3 Security Buddies Paul Kehrer, Robert Clark, Matias Brutti
-
- Technology
Weekly podcast where three security buddies discuss security topics.
-
3SB-8: Password Complexity
Follow up:
No follow ups
Topics:
NIST changing password requirementsRoundtable how we got into security + suggestions
Paul Rant:
Paul is on vacation. No Rants.
Links:
https://pages.nist.gov/800-63-3/sp800-63b.html https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords
Hosts:
Paul Kehrer @reaperhulk
Robert Clark @hyakuhei
Matías Brutti @MrBrutti
Special Guest:
Travis McPeak @travismcpeak
Post-Production:
Matias Brutti @MrBrutti
Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. -
3SB-7: 🍎 Security Worms
Follow up:
US is elevating ransomware the same level of terrorism.
Topics:
Apple Security WWDCMove beyond passwords ( iCloud Keychain WebAuthN keys ) Discover account-driven User EnrollmentSecure login with iCloud Keychain verification codes ( domain-binding apple-totp )Polkit PrivEscGrowing abuse of Kubernetes (it’s not containers)
Paul Rant:
Apple Bug Report blackhole
Links:
https://www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism-official-says-2021-06-03/ https://threatpost.com/microsoft-cryptomining-kubeflow/166777/https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/
Hosts:
Paul Kehrer @reaperhulk
Robert Clark @hyakuhei
Matías Brutti @MrBrutti
Post-Production:
Matias Brutti @MrBrutti
Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. -
3SB-6: Dependency Hell
Follow up:
- Nothing this week
Topics:
Automated Fuzzing Testing in GoStack Overflow Supply Chain AttacksDeps.devUpdate on Github’s policies regarding exploits, malware, and vulnerability researchPaul Rant:
Pinning dependencies on Libraries
Links:
https://blog.golang.com/fuzz-betahttps://www.wsj.com/articles/software-developer-community-stack-overflow-sold-to-tech-giant-prosus-for-1-8-billion-11622648400https://deps.devhttps://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/
Hosts:
Paul Kehrer @reaperhulk
Robert Clark @hyakuhei
Matías Brutti @MrBrutti
Post-Production:
Matias Brutti @MrBrutti
Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. -
3SB-5: Hardware Apocalypses
Follow up:
Vaxxed || Mask Rant UpdateWhatsApp will not be removing functionality.
Topics:
OpenSSL RustificationData without context is useless AMD attacks on Virtual Machine Protection System.M1ssing Register Access Controls Leak EL0 State
Paul Rant:
QC35 switch is garbage. GARBAGE!
Links:
https://therecord.media/two-attacks-disclosed-against-amds-sev-virtual-machine-protection-system/https://m1racles.com
Hosts:
Paul Kehrer @reaperhulk
Robert Clark @hyakuhei
Matías Brutti @MrBrutti
Post-Production:
Matias Brutti @MrBrutti
Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. -
3SB-4: EuroCyberVision
Episode Follow up:
Codecov Mercari Audacity Open Source Telemetry
Topics:
WhatsApp: Give me your privacy or I will stop working. Russian Keyboard as a first line of defense Craig Federighi MacOS vs iOS Security Model
Paul Rant:
Vaxxed or Mask. Trust by Verify Rant by Matias Brutti.
Links:
https://about.mercari.com/en/press/news/articles/20210521_incident_report/https://github.com/audacity/audacity/discussions/889https://blog.malwarebytes.com/privacy-2/2021/05/whatsapp-calls-and-messages-will-break-unless-you-share-data-with-facebook/https://www.schneier.com/blog/archives/2021/05/adding-a-russian-keyboard-to-protect-against-ransomware.htmlhttps://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/https://9to5mac.com/2021/05/19/craig-federighi-mac-malware-problem/https://www.imore.com/craig-federighi-defends-iphone-security-throwing-mac-under-bus
Hosts:
Paul Kehrer @reaperhulk
Robert Clark @hyakuhei
Matías Brutti @MrBrutti
Post-Production:
Matias Brutti @MrBrutti
Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. -
3SB-3: Zero Trust Cyber
Episode 2 Follow up:
CodeCov continues to claim victims. Rapid7 & Twilio.
Topics:
Rob’s python adventuresAlfredos mouse micFragAttackCyberBattleSiem
Paul Rant:
ZeroTrust Executive Order By Robert Links:
https://www.rapid7.com/blog/post/2021/05/13/rapid7s-response-to-codecov-incident/ https://www.twilio.com/blog/response-to-the-codecov-vulnerabilityhttps://github.com/ortegaalfredo/mousemic https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/05/fragattack-new-wi-fi-vulnerabilities-that-affect-basically-everything/https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
Hosts:
Paul Kehrer @reaperhulk
Robert Clark @hyakuhei
Matías Brutti @MrBrutti
Post-Production:
Matias Brutti @MrBrutti
Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers.