Named one of the world's top information security podcasts, The Security Ledger Podcast offers in-depth interviews with the top minds in information (cyber) security. Hosted by Paul Roberts, Editor in Chief of The Security Ledger, each podcast is a conversation about the cyber security stories making headlines and about the most important trends in the information security space including security and the Internet of Things, the latest cyber threats facing organizations and new paradigms for securing data and devices. A must listen if "cyber" is your thing!
Episode 194: What Happened To All The Election Hacks?
Today marks two weeks since Election Day 2020 in the U.S., when tens of millions went to the polls on top of the tens of millions who had voted early or by mail in the weeks leading up to November 3.
The whole affair was expected to be a hot mess of suffrage, what with a closely divided public and access to the world’s most powerful office hung on the outcome of voting in a few, key districts sprinkled across a handful of states. Election attacks seemed a foregone conclusion.
Election Attack, Anyone?
Memories of the 2016 Presidential contest are still fresh in the minds of U.S. voters. During that contest, stealthy disinformation operations linked to Russia’s Internet Research Agency are believed to have swayed the vote in a few, key states, helping to hand the election to GOP upstart Donald Trump by a few thousands of votes spread across four states.
Listen: Russian Hacking and the Future of Cyber Conflict
Adam Meyers is the Vice President of Threat intelligence at the firm Crowdstrike.
In 2020, with social media networks like Facebook more powerful than ever and the geopolitical fortunes of global powers like China and Russia hanging in the balance, it was a foregone conclusion that this year’s U.S. election would see one or more cyber incidents grab headlines and – just maybe- play a part in the final outcome.
But two weeks and more than 140 million votes later, wild conspiracy theories about vote tampering are rampant in right wing media. But predictions of cyber attacks on the U.S. presidential election have fallen flat.
From Russia with…Indifference?
So what happened? Did Russia, China and Iran decide to sit this one our, or were planned attacks stopped in their tracks? And what about the expected plague of ransomware? Did budget and talent constrained local governments manage to do just enough right to keep cyber criminals and nation state actors at bay?
Allan Liska is a Threat Intelligence Analyst at the firm Recorded Future,
To find out we invited two experts who have been following election security closely into the Security Ledger studios to talk.
Allan Liska is a Threat Intelligence Analyst at the firm Recorded Future, which has been monitoring the cyber underground for threats to elections systems.
Joining Allan is a frequent Security Ledger podcast guest: Adam Meyers the Senior Vice President of Threat Intelligence at the firm Crowdstrike back into the studio as well. Crowdstrike investigated the 2016 attack on the Hillary Clinton presidential campaign and closely monitors a wide range of cyber criminal and nation state groups that have been linked to attacks on campaigns and elections infrastructure.
To start out I asked both guests – given the anticipation of hacks targeting the US election – what happened – or didn’t happen – in 2020.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry.
Episode 193: Repair, Cyber and Your Car with Assaf Harel of Karamba Security
Massachusetts lit the match that started the American Revolution at the battles of Lexington and Concord back in 1775: an eruption of violence in response to the policies of a repressive and distant monarch.
On Tuesday, the Bay State sent another loud shot across the bow of yet another aloof power broker: the automotive industry. Voters in the state approved Question 1, a ballot measure that expands Massachusetts’ automotive right to repair law, giving vehicle owners access to wireless repair and maintenance data transmitted via telematics systems on modern, connected vehicles.
Report: Hacking Risk for Connected Vehicles Shows Significant Decline
Assaf Harel is the Chief Scientist at Karamba Security.
The question, which passed with more than 70% of the vote, was vigorously opposed by automotive manufacturers and dealerships as well as other technology industry interests, which spent tens of millions of dollars trying to defeat the measure, in part by warning about the cyber security and privacy risks of sharing wireless data.
Voters didn’t buy that argument. But the commercials and industry scare tactics do raise important questions about the security risks of connected vehicles and whether modern cars with their always-on Internet connections are susceptible to being hacked.
Episode 186: Certifying Your Smart Home Security with GE Appliances and UL
To dig deep into that question, I invited Assaf Harel of the firm Karamba Security into the Security Ledger studio to talk. Assaf is the Chief Scientist and co-founder at Karamba Security, which provides security solutions for automotive and IoT controllers.
In this conversation, Assaf and I talk about the state of vehicle cyber security: what the biggest cyber risks are to connected cars. We also go deep on the right to repair -and how industries like automobiles can balance consumer rights with security and privacy concerns.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.
Episode 192: It’s Showtime! Are Local Governments Ready To Turn Back Election Hacks?
The 2020 election in the U.S. is less than a week away and warnings about cyber threats to the vote are coming out with about the regularity as polls of the presidential contest between Joe Biden and Donald Trump.
Public Sector Mega-Vendor Tyler Technologies Says It Was Hacked
On October 9, for example, the FBI and DHS warned that so called “Advanced Threat” actors were chaining together multiple vulnerabilities in an attempt to compromise federal, state and local government networks and elections organizations.
Rob Bathurst is the Chief Technology Officer at Digitalware.
Also this month, an outbreak of the Dopplepaymer ransomware affected elections infrastructure in Hall County, Georgia, disabling a database used to verify voter signatures in the authentication of absentee ballots.
Which leads us to ask: despite years of warnings, are state and local governments ready for what Russia, Iran or any number of ransomware gangs have in store for them?
To help answer that question, we invited Rob Bathurst into the studio. Rob is the Chief Technology Officer at Digitalware, a Denver area company that specializes in risk analysis and risk management with Federal, state and local government and F500 companies.
Episode 96: State Elections Officials on Front Line against Russian Hackers
In this conversation, Rob and I talk about what the biggest cyber risks are to state and local governments and how worried we should be about warnings about cyber threats to elections systems are.
Vulnerabilities are just a reality in government networks, Rob says. The key is to avoid being surprised by attacks and also to ensure that you can keep voting systems and other critical systems available even if they are the target of an attack.
Episode 175: Campaign Security lags. Also: securing Digital Identities in the age of the DeepFake
In this conversation, Rob and I talk about the bigger picture of cyber risk for federal state and local governments. We also talk about incidents like the recent hack of government ERP provider Tyler Technologies.
Rob Bathurst is the Chief Technology Officer at the firm Digitalware. he was here talking to us about cyber risks in local governments and the risk to elections systems.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more.
Shifting Compliance Left with Galen Emery of Chef
Galen Emery of Chef comes into the Security Ledger studios to talk about how security and compliance are "shifting left" with DEVSECOPS
Episode 190: 20 Years, 300 CVEs. Also: COVID’s Lasting Security Lessons
In this episode of the podcast (#190), sponsored by LastPass, Larry Cashdollar of Akamai joins us to talk about how finding his first CVE vulnerability, more than 20 years ago, nearly got him fired. Also: Katie Petrillo of LastPass joins us to talk about how some of the security adjustments we’ve made for COVID might not go away any time soon.
[Full Transcript] | [Larry Cashdollar Transcript] | [Katie Petrillo Transcript]
When the so-called Zerologon vulnerability in Microsoft Netlogon surfaced in late September word went out far and wide to patch the 10 out of 10 critical software hole. That job was made considerably easier by a number: 2020-1472, the unique Id assigned to the hole under the Common Vulnerabilities and Exposures – or CVE- system.
Larry Cashdollar is a Senior Security Response Engineer at Akamai
Created by MITRE more than 20 years ago, CVE acts as a kind of registry for software holes, providing a unique identifier, a criticality rating as well as other critical information about all manner of software vulnerabilities. Today, it is a pillar of the information security world. But it wasn’t always that way.
20 Years and 300 CVEs Later…
With another Cybersecurity Awareness month upon us, we decided to roll back the clock and talk about what life was like before the creation of the CVE system. To guide us, we reached out to Larry Cashdollar, a Senior Security Response Engineer at Akamai into the studio to talk. Larry is a veteran bug hunter with more than 300 CVEs to his name. In celebration of cybersecurity awareness month, Larry talked to me about the first CVE he received way back in 1998 for a hole in a Silicon Graphics Onyx/2 – and how discovering it almost got him fired. He also talks about what life was like before the creation of the CVE system and some of the adventures he’s had on the road to recording some of the 300 CVEs.
10 Ways to make Your Remote Work Easy and Secure
The New New Normal
Six months into a pandemic that most of us thought might last six weeks, its time to stop asking when things will return to normal and time to start asking what the new normal will look like when the COVID virus is finally beaten.
The Essential Role of IAM in Remote Work
Katie Petrillo is the manager of LastPass Product Marketing at LogMeIn.
Among the changes to consider are the shifts in the workplace that were expected to be temporary, but are starting to look awfully permanent. Chief among them, the shift to “work from home” and remote work that that has millions of Americans connecting to the office from their dining room tables or home offices.
The pandemic has sent a surge of business to companies like LogMeIn, which makes remote access and security tools for remote workers.
Podcast Episode 189: AppSec for Pandemic Times, A Conversation with GitLab Security VP Jonathan Hunt
The pandemic isn’t the only thing shaking up development organizations. Application security is a top concern and security work is “shifting left” and becoming more intertwined with development. In this podcast, Security Ledger Editor in Chief Paul Roberts talks about it with Jonathan Hunt, Vice President of Security at the firm GitLab.
Even before the COVID pandemic set upon us, the information security industry was being transformed. Security was long a matter of hardening organizations to threats and attacks. The goal was “layered defenses” starting with firewalls and gateway security servers and access control lists to provide hardened network perimeter and intrusion detection and endpoint protection software to protect IT assets within the perimeter.
Spotlight: Synopsys on democratizing Secure Software Development
Security Shifting Left
Jonathan Hunt is the Vice President of Security at GitLab
These days, however, security is “shifting left” – becoming part and parcel of the development process. “DEVSECOPS” marries security processes like code analysis and vulnerability scanning to agile application development in a way that results in more secure products.
That shift is giving rise to a whole new type of security firm, including the likes of GitLab, a web-based DevOps lifecycle tool and Git-repository manager that is steadily building its roster of security capabilities. What does it mean to be a security provider in the age of DEVSECOPS and left-shifted security?
Application Development and COVID
To answer these questions, we invited Jonathan Hunt, the Vice President of Security at GitLab into the Security Ledger studio to talk about it. In this conversation, Jonathan and I talk about what it means to shift security left and marry security processes like vulnerability scanning and fuzzing with development in a seamless way.
Spotlight Podcast: Intel’s Matt Areno – Supply Chain is the New Security Battlefield
We also discuss how the COVID pandemic has shaken up development organizations – including GitLab itself – and how the changes wrought by COVID may remain long after the virus itself has been beaten back.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email.
Customer ReviewsSee All
Excellent and informative
My go-to source for security trends and news, with a well-rounded selection of guests. Paul has an affable yet hard-hitting interview style and always gets the best out of his subjects.
great cyber security podcast!
One of the best and most thoughtful podcasts on the cyber security space. Interviews with hackers, executives, activists and leading policy makers and academics. A 'must-listen' if information security is your thing!