3 Security Buddies

Auteur(s): Paul Kehrer Robert Clark Matias Brutti
  • Résumé

  • Weekly podcast where three security buddies discuss security topics.

    All rights reserved.
    Voir plus Voir moins
activate_Holiday_promo_in_buybox_DT_T2
Épisodes
  • 3SB-8: Password Complexity
    Jun 24 2021

    Follow up:

    • No follow ups


    Topics:

    • NIST changing password requirements
    • Roundtable how we got into security + suggestions


    Paul Rant:

    • Paul is on vacation. No Rants.  


    Links:

    • https://pages.nist.gov/800-63-3/sp800-63b.html 
    • https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords 


    Hosts:

    Paul Kehrer @reaperhulk

    Robert Clark @hyakuhei

    Matías Brutti @MrBrutti


    Special Guest:

    Travis McPeak @travismcpeak 


    Post-Production:

    Matias Brutti @MrBrutti


    Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. 


    Voir plus Voir moins
    1 h
  • 3SB-7: 🍎 Security Worms
    Jun 16 2021

    Follow up:

    • US is elevating ransomware the same level of terrorism.


    Topics:

    • Apple Security WWDC
    • Move beyond passwords ( iCloud Keychain WebAuthN keys ) 
    • Discover account-driven User Enrollment
    • Secure login with iCloud Keychain verification codes ( domain-binding apple-totp )
    • Polkit PrivEsc
    • Growing abuse of Kubernetes (it’s not containers) 


    Paul Rant:

    • Apple Bug Report blackhole  


    Links:

    • https://www.reuters.com/technology/exclusive-us-give-ransomware-hacks-similar-priority-terrorism-official-says-2021-06-03/ 
    • https://threatpost.com/microsoft-cryptomining-kubeflow/166777/
    • https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/ 


    Hosts:

    Paul Kehrer @reaperhulk

    Robert Clark @hyakuhei

    Matías Brutti @MrBrutti


    Post-Production:

    Matias Brutti @MrBrutti


    Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. 

    Voir plus Voir moins
    1 h et 28 min
  • 3SB-6: Dependency Hell
    Jun 9 2021

    Follow up:

     - Nothing this week


    Topics:

    • Automated Fuzzing Testing in Go
    • Stack Overflow Supply Chain Attacks
    • Deps.dev
    • Update on Github’s policies regarding exploits, malware, and vulnerability research

    Paul Rant:

    • Pinning dependencies on Libraries 


    Links:

    • https://blog.golang.com/fuzz-beta
    • https://www.wsj.com/articles/software-developer-community-stack-overflow-sold-to-tech-giant-prosus-for-1-8-billion-11622648400
    • https://deps.dev
    • https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/


    Hosts:

    Paul Kehrer @reaperhulk

    Robert Clark @hyakuhei

    Matías Brutti @MrBrutti


    Post-Production:

    Matias Brutti @MrBrutti


    Disclaimer: The opinions and security statements on this podcast are our own and do not represent that of our respective past, current or future employers. 


    Voir plus Voir moins
    55 min

Ce que les auditeurs disent de 3 Security Buddies

Moyenne des évaluations de clients

Évaluations – Cliquez sur les onglets pour changer la source des évaluations.