/digicert-statement-trustico-certificate-revocation/] * https://www.pcgamer.com/every-oculus-rift-is-offline-thanks-to-an-expired-certificate/ [https://www.pcgamer.com/every-oculus-rift-is-offline-thanks-to-an-expired-certificate/] * https://bugzilla.mozilla.org/show_bug.cgi?id=1433136 [https://bugzilla.mozilla.org/show_bug.cgi?id=1433136]

Security TL;DR Podcast – Episode 10

Episode 10 of the Security TL;DR podcast (2/23/2018), hosted by Drew Green and Sam Blevins, sponsored by TJTSec.  They discuss the latest bug affecting nearly all Apple devices, an interesting way a piece of malware hid in infected devices and communicated with the controlling attackers, the latest in “IRS Tax Scams”, and a bug in Microsoft’s Edge web browser. Articles Referenced: * https://gizmodo.com/apple-is-rushing-to-fix-the-telugu-bug-as-assholes-use-1823070294 [https://gizmodo.com/apple-is-rushing-to-fix-the-telugu-bug-as-assholes-use-1823070294] * https://arstechnica.com/information-technology/2018/02/raw-sockets-backdoor-gives-attackers-complete-control-of-some-linux-servers/ [https://arstechnica.com/information-technology/2018/02/raw-sockets-backdoor-gives-attackers-complete-control-of-some-linux-servers/] * https://krebsonsecurity.com/2018/02/irs-scam-leverages-hacked-tax-preparers-client-bank-accounts/ [https://krebsonsecurity.com/2018/02/irs-scam-leverages-hacked-tax-preparers-client-bank-accounts/] * https://www.engadget.com/2018/02/19/google-project-zero-microsoft-edge-browser-vulnerability/?sr_source=Facebook [https://www.engadget.com/2018/02/19/google-project-zero-microsoft-edge-browser-vulnerability/?sr_source=Facebook]