Three Buddy Problem

The 'Three Buddy Problem' Podcast Episode 3: Former NSA computer scientist Dave Aitel (Immunity Inc., Cordyceps Systems) joins Juan Andres Guerrero-Saade for a frank discussion on the OpenSSH unauthenticated remote code execution vulnerability and the challenges around patching and exploitation, the CISA 'secure-by-design' pledge and its impact on software vendor practices, Microsoft lobbying and the CSRB report, and changing face of government's attempts at cybersecurity regulations.

We discuss the disruption caused by political changes and the potential implications for cybersecurity policies, impact from the Supreme Court Chevron ruling, security regulations and the challenges of writing laws for future technology, the role of CISA and its accomplishments, the debate around offensive cyber operations and the responsibility of companies like Google in addressing vulnerabilities.

The need for clear separation between counterterrorism and espionage operations is highlighted, as well as the importance of understanding both defensive and offensive perspectives.

• Costin Raiu is on vacation.

Links:

• Transcript (unedited, AI-generated)
• Qualys: Remote Unauthenticated Code Execution in OpenSSH
• CSRB report on Microsoft hack
• CISA secure-by-design pledge
• CCC Talk: Operation Triangulation
• Lawfare: Responsible Cyber Offense
• Google: Stop Burning Counterterrorism Operations
• Follow Dave Aitel on Twitter
• J. A. Guerrero-Saade on Twitter
• Costin Raiu on Twitter
• Follow Ryan Naraine (@ryanaraine) on Twitter
• LABScon - Security Research in Real Time

Award-winning security journalist and author Kim Zetter talks about her work tracking cyber-espionage campaigns, why she uses an old school cassette player to record sensitive interviews and the dramatic changes sweeping the security industry.

Links:

• Kim Zetter on Twitter
• Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon: Kim Zetter: 9780770436193: Amazon.com: Books
• Was Georgia’s Election System Hacked in 2016?
• Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States

Founder and CEO of Wire Security, Wim Remes, joins the podcast to discuss the intricacies of penetration testing, red-teaming, bug bounty programs, and calls for defenders to embrace continuous pen-testing.

Links:

• Wim Remes on GitHub
• Wim Remes on Twitter

AT&T Cybersecurity's Jaime Blasco talks about falling in love with security as a high-school student in Spain, finding a career path in pen-testing and offense, shifting to building defensive technologies and his current passion for exploring the value of machine learning.

Links:

• AT&T AlienLabs
• Follow Jaime on Twitter
• Open Threat Exchange (OTX)

Cybersecurity journalist and author Andy Greenberg joins the podcast to talk about his career as a journalist, the ins-and-outs of negotiating a big story with sources, the intricacies of writing a good book, and some of his biggest stories to date.

Links:

• Follow Andy Greenberg on Twitter
• Andy Greenberg's Wired bio
• Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers