DtSR Episode 207 - NewsCast for August 16th 2016
08/18/16 • 47 min
Send the hosts a message - try it now!
Quick note from Michael about the Straight Talk Framework & Program -- >
- Get your free copy at https://securitycatalyst.com/straight-talk-framework/
- Launched a new program last week... boy, did I learn a lot.
- Mostly, it’s my failure to explain. I’m going to chronicle some of the lessons over the next few days and share them
- If you’ve already downloaded the questions - I’d love to chat with you about your experience...
- If you find yourself in a situation like this, let’s chat. 25 minutes on the phone and we’ll both benefit
- Until Monday, August 22nd, chance to get on board early and benefit yourself; i’ve got a lot to share this week and into the future. We’re at the start of something big!
Microsoft Accidentally Leaks 'Golden Keys' That Unlock Secure Boot-Protected Windows Devices: Oops?
- http://www.techtimes.com/articles/173282/20160811/microsoft-accidentally-leaks-golden-keys-that-unlock-secure-boot-protected-windows-devices-oops.htm
- Bottom line: backdoors are always discovered, compromised
- Another take away: key management... sounds easy, is rarely so.
- If you have the need to manage keys in your enterprise, don't try to do this yourself
The Future Of ATM Hacking
- http://www.darkreading.com/endpoint/the-future-of-atm-hacking/d/d-id/1326549
- We didn’t have a problem, but we went ahead with the solution. Looking back on it, imagine some straight talk on this fiasco?
- Yes, I realize some of you like the elegance of chip + pin; do you like the UX? Because it sucks. And if you lament the mag stripe, does that mean you stopped using a terrestrial radio, too?
- Our need as leaders - in the enterprise and across the industry - is to focus limited energy and assets on the areas that create the most value
Apple will reward hackers with "bug bounty" to find flaws
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
Send the hosts a message - try it now!
Quick note from Michael about the Straight Talk Framework & Program -- >
- Get your free copy at https://securitycatalyst.com/straight-talk-framework/
- Launched a new program last week... boy, did I learn a lot.
- Mostly, it’s my failure to explain. I’m going to chronicle some of the lessons over the next few days and share them
- If you’ve already downloaded the questions - I’d love to chat with you about your experience...
- If you find yourself in a situation like this, let’s chat. 25 minutes on the phone and we’ll both benefit
- Until Monday, August 22nd, chance to get on board early and benefit yourself; i’ve got a lot to share this week and into the future. We’re at the start of something big!
Microsoft Accidentally Leaks 'Golden Keys' That Unlock Secure Boot-Protected Windows Devices: Oops?
- http://www.techtimes.com/articles/173282/20160811/microsoft-accidentally-leaks-golden-keys-that-unlock-secure-boot-protected-windows-devices-oops.htm
- Bottom line: backdoors are always discovered, compromised
- Another take away: key management... sounds easy, is rarely so.
- If you have the need to manage keys in your enterprise, don't try to do this yourself
The Future Of ATM Hacking
- http://www.darkreading.com/endpoint/the-future-of-atm-hacking/d/d-id/1326549
- We didn’t have a problem, but we went ahead with the solution. Looking back on it, imagine some straight talk on this fiasco?
- Yes, I realize some of you like the elegance of chip + pin; do you like the UX? Because it sucks. And if you lament the mag stripe, does that mean you stopped using a terrestrial radio, too?
- Our need as leaders - in the enterprise and across the industry - is to focus limited energy and assets on the areas that create the most value
Apple will reward hackers with "bug bounty" to find flaws
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
Previous Episode
DtSR Episode 206 - Vulnerabilities, Disclosure, Ethics, Research and Security
Send the hosts a message - try it now!
In this episode we chat with Steve Christey Coley currently the Principal Information Security Engineer over at MITRE Corp. In this episode we talk through our industry's obsession with vulnerabilities, dive headlong into the thorny issue of security research, talk through the various issues with disclosure and even delve into some ethics issues.
This episode is content-packed with some content that you will likely want to talk to us about. So here's how to find us:
Steve on Twitter: @SushiDude
Hashtag for the show: #DtSR
Steve's Bio (from LinkedIn - https://www.linkedin.com/in/steve-christey-coley-66aa1826):
Editor / Technical Lead for the Common Vulnerabilities and Exposures (CVE) project; Technical Lead for the Common Weakness Enumeration (CWE); co-author of the "Responsible Vulnerability Disclosure Process" IETF draft with Chris Wysopal in 2002; participant in Common Vulnerability Scoring System (CVSS) and NIST's Static Analysis Tool Exposition (SATE). My primary interests include secure software development and testing, understanding the strengths and limitations of automated code analysis tools, the theoretical underpinnings of vulnerabilities, making software security accessible to the general public, vulnerability information management including post-disclosure analysis, and vulnerability research.
Specialties: Vulnerability research, vulnerability management, software security.
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
Next Episode
DtSR Episode 208 - Beyond the Ransomware Economy
Send the hosts a message - try it now!
This week Michael and I chat with Jamison Utter of Infoblox on one of the more interesting topics at hand - the economy of ransomware. We talk through the sudden popularity of the attack vector, the way the underground "criminal enterprise" has scaled and grown and the future of being a bad guy.
If you have occasion to talk to your organization's leadership on the ransomware epidemic, you need to listen to this podcast first.
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
If you like this episode you’ll love
Episode Comments
Featured in these lists
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/down-the-security-rabbithole-podcast-dtsr-262141/dtsr-episode-207-newscast-for-august-16th-2016-6923737"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to dtsr episode 207 - newscast for august 16th 2016 on goodpods" style="width: 225px" /> </a>
Copy