59 episodes

Welcome to Lock and Code, a Malwarebytes podcast. Every two weeks, we serve up the latest cybersecurity headlines, plus we dig deep into some of the industry's most vexing topics. From deep state to deep fakes, we separate cybersecurity myth from fact.

Lock and Code Malwarebytes

    • Technology
    • 5.0 • 21 Ratings

Welcome to Lock and Code, a Malwarebytes podcast. Every two weeks, we serve up the latest cybersecurity headlines, plus we dig deep into some of the industry's most vexing topics. From deep state to deep fakes, we separate cybersecurity myth from fact.

    Securing the software supply chain, with Kim Lewandowski

    Securing the software supply chain, with Kim Lewandowski

    At the start of the global coronavirus pandemic, nearly everyone was forced to learn about the "supply chain." Immediate stockpiling by an alarmed (and from a smaller share, opportunistic) public led to an almost overnight disappearance of hand sanitizer, bottled water, toilet paper, and face masks.

    In time, those items returned to stores. But then a big ship got stuck in the Suez, and once again, we learned even more about the vulnerability of supply chains. They can handle little stress. They can be derailed with one major accident. They spread farther than we know.

    While the calamity in the canal involved many lessons, there was another story in late 2020 that required careful study in cyberspace—an attack on the digital supply chain.

    That year, attackers breached a network management tool called Orion, which is developed by the Texas-based company SolarWinds. Months before the attack was caught, the attackers swapped malicious code into a legitimately produced security update from SolarWinds. This malicious code gave the attackers a backdoor into every Orion customer who both downloaded and deployed the update and who had their servers connected online. Though the initial number of customers who downloaded the update was about 18,000 companies, the number of customers infected with the attackers’ malware was far lower, somewhere around 100 companies and about a dozen government agencies.

    This attack, which did involve a breach of a company, had a broader focus—the many, many clients of that one company. This was an attack on the software supply chain, and since that major event, similar attacks have happened again and again.

    Today, on the Lock and Code podcast with host David Ruiz, we speak with Kim Lewandowski, founder and head of product at Chainguard, about the software supply chain, its vulnerabilities, and how we can fix it.

    Show notes, resources, and credits:
    Kubernetes diagram:

    https://user-images.githubusercontent.com/622577/170547400-ef9e2ef8-e35b-46df-adee-057cbce847d1.svg

    Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
    Licensed under Creative Commons: By Attribution 4.0 License
    http://creativecommons.org/licenses/by/4.0/
    Outro Music: “Good God” by Wowa (unminus.com)

     

    • 39 min
    Tor’s (security) role in the future of the Internet, with Alec Muffett

    Tor’s (security) role in the future of the Internet, with Alec Muffett

    Tor, which stands for "The Onion Router," has a storied reputation in the world of online privacy, but on today's episode of Lock and Code with host David Ruiz, we speak with security researcher Alec Muffett about the often-undiscussed security benefits of so-called "onion networking." 

    The value proposition to organizations interested in using Tor goes beyond just anonymity, Muffett explains, and its a value prop that has at least persuaded the engineers at Facebook, Twitter, The New York Times, Buzzfeed, The Intercept, and The Guardian to build onion versions of their sites. 

    Tune in to hear about the security benefits of onion networking, why an organization would want to launch an onion site for its service, and whether every site in the future should utilize Tor.

    Show notes and credits:

    Why and How you should start using Onion Networking: https://www.youtube.com/watch?v=pebRZyg_bh8

    How WhatsApp uses metadata analysis for spam and abuse fighting: https://www.youtube.com/watch?v=LBTOKlrhKXk

    Alec Muffett's blog and about page: https://alecmuffett.com/about

    Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
    Licensed under Creative Commons: By Attribution 4.0 License
    http://creativecommons.org/licenses/by/4.0/
    Outro Music: “Good God” by Wowa (unminus.com)

    • 39 min
    Hunting down your data with Whitney Merrill

    Hunting down your data with Whitney Merrill

    Last year, Whitney Merrill wanted to know just how much information the company Clubhouse had on her, even though she wasn't a user. After many weeks of, at first, non-responses, she learned that her phone number had been shared with Clubhouse more than 80 times—the byproduct of her friends joining the platform. 

    Today on Lock and Code with host David Ruiz, we speak with Merrill about why hunting down your data can be so difficult today, even though some regions have laws that specifically allow for this. We also talk about the future of data privacy and whether "data localization" will make things easier, or if it will add another layer of geopolitics to growing surveillance operations around the world. 

    Show notes and credits:

    Intro Music: "Spellbound” by Kevin MacLeod (incompetech.com)
    Licensed under Creative Commons: By Attribution 4.0 License
    http://creativecommons.org/licenses/by/4.0/
    Outro Music: “God God” by Wowa (unminus.com)

    • 49 min
    Recovering from romance scams with Cindy Liebes

    Recovering from romance scams with Cindy Liebes

    Earlier this year, a flashy documentary premiered on Netflix that shed light onto on often-ignored cybercrime—a romance scam. In this documentary, called The Tinder Swindler, the central scam artist relied on modern technologies, like Tinder, and he employed an entire team, which included actors posing as his bodyguard and potentially even his separated wife. After months of getting close to several women, the scam artist pounced, asking for money because he was supposedly in danger. 

    The public response to the documentary was muddy. Some viewers felt for the victims featured by the filmmakers, but others blamed them. This tendency to blame the victims is nothing new, but according to our guest Cindy Liebes, Chief Cybersecurity Evangelist for Cybercrime Support Network, it's all wrong. That's because, as we discuss in today's episode on Lock and Code with host David Ruiz, these scam artists are professional criminals. 

    Today, we speak with Liebes to understand how romance scams work, who the victims are, who the criminals are, what the financial and emotional damages are, and how people can find help. 



    Show notes and credits:

    Intro Music: "Spellbound” by Kevin MacLeod (incompetech.com)

    Licensed under Creative Commons: By Attribution 4.0 License

    http://creativecommons.org/licenses/by/4.0/

    Outro Music: “God God” by Wowa (unminus.com)

    • 48 min
    Why software has so many vulnerabilities, with Tanya Janca

    Why software has so many vulnerabilities, with Tanya Janca

    Every few months, a basic but damaging flaw is revealed in a common piece of software, or a common tool used in many types of programs, and the public will be left asking: What is going on with how our applications are developed?

    Today on the Lock and Code podcast with host David Ruiz, we speak to returning guest Tanya Janca to understand the many stages of software development and how security trainers can better work with developers to build safe, secure products.

    • 48 min
    Why data protection and privacy are not the same, and why that matters

    Why data protection and privacy are not the same, and why that matters

    Data protection, believe it or not, is not synonymous with privacy, or even data privacy. But around the world, countless members of the public often innocently misconstrue these three topics with one another, swapping the terms and the concepts behind them. 

    Typically, that wouldn't be a problem—not every person needs to know the minute details of every data-related concept, law, and practice. But when the public is unaware of its rights under data protection, it might be unaware of how to assert those rights. 

    Today, on the Lock and Code podcast with host David Ruiz, we speak with Gabriela Zanfir-Fortuna, the vice president for global privacy at Future of Privacy Forum, to finally clear up the air on these related topics, and to understand how US law differs from EU law, even though the US helped lead the way on data protection proposals all the way back in 1973. 

    • 46 min

Customer Reviews

5.0 out of 5
21 Ratings

21 Ratings

ahughes42 ,

Excellent history and overview of Macs and Malware

I was using UNIX in 1978 and continued for over 40 years. People who ran the computer network in Electrical Engineering at Purdue were very interested in malware, worms as I recall, as they first appeared on the scene and popped up on occasion. I was at a electronics show in Huston, TX in the early 80s and went with the head of our computer network to Xerox and saw/used the first mouse, so I was impressed when I saw the Macs and had to have one. I too thought the Mac was virus proof, assuming the propriety nature of the of the software and difficulty sharing software kept it safe, but when OS X came and the internet blossomed I knew that the UNIX based OS was vulnerable. I loved being able to get to the command line and continue using it even today, though not nearly as often. I still imagine that the popularity of Windows and its vulnerabilities makes it a bigger target, but in reality with the complexity of todays software I see how important it is to use Malwarebytes to protect the Apple devices our family has.

kshkval ,

I listen to this plain spoken podcast more than any other security pod

I enjoy the malwarebytes podcast for its timely, focused, topical and easily understandable content. I think I enjoyed the pod about Express VPN the most. I switched from a commercial VPN to a non profit VPN the same day. the host is personable and enthusiastic. I love the interviews with major security players. Keep up the good work.

J0hn-F. ,

Great security podcast

It’s no Darknet Diaries, but I really like this podcast. Malwarebytes researchers have always done an awesome job in their reports and communications.

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
NPR
Jack Rhysider
Gimlet
PJ Vogt

You Might Also Like

Michael Bazzell
TWiT
Johannes B. Ullrich
CyberWire Inc.
CISO Series
The Record by Recorded Future